We respect your privacy and your data
We do not knowingly collect, maintain, disclose, or sell the personal information about users under the age of sixteen (16). If you are under the age of 16, please do not use our Services.
If you are under the age of 16 and have used our Services, please contact us at the email address firstname.lastname@example.org below so that we may delete your personal information.
If you use our Services only for your personal use, you are to be considered as the “User” and for the purpose of the General Data Protection Regulation (“GDPR”) and the UK General Data Protection Regulation (as defined by the UK Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019), we are the data controller.
If you use our Services to execute orders and deliver products to third parties, you are to be considered as the “Merchant” and with regard to your contact details and the other data listed in Section 1 below, we are the data controller. Where we act on a Merchant’s behalf to fulfill an order with regard to the Merchant’s customer, we are a data processor.
1. Information collected about Users and Merchants and how we use it
Where you are a User and it is necessary to fulfill our contract with you for the purposes of providing, maintaining, or improving our products and Services (including, to the extent permitted by applicable law, any matters in our legitimate interests with respect to the Services), we will confirm your identity, contact you, provide customer support (including via chat, in the comment section of our blog, or other platforms, where you may reach us), operate your account with us and invoice you. For the aforementioned purposes, we collect information that may contain the following personal data:
Email address and phone number;
Payment and billing information (payment method details, first and last digits of your payment card);
Order handling information
If you have given your consent when registering your account, when subscribing to our newsletter or blog, or shared your email address or other personal data with us to receive any other information (for example, our list of sub-processors), we will process your email address to send you the informative and/or promotional materials, to which you have subscribed to, for example, newsletters, advertisements of our Services and other information about our Services that you have requested. At any point in time you can unsubscribe from receiving the above-mentioned information in our email footers and through your notification settings on Heavenly Deposit. For Merchants, we will not use the contact details of your customers to directly market or advertise our Services to them.
We obtain location information you provide in your profile or your IP address. We use and store information about your location to provide features and to improve and customize the Services, for example, for Heavenly Deposit’s internal analytics and performance monitoring; localization, regional requirements, and policies for the Services; for local content, search results, and recommendations; for delivery and mapping services; and (using non-precise location information) marketing.
As it is in our legitimate interests to ensure our network security, give you access to and to improve our Services, we also collect the following technical usage data:
How and when you access your account;
Information about the device and browser you use;
IP address and device data.
1.1. Information collected about our Merchant’s Customers
Where we act on a Merchant’s behalf to fulfill an order with regard to the Merchant’s customer (i.e. an end user of our Services), we are a data processor and we collect information relating to the Merchant’s customer, such as personal data relating to the end user of our Services, any personal data in the printing content (where applicable), personal data revealed during the use of any Heavenly Deposit services, including name, email address, phone number, shipping address, and other information about the Merchant's customers.
2. Sharing personal data with third parties
In order for Heavenly Deposit to provide you with our Services, we work with third parties who perform services on our behalf and with whom we share personal data to support our Services (“Service Providers”).
Information you have provided to us during the use of our Services, including technical usage data, is shared for business purposes in our legitimate interests with third parties who provide hosting and server co-location services as well as data and cyber security services.
Information you have provided to us during the use of our Services may be shared with third-party manufacturing services whom we engage to provide our Services to you.
Your email address and other contact details you have provided to us and your messages to our customer service is shared for business purposes in our legitimate interests with communication, email distribution, and content delivery services as well as customer support system providers.
Information regarding your purchases and payments is shared with billing and payment processing services, fraud detection and prevention services, accounting and financial advisors, advisors, so that we can provide our Services to you.
Information regarding your use of our website and other information received from cookies and similar technology is shared with web analytics, session recording, and online marketing services.
If we provide marketing to you, information on your account, purchases and preferences can be shared with marketing services.
Insofar as reasonably necessary to defend our legal rights, we may share your personal data with our legal advisors.
We will only share personal data to Service Providers that have undertaken to comply with obligations set out in applicable data protection laws.
We may share your personal data with our affiliates (companies within our corporate family), in our legitimate interests for business purposes. In certain circumstances, we are required to share information with third parties to comply with legal requirements or requests, as well as to protect our, or a third party’s, lawful interests. We will also disclose your information to third parties in and outside your country only to the extent allowed by applicable law, including:
to a prospective purchaser or purchaser that acquires all or substantially all of us or our business;
to a third party in the event that we sell or buy any business or undergo a merger, in which case we may disclose your information to the prospective buyer of such business; and
to a third party if we sell, buy, merge or partner with other companies or businesses, undergo a reorganization, bankruptcy, or liquidation; or otherwise undertake a business transaction or sell some or all of our assets. In such transactions, your information may be among the transferred assets.
3. Retention periods
We may retain your personal data for as long as you have a Heavenly Deposit account or any of the above-mentioned legal bases for personal data processing still exists. For example, if you unsubscribe from our marketing, newsletter, or blog emails, we will stop the processing of the personal data for such purposes. If you have used our Services without creating a Heavenly Deposit account, we will keep your personal data as long as necessary to comply with our legal obligation to retain information relating to provision of services, for example, for tax purposes.
After terminating your relationship with us by deleting your Heavenly Deposit account or otherwise ceasing to use our Services, we may continue to store copies of your (and in regard to Merchants, your customers' personal data) as necessary to comply with our legal obligations, to resolve disputes between you and us (or you and your customers), to prevent fraud and abuse, to enforce our agreements, and/or to protect our legitimate interests (to the extent that we are permitted by the applicable law to continue to store copies to protect our legitimate interests).
4. Data subject's rights
If you are a User or Merchant located in the European Economic Area or the United Kingdom, in accordance with European Union and United Kingdom data protection regulations, you have certain rights with respect to your personal data. You have the right to request access to your personal data; in certain circumstances to correct, amend, delete, or restrict the use of your personal data by logging into your Heavenly Deposit account or by reaching us using the contact information provided below. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we are not required to process your data to meet a contractual or other legal requirement). These rights may be limited, for example, if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to retain, are permitted by law to retain, or have compelling legitimate interests in retaining (to the extent that applicable law permits us to retain such information based on our legitimate interests).
Furthermore, if you believe that we have unlawfully processed your personal data, you have the right to submit a complaint to the contact information provided below, or to your respective data protection supervisory authority. If you are a customer of a Merchant (an end user of our Services), please direct your concern to the relevant Merchant in the first instance.
5. Information security
We seek to use reasonable organizational, technical, and administrative measures to protect the confidentiality, integrity, and availability of personal data. We encourage you to take care of the personal data in your possession that you process online and set strong passwords for your Heavenly Deposit account, limit access to your computer and browser by signing out after you have finished your session, and avoid providing us with any sensitive information.
6. International transfers of data
Under the California Consumer Privacy Act (“CCPA”), California residents are afforded certain rights about the Personal Information (as such capitalized term is defined under the CCPA) we have collected about them, which we have described in more detail below.
Rights under the CCPA
If you are a California resident, the processing of certain personal information about you may be subject to the CCPA. Where the CCPA applies, this section provides additional privacy disclosures and informs you of key additional rights as a California resident. We will never discriminate against you for exercising your rights, including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the CCPA.
Right to Know Request
Under the CCPA, California residents have a right to request information about our collection, use, and disclosure of your personal information over the prior twelve (12) months, and ask that we provide you free of charge with the following information:
the categories of personal information about you that we collected;
the categories of sources from which the personal information was collected;
the purpose for collecting personal information about you;
the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
the specific pieces of personal information we collected about you.
Right to Delete Request
Under the CCPA, you also have a right to request that we delete personal information, subject to certain exceptions.
Right to Opt-Out of the Sale of Personal Information
You may request that we not sell your Personal Information. Please note, however, that CCPA defines “sale” very broadly, and includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California consumer’s Personal Information by the business to another business or third party for monetary or other valuable consideration.” We use services that help deliver interest-based ads to you and may transfer Personal Information to business partners for their use. Making Personal Information (such as online identifiers or browsing activity) available to these companies is considered a “sale” under the CCPA.
How to Exercise Your Rights
If you are a California resident to whom the CCPA applies, you may contact us to exercise your rights: Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly. We may need to collect information from you to verify your identity, such as your email address, government issued ID or date of birth. You may make a verifiable consumer request to access your personal information twice per twelve (12) month period. We aim to fulfill all verified requests within 45 days pursuant to the CCPA. If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay.
You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof that you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.
9. Contact information
The version of this Policy is effective October 8, 2021.