In a nutshell:
- Customers from around the world trust CuraLife with improving their well-being through the use of our supplements. It’s our privilege and duty to protect our customers’ data and yours.
- We collect and process personal information of our website visitors, business contacts, and customers.
- We use your personal data to provide you with information about our products, to process your transactions, to provide our products and services, to promote our business, and to keep in touch.
- We respect your rights regarding your personal information. If you have any questions regarding your personal data, or want to unsubscribe from any direct marketing, please contact us, we’re here to help: email@example.com
Introduction and Definitions
We are CuraLife Commerce SIA, a Latvian company no. 40203007893, based in Rīga – simply referenced here as “CuraLife”. You can find our contact details below.
CuraLife’s supplements help people worldwide who are suffering from diabetes, asthma, high blood pressure, cholesterol, and other conditions. We respect our Customers’ privacy, implementing the EU’s General Data Protection Regulation and other applicable regulations.
We also operate several Websites – such as curalife.co – and collect personal data of Website Visitors. Some Visitors and other people who communicate with us become our business Contacts or Customers.
2)How Do We Collect Personal Data?
If you’re a Contact or Customer of ours, there might be several ways in which we receive your personal data:
1) When you share it with us directly, through your communication with us on the Websites’ contact forms and reservation forms, by email, phone, facsimile, on social networks (e.g. Facebook), at events or trade fairs, or via any other communication channel
3) We might augment the personal data we have about you with the information that you provided us directly, information others have provided us about you, and data we’ve collected about you from your use of our Websites (see below).
If you’re a Visitor to our Websites, we might receive some personal data through your device, operating system, and browser, and various hosting, tracking, analytics and advertising technologies used on our Websites, such as cookies (see below), Analytics and Advertising technologies, and other technologies. Our Websites do not currently respond to “Do Not Track” signals sent by your browser or device.
3)What Personal Data Do We Process?
If you’re a Contact or Customer of ours, we may collect and process these types of personal data about you:
- Identification information, such as your full name
- Contact details, such as country/time zone, shipping addresses, billing address, postal codes, phone numbers, email address, language and communication preferences
- Login credentials to create an account, such as email address and a password
- Shopping data, such as products viewed, products added to shopping cart, product purchased, and order history
- Payment information, such as payment card details ((including card number, expiration date, and security code) or other billing information
- Social networking information you’ve shared with us
- Posts, chats, photos and videos shared with us on social networks, for example on our Facebook groups
- Testimonials, feedback, rating, and commentaries you’ve shared with us about your experience with CuraLife products, or any testimonials, feedback, rating, and commentaries you’ve communicated about us at a third-party website or application that shares such feedback with us
- Any personal data contained in any photos, media, and other files sent to us or shared with us
- Any other personal data you provide us on any communication channel, such as email correspondence, customer support, and phone conversations
We also collect and process these types of non-identifiable personal data about anyone using our Websites:
Usage, logs, analytics, and other device- and technical data collected when you use our Websites, including device information and identification numbers, operating system information, IP address, browser and session information, browsing history and referrals, cookie information, web beacons, Internet Service Provider (ISP), advertising identification numbers, language information, connectivity information, configuration information, metadata of files, and usage information (such as page views, clicks, and usage time).
4)What About Personal Data of Children?
CuraLife is providing products to adult consumers and does not intentionally markets its services to children under 16 years old. We do not knowingly collect or process information about children. To the extent we’d learn that any information was collected on children, we will delete it immediately. Please contact us (contact details below) if you have any concerns with respect to children’s personal data.
5)What About Cookies?
6)What Are The Purposes for Processing Personal Data? How Is Your Personal Data Used?
Our purposes in processing data is to improve our Customer’s well-being by providing our products and services, and to enable the operation of our business.
We may process your personal data for our own business purposes, including:
- Establishing and managing your account, identifying and authenticating you
- Delivering our products and services, including enabling you to discover and purchase products, fulfilling your order, shipping products to you, and clearing customs
- Providing information about our products, services and our business
- Providing customer support, billing, and invoicing
- Contacting you and communicating with you via any communication channel, including email, phone, SMS, social networks, third-party websites and applications, and other messaging platforms
- Posting and sharing your testimonials and reviews of our products and services
- Analyzing and optimizing Websites traffic and usage
- Improving our Website, products, and services, and developing new offerings
- Protecting our company, staff, Customers, business, and partners
- Protecting our systems and business against attacks, fraud and other criminal activity
- Complying with any applicable law and assisting law enforcement agencies under any applicable law
- Online advertising in all forms and channels, including targeting you and others who share similar characteristics as you (lookalikes) online on search engines, websites, apps, messaging platforms, social networking platforms, and offline
- Direct Marketing in all forms and channels, including email, SMS, messaging, postal service, and more; you can always opt-out from Direct Marketing by unsubscribing yourself through links on any communication or by contacting us and notifying us accordingly.
We may use anonymous, statistical or aggregated information we collect, in a form that does not enable the identification of a specific individual, by posting, disseminating, transmitting or otherwise communicating or making available such information to customers, vendors, partners and any other third party.
7)What Is The Legal Basis For The Processing of Data?
We process personal data based on any or some of the following legal bases:
- Processing is necessary for the performance of a contract with you (the data subject), or in order to take steps at your request prior to entering into a contract – for example, ordering CuraLife products;
- Processing is necessary for compliance with a legal obligation to which we are subject, for example the need to maintain billing and shipping records;
- Processing is necessary in order to protect your vital interests or the vital interests of another person, for example sending products to elderly Customers following orders by their care-givers, or protecting our staff, or for the establishment, exercise, or defense of legal claims;
- Processing is necessary for the purposes of the legitimate interests pursued by us, for example the conduct of our business, the delivery of our services, and the promotion of CuraLife;
- We received your consent to the processing of your personal data for specific purposes communicated in this policy. If our processing is based on your consent, you can always withdraw your consent by contacting us.
8)Who Is Your Information Shared With?
We may share your personal information with our staff, subsidiaries, affiliates, contractors, consultants, resellers, distributors, carriers, and other third-party business partners, to the extent needed for the provision of our services and our operations.
We process your personal data on our servers and computers, but also third-party services, such as cloud hosting services, support systems and services, payment gateways, billing systems, SMS gateways, Email and SMS notification and communication services, and backup systems.
We use additional processors around the world for various processing activities needed for the performance of our Websites, our services, our operations, and our business, and share information with such processors on a need basis. Such processors include hosting and backup providers (such as SiteGround), analytics providers (such as Google, Hotjar, Mouseflow, Facebook and PayPal), website technology (such as WordPress, WordPress plug-ins, WordFence, and Elementor), customer relations management (such as Insight.ly CRM), payment gateways and ecommerce services (such as PayPal, Decta, SafeCharge, and WooCommerce), customer support services (such as Zendesk), feedback and review services, advertising technology (such as Google and Facebook), mail and newsletter services (such as Mailchimp), security technology and services, and more. We limit the information we share with each processor based on the business need in using such processor, to protect your information while still effectively benefiting from the services of such processor.
We may also share non-personally identifiable information and aggregate information for any purpose. Such data is not personal data, and its sharing cannot be used to identify you.
We may need to share your information with law enforcement agencies, courts of law, and other governmental organizations, if ordered to do so by competent bodies and according to applicable law.
Mergers and Acquisitions
If we are involved with a merger, asset sale, financing, liquidation, bankruptcy, or the acquisition of all or part of our business to another company, we may share your information with that company and its advisors before and after the transaction date.
9)How Do We Safeguard Your Personal Data?
We take information security seriously. We implement state of the art security standards to prevent unauthorized access, maintain data accuracy, and ensure the correct use of information. We encrypt our Websites and major data communication transmissions to avoid interception (for example, through SSL encryption and PCI compliance) and securely backup the information on our platforms to avoid data loss. We also implement appropriate organizational measures to protect your information.
We apply our security standards also when working with business and technology partners. We only select and contract with processors and third parties who use appropriate security measures and provide sufficient guarantees, including technical and organizational measures, to ensure the appropriate protection of the data we entrust with them.
Unfortunately, although we make significant efforts to keep your data safe, we cannot fully ensure or warrant the security of your personal information.
10)Do We Transfer Personal Data Internationally?
We store data mostly over the cloud, mainly on SiteGround servers in the European Economic Area (EEA) and the USA. SiteGround complies with GDPR in their processing of data on our behalf.
At the same time, our business is international – Our staff may access the data on our platform from our offices in Latvia, Spain, Israel, USA, and India. Resellers, distributors, and carriers around the world would access your data from their respective country. We serve Customers worldwide and we utilize additional processors and service providers in various countries. Therefore, we transfer, store or otherwise process your personal information in other countries. We take appropriate safeguards in the selection of our processing vendors around the world to require that your personal information is well protected. Despite our efforts, it may be the case that a country where your personal information is processed has different, or less protective, data protection and privacy regulation than the country you live in.
11)For How Long Do We Keep Personal Data?
We keep personal information we collect for different periods, depending on the type of information, for example: the required period for keeping billing records according to Latvian law, the span of your subscription services with CuraLife, the frequency of your use of our services, and other factors.
Please be aware, that third parties with whom we’ve shared your information (other than our data processors), based on the legal bases detailed in this policy, may retain your information even after we deleted or anonymized any data related to you on our platforms. Such data retention by third parties is subject to their privacy policies, purposes, legal bases, agreements with you, and any applicable law. We take no responsibility over third parties’ use of personal data outside of CuraLife’s control.
12)What Are Your Rights With Respect to Your Personal Data?
According to the data protection and privacy regulations, or where you live, you may have certain rights with respect to your personal information.
Your rights may include, under certain terms and conditions set in the EU General Data Protection Regulation (GDPR) or other applicable law:
- Right of Access to your personal data processed by us;
- Right to Rectification of inaccurate or incomplete personal data;
- Right to Erasure of your personal data (“Right to be Forgotten”);
- Right to Restriction of Processing for a certain period or under certain conditions;
- Right to Data Portability of your personal data to another data controller in a structured format;
- Right to Object the processing of your personal data. Specifically, you have the right to object further processing of your personal data for direct marketing purposes;
- Right Not To Be Subject to a Decision Based Solely on Automated Decision-Making. We do not make any decisions with legal effect based solely on automated decision-making;
- Right to File a Complaint with the applicable data protection authority in your country.
After deletion or anonymization of your personal data following its retention period, the rights to access, erasure, rectification, and data portability cannot be enforced.
Your personal information is processed based on several legal bases, sometimes including your consent. You can withdraw your consent at any time by contacting us. Other legal bases, including statutory or contractual requirements that apply to you might remain intact even following the withdrawal of your consent.
14)Who Can You Contact Regarding Your Personal Data?
You can contact us with any question or concern you have at:
CuraLife Commerce SIA
Company registration number: 40203007893
Address: Silmaču iela 4, Rīga, LV-1012, Latvia