Posted inUS_1

Candy Cat Privacy Policy: Protecting Your Data and Privacy Online

No Comments

Candy Cat values your privacy and is dedicated to protecting your personal data. This Privacy Policy explains how we collect, process, and use your information when you interact with our websites, mobile apps, and other online services, collectively referred to as our “Online Offers.” We are committed to maintaining the highest standards of data protection and transparency, ensuring that your personal information is handled with care and in accordance with legal regulations.

Data protection and the security of your information are fundamental to our business operations at Candy Cat. We want you to feel confident in how we handle your data, whether you’re browsing our website, purchasing our delicious Candy Cat products, visiting our stores, or engaging with us in any other way.

This Privacy Policy is designed to provide you with a clear, simple, and complete understanding of how Candy Cat collects and processes your Data. This applies when you use our website, apps, digital platforms, purchase Candy Cat products online or in-store, participate in loyalty programs, apply for jobs, or interact with Candy Cat content. We adhere to data protection laws in all regions where we operate, including the General Data Protection Regulation (GDPR) (EU) 2016/679.

This policy will detail the types of data we collect, why we collect it, how we use it, and your rights regarding your personal information. We encourage you to read this policy carefully to understand our practices.

1. Contact Information for Data Controller

If you have any questions or concerns regarding our data processing practices, or if you wish to exercise your rights related to your personal data, please do not hesitate to contact our Data Protection Commissioner. We are here to assist you.

CANDY CAT Data Protection Commissioner (All Countries)

Email: [email protected]

For specific regional inquiries, you can also contact our local offices:

Estonia

Candy Cat Estonia OÜ
Registration number: 16365241
Address: Harju maakond, Tallinn, Keslinna Linnaosa, Masina tn 22, 10113, Estonia
Email: [email protected]

Poland

CANDY CAT POLSKA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
Registration number (NIP): 5272955939
Address: st. Jana Pawla II Avenue, No. 43A, lok. 37B, seats. WARSAW, code 01-001, Poland
Email: [email protected]

Romania

CANDY CAT RO S.R.L.
Registration number (CUI): 44406516
Address: Str.C.A.Rosetti, nr.25, camera 1, parter, ap.3, Bucuresti, sector 2, Romania
Email: [email protected]

Serbia

Candy Cat d.o.o. Beograd
Registration number: 21785512
Address: Belgrade, Vladimira Popovića 38-40, floor 1, 11070 Novi Belgrade, Serbia
Email: [email protected]

Slovakia

Candy Cat Slovakia s.r.o.
Registration number: 160614/B
Address: Zámocká 6619/3, 811 01 Bratislava – district Staré Mesto, the Slovak Republic
Email: [email protected]

2. Data Collection, Processing, and Usage

At Candy Cat, we collect and process data to enhance your experience, provide our services, and ensure the security of our operations. This section outlines the categories of data we process, the principles guiding our data handling, the objectives of data processing, and the legal bases for these activities.

2.1. Categories of Data Processed

We process various categories of data to effectively serve our customers and operate our business. These categories include:

  • Customer Identification Data:

    • Name and surname
    • Email address
    • Phone number

  • Address Information:

    • Delivery address
    • Billing address

  • Financial Data:

    • Bank account number (for transactions)
    • Transaction data related to payments

  • Security and Operational Data:

    • Video images from inside Candy Cat shops (for security and loss prevention)

  • Communication and Behavioral Data:

    • Communication records between Candy Cat and customers
    • Behavioral records on Candy Cat websites and social media pages (e.g., browsing activity, preferences)

2.2. Data Processing Principles

Personal data, as defined by GDPR, encompasses any information relating to an identified or identifiable individual. This includes details like names, addresses, contact numbers, email addresses, contractual data, and payment details.

Candy Cat adheres to the following principles in processing your personal data:

  • Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and transparently.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.
  • Data Minimization: We collect only data that is adequate, relevant, and limited to what is necessary.
  • Accuracy: We ensure data is accurate and kept up to date.
  • Storage Limitation: Data is stored only as long as necessary for the purposes for which it is processed.
  • Integrity and Confidentiality: We process data in a manner that ensures appropriate security.

We collect, process, and use personal data (including IP addresses) only when a legal basis exists or when you have provided consent, such as through website registration or agreeing to specific data processing activities.

2.3. Objectives of Data Processing and Legal Bases

Candy Cat processes personal data for the following objectives, each grounded in a specific legal basis:

  • Providing and Improving Online Offers:

    • Objective: To operate our websites and mobile applications effectively.
    • Legal Basis: Legitimate interest in direct marketing and improving user experience, in compliance with data protection and competition law.

  • Contractual Performance:

    • Objective: To fulfill contracts related to purchases and services offered through our Online Offers.
    • Legal Basis: Performance of a contract.

  • Security and Disruption Management:

    • Objective: To identify and resolve technical issues, ensure the security of our Online Offers, and prevent fraud.
    • Legal Basis: Fulfillment of legal obligations to ensure data security and legitimate interest in maintaining operational integrity and security.

  • Marketing and Market Research:

    • Objective: For self-promotion, promotion by partners, market research, and analysis to improve our products and services.
    • Legal Basis: Legitimate interest in direct marketing and business development, within legal boundaries.

  • Customer and Product Surveys:

    • Objective: To gather customer opinions and feedback on products to enhance our offerings.
    • Legal Basis: Legitimate interest in product/service improvement and, where applicable, your consent.
    • Note: Market research institutes, if used, operate under strict confidentiality agreements and in accordance with our directives.

  • Newsletter and Promotional Communications:

    • Objective: To send email or SMS/MMS newsletters and promotional materials.
    • Legal Basis: Your consent (which can be withdrawn at any time).

  • Legal Rights and Claims:

    • Objective: To secure and assert our legal rights, defend against claims, and manage legal disputes.
    • Legal Basis: Legitimate interest in protecting our legal rights.

2.4. Registration for Contractual Benefits

To access certain benefits or services that require a contract, you must register with Candy Cat. During registration, we collect personal data necessary for contract conclusion and execution. This may include:

  • First name, last name
  • Date of birth
  • Email address
  • Payment method preferences
  • Bank account details

Provision of additional data is voluntary. Mandatory fields are clearly marked during the registration process.

2.5. Log Files

Whenever you use the internet, your browser automatically transmits certain information, which we store in “log files.” These log files are temporarily saved to:

  • Identify and resolve disruptions
  • Investigate security incidents and potential attacks
  • For security reasons

Log files are typically deleted shortly after their purpose is served. Log files required as evidence in security incidents are retained until the incident is fully resolved and may be shared with investigative authorities as needed. Log files are also used for analytical purposes, potentially with or without full IP addresses (see Web Analytics section).

Information saved in log files includes:

  • IP address of your device
  • Website address from which you accessed our Online Offer (referrer URL)
  • Name of your internet service provider
  • Names of accessed files or information
  • Date and time of access
  • Data transfer volume
  • Operating system and browser information (including add-ons)
  • HTTP status codes (e.g., “Request succeeded,” “File not found”)

2.6. Data Transfer

Candy Cat may transfer your personal data under specific circumstances:

2.6.1. Transfer to Other Controllers

Data is primarily transferred to other controllers only when:

  • Necessary for contract performance
  • We or a third party has a legitimate interest in the transfer
  • You have given your consent

Data may also be transferred to other controllers when legally required. Transfers based on legitimate interest are explained in this Privacy Policy.

2.6.2. Service Providers (General)

We engage external service providers for various tasks, including:

  • Sales and marketing
  • Contract management
  • Payment processing
  • Scheduling
  • Data hosting
  • Courier services

These providers are carefully selected and regularly evaluated to ensure data protection and confidentiality. All service providers are contractually obligated to maintain confidentiality and comply with data protection laws.

2.6.3. Parcel Delivery Notifications

For parcel delivery notifications, we share your email address and phone number with courier companies to facilitate delivery and execution of the purchase contract. These companies act as data controllers for this specific purpose.

2.6.4. Payment Service Providers

We utilize external payment service providers to process payments. Depending on your chosen payment method, we transfer necessary payment data (e.g., bank account or credit card details) to the relevant financial institution or payment service provider. Some payment providers also collect and process data as independent controllers. In such cases, their privacy policies apply.

2.6.5. Transfers Outside the EEA

Personal data may be transferred to recipients outside the European Economic Area (EEA) in third countries. Before any such transfer, we ensure an adequate level of data protection. This is achieved through:

  • Adequacy decisions by the European Commission for specific countries
  • Agreements with recipients based on EU model clauses
  • Your explicit consent

You have the right to request and receive an overview of recipients in third countries and copies of the agreed provisions ensuring data protection. Please use the contact information provided in Section 1 for such requests.

2.6.6. Data Storage Duration

We store personal data for as long as necessary to provide our Online Offers and related services, or as long as we have a legitimate interest in retaining the data. For contract execution, legal obligations, and protection of legal rights, data may be stored for up to 10 years from the last contract execution, unless longer retention periods are legally mandated (e.g., for invoices and contracts under applicable legislation).

This data processing is based on Article 6(1)(b) of GDPR, which permits processing necessary for the performance of a contract or to take steps at your request before entering into a contract.

3. Use of Cookies

3.1. General Information about Cookies

Cookies are small text files stored on your computer when you visit online platforms like Candy Cat’s website. When you revisit our Online Offer, your browser sends the cookie content back to our server, allowing your device to be recognized. Cookies help us optimize our Online Offers, making them more user-friendly and efficient.

3.2. Cookie Deactivation and Deletion

Upon your first visit to our Candy Cat website, a pop-up window will appear asking for your consent to use cookies. You can manage your cookie preferences directly in this window or through your browser settings.

You have the option to block cookies entirely through your browser settings. If you choose to block cookies, a specific opt-out cookie will be set in your browser to remember your preference. Disabling cookies may limit certain functionalities of our website. Please note that opt-out cookies are browser-specific. If you delete cookies, use a different browser, or device, you will need to reset your cookie preferences.

Your browser settings do not affect cookies set by third-party websites you visit.

You can delete all cookies at any time through your browser’s support functions.

3.3. Cookie Categories Used by Candy Cat

Candy Cat utilizes different categories of cookies to enhance website functionality and user experience:

3.3.1. Strictly Necessary Cookies

These cookies are essential for the secure and functional delivery of our Online Offers. They include cookies that:

  • Authenticate or identify users
  • Temporarily store user inputs (e.g., form data)
  • Save user preferences (e.g., language settings, search queries)
  • Ensure smooth playback of video and audio content

3.3.2. Analytical Cookies

Analytical cookies help us understand user behavior on our website. They collect data on:

  • Pages visited
  • Ad banners clicked
  • Searches performed

This data is used statistically to improve our website and user experience.

3.3.3. Advertising Cookies

Advertising cookies are used for marketing purposes. They create user behavior profiles based on:

  • Ad banners accessed
  • Subpages visited
  • Searches performed

These profiles enable us to show you advertisements and offers tailored to your interests (“interest-based advertising”).

3.3.4. Conversion Cookies

Our conversion tracking partners may set a “conversion cookie” on your device when you reach our website through their advertisement. These cookies typically expire after 30 days. Conversion cookies help us and our partners track the effectiveness of ads by showing us that you clicked on an ad and were directed to our page. The information collected is used to generate conversion statistics and determine the total number of users who converted after seeing an ad.

3.3.5. Tracking Cookies Related to Social Plugins

Some Candy Cat Online Offer pages integrate content and services from social networks (e.g., Facebook, Twitter). These social networks may use cookies and active components. Candy Cat does not control the data processing practices of these third-party providers. Please refer to their respective privacy policies for more information.

4. Web Analytics

Candy Cat utilizes web analytics tools to gather statistical information about the usage of our Online Offers. This data helps us:

  • Improve user-friendliness
  • Conduct performance measurements
  • Perform market research

The usage profiles created by these tools are anonymized and do not contain personal data. Tools either do not use IP addresses or anonymize them immediately upon collection. Data is processed by service providers who adhere to our directives and do not use the data for their own purposes.

Below are details about the specific web analytics tools we use and how you can opt-out of data collection.

For tools using opt-out cookies, the opt-out is device and browser-specific. You must opt-out separately on each device and browser you use. Alternatively, you can generally prevent user profile creation by disabling cookies as described in Section 3.2 (“Cookie Deactivation and Deletion”).

4.1. Google Analytics

Candy Cat uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). We use Google Analytics with IP anonymization enabled. Within the EU, Google typically shortens IP addresses. Only in exceptional cases are full IP addresses transmitted to Google servers in the USA and shortened there. Google uses this information to provide us with reports on website activity and related internet usage services.

You can opt-out of Google Analytics data collection by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=en.

4.2. Remarketing Tools for Online Marketing

To enhance our online marketing efforts and provide you with more relevant and engaging Online Offers tailored to your needs, we use remarketing technologies. These tools utilize advertising cookies or third-party cookies, web beacons (pixels), or similar technologies to create user profiles. These profiles are not combined with personal identification data.

Remarketing tools enable us to show you interest-based advertisements and control the frequency of ad displays. The providers of these tools are responsible for data processing related to their tools and may transfer information to third parties as necessary.

IP addresses are either not processed or are immediately anonymized by these tools.

Information about each tool provider and opt-out options are provided below. Opt-out mechanisms using cookies are browser and device-specific, requiring separate opt-out on each device and browser.

4.3. Google AdSense

Candy Cat uses Google AdSense, an advertising service from Google Inc. More information about Google AdSense can be found here: https://support.google.com/adsense/answer/140382.

You can opt-out of data collection and processing by Google AdSense through Google’s Ad Settings: https://support.google.com/My-Ad-Center-Help/answer/12155656?visit_id=638096479508185806-633008096&rd=1.

4.4. DoubleClick

Candy Cat uses DoubleClick, another service provided by Google Inc. More details about DoubleClick are available here: https://support.google.com/adsense/answer/9234653?hl=en&visit_id=638096479509601298-216213378&rd=2.

You can opt-out of DoubleClick data collection and processing via Google’s Ad Settings: https://support.google.com/My-Ad-Center-Help/answer/12155656?visit_id=638096479509601298-216213378&rd=1.

5. Social Plugins

Candy Cat’s Online Offers integrate social plugins from various social networks. These plugins are described individually below.

When you use a social plugin, your browser establishes a direct connection to the social network’s servers. This allows the provider to receive information that your browser accessed our Online Offer page, even if you don’t have an account or are not logged into the social network. Log files (including IP addresses) are directly transmitted from your browser to the provider’s server, which may be located outside the EU or EEA (e.g., in the USA).

Plugins are provided by social network providers, and Candy Cat has no control over the data collected and stored by them.

For information on the purpose and scope of data collection, processing, and usage by social networks, as well as your rights and privacy settings, please consult the privacy policies of the respective social networks.

If you do not want social network providers to collect and use your data, do not use the social plugins.

5.1. Facebook Plugins

Facebook plugins are operated by Facebook Inc. (USA) and Facebook Ireland Limited (Ireland). An overview of Facebook plugins and their appearance can be found here: http://developers.facebook.com/plugins. Facebook’s data protection information is available here: http://www.facebook.com/policy.php.

5.2. Google+ Plugins

Google+ plugins are operated by Google Inc. An overview of Google plugins and their appearance can be found here: https://developers.google.com/+/plugins. Google+’s data protection information is available here: http://www.google.com/intl/de/+/policy/+1button.html.

6. Social Network Authentication (Login)

Candy Cat offers the option to log in to our Online Offers using social network authentication, such as Facebook Connect.

When you choose to register or log in via a social network, you are redirected to the respective network’s page, where you can log in with your credentials. This links your social network account to your Candy Cat account. By doing so, we may receive information from your public profile, email address, friend lists, and other data as permitted by the social network and your privacy settings.

Conversely, the social network receives your login status, browser information, and IP address. The social network provider’s server may be located outside the EU/EEA (e.g., USA).

If you prefer not to share data between Candy Cat and social networks, please use our direct login services instead of social network logins.

7. Newsletters and Right to Withdraw Consent

You can subscribe to Candy Cat newsletters to receive updates about our Online Offers. We use a double opt-in procedure for newsletter subscriptions. After you sign up, we will send you a confirmation email or message containing a link. You will only receive newsletters after you explicitly confirm your subscription by clicking this link.

If you decide to stop receiving newsletters, you can unsubscribe at any time by withdrawing your consent. You can opt-out of email newsletters by clicking the unsubscribe link provided in each newsletter email or through your account administration settings on our Online Offers, if applicable. Alternatively, you can contact us using the contact details provided in Section 1 (“Contact Information for Data Controller”).

8. External Links

Candy Cat’s Online Offers may contain links to third-party websites not affiliated with us. Once you click on an external link, we have no control over the data collection, processing, and usage practices of the linked website. This includes data such as IP addresses or the URL of the referring page. We are not responsible for the data processing practices of these third parties and recommend reviewing their privacy policies to understand how your personal information is collected and used.

9. Data Security

Candy Cat is committed to protecting your data. Our employees and service providers who process data on our behalf are obligated to maintain confidentiality and comply with applicable data protection laws.

We implement comprehensive technical and organizational security measures to ensure an adequate level of protection for your data against:

  • Destruction
  • Manipulation
  • Loss
  • Unauthorized access
  • Accidental or unlawful alteration
  • Unauthorized disclosure

Our security measures are continuously improved to align with technological advancements.

10. Your Rights as a User

To exercise your rights related to your personal data, please use the contact details provided in Section 1 (“Contact Information for Data Controller”). To ensure we can accurately identify you, please provide sufficient identifying information with your request.

Your rights include:

  • Right to Information and Access: You have the right to obtain confirmation from us whether we process your personal data, and to access this data.
  • Right to Rectification and Erasure: You have the right to correct inaccurate personal data and to have your data erased without undue delay, provided legal requirements are met. This right does not apply to data required for invoicing, accounting, or subject to legal retention periods. In such cases, data processing may be restricted (see “Restriction of Processing”).
  • Right to Restriction of Processing: You have the right to request restriction of processing of your data under certain circumstances, as defined by law.
  • Right to Object to Processing: You have the right to object to the processing of your data at any time. We will cease processing your data unless we can demonstrate compelling legitimate grounds for continued processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
  • Right to Object to Direct Marketing: You can object to the processing of your personal data for direct marketing purposes at any time. Please note that due to organizational processes, there might be a temporary overlap between your objection and ongoing marketing campaigns.
  • Right to Object to Processing Based on “Legitimate Interest”: You have the right to object to data processing based on our legitimate interest. We will stop processing your data unless we demonstrate compelling legitimate grounds for processing that override your rights, as required by law.
  • Right to Withdraw Consent: If you have provided consent for data processing, you have the right to withdraw this consent at any time, with future effect. The lawfulness of processing before withdrawal remains unaffected.

10.1. Right to Data Portability

You have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format, and to request the transfer of this data to a third party, where technically feasible.

10.2. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. You can contact the supervisory authority in your country of residence or the authority responsible for Candy Cat in your jurisdiction.

11. Changes to this Data Protection Notice

Candy Cat reserves the right to modify our security and data protection measures as necessary due to technological advancements or legal changes. In such cases, we will update this Data Protection Notice accordingly. Please review the latest version of this Privacy Policy periodically, as it is subject to change. We will inform you of any substantial changes to this Privacy Policy.

12. Date

This Privacy Policy was last updated in January 2023.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *