Our Customer Privacy Policy explains exactly what we collect and how we use it, including your rights under the new Data Protection law changes that come into effect on 25 May 2018

Who we are

Our website address is: https://www.mastaplasta.eu, this address is owned and operated by Vitresa Limited. We are committed to protecting the privacy of our customers, site visitors and partners. We use the information that we collect to fulfil your product and service orders and to create a more personalised experience. We do not pass on any details to third parties without your consent.

What personal data we collect and why we collect it

We collect information from you when you register on our site, place an order, comment on a blog or subscribe to our newsletter. When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number or credit card information. You may, however, visit our site anonymously.

We have no legal obligation to collect personal data about you but we need to collect some personal data about you in order to provide our products and services to you and to collect payment for these and to deal with any questions or complaints you have about them.

You have no legal obligation to provide your personal data to us, but we may not be able to provide our products and services to you or deal with your questions or complaints if you do not provide us with the information needed for this.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact forms

Any of the information we collect from you may be used in one of the following ways:

  • To provide our products and services to you
  • To manage our relationship with you, including to respond to any questions you ask and deal with any complaints you make and, on occasion, to ascertain whether you wish to be a brand ambassador for us
  • To develop our business and develop new and/or better ways of meeting our customers’ needs, including by carrying out market research and consulting with you
  • To develop our strategy, operational processes and marketing activities
  • To comply with the laws and regulations that apply to us
  • To seek to enforce and defend our legal rights
  • To seek to detect, investigate, prevent and report crime and anti-social behaviour

Our reasons for the above:

  • Fulfilling our legal duty
  • Fulfilling our contracts with you
  • Our legitimate interest

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Analytics

We use Google Analytics to collect data about our visitors. For more information about that, see How Google uses data when you use our partners’ sites or apps.

Our hosting provider 34sp.com collects typical web server use logs, which include IP addresses of each visitor to the site.

Who we share your data with

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.

We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

How long we retain your data

Where we process your personal data to fulfil a contract with you, we will process such personal data until we fulfil that contract and for so long thereafter as may be necessary to keep a record of that contract, which will typically be for six (6) years, and to deal with any complaints or claims relating to that contract, which will be until the final resolution of such complaints or claims (having regard to the nature of any potential claims and the limitation of liability periods that apply to them).

Where we process your personal data based on our legitimate interest, we will process such personal data for so long as necessary to achieve that legitimate interest, which will typically be for six (6) years after we collect your personal data or the last time we use your personal data (or longer in relation to any legal claims that might arise having regard to the nature of any potential claims and the limitation of liability periods that apply to them).

Where we process your personal data on the basis of your consent, for example to send you marketing information, we will process such personal data until you withdraw that consent. Please bear in mind that it may take a short time to process any withdrawal of your consent. We aim to do this within 48 hours of receipt of your request, although you may still receive emails that are already in process around the time of your withdrawal.

We may also retain your personal data for longer if we cannot delete it for legal, regulatory or technical reasons.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You have a number of rights in relation to your personal data. These include the right, subject to exceptions, to:

  • access your personal data;
  • request the rectification or erasure of your personal data;
  • object to our processing of your personal data.

Please contact info@mastaplasta.eu if you wish to exercise any of these rights. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Additional information

How we protect your data

We are committed to keeping your personal data safe and secure.  We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it:

  • We secure access to all transactional areas of our websites and apps using ‘https’ technology.
  • Access to your personal data is password-protected, and sensitive data such as payment card information) is secured and tokenised to ensure it is protected.
  • We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

What data breach procedures we have in place

The new GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. We will report this within 72 hours of becoming aware of the breach, where feasible.

  • If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will contact those individuals without undue delay.
  • We have ensured a robust breach detection, investigation and internal reporting procedures.
  • We will keep a record of any personal data breaches, regardless of whether we are required to notify customers or not.

What third parties we receive data from

If our website receives data about users from third parties, including advertisers and analytics vendors, we will be sure that these vendors are privacy policy regulation compliant.

What automated decision making and/or profiling we do with user data

The only automated decision making and profiling that is done with user data is for advertising purposes and done by third parties such as Google, Amazon and Facebook, all claiming to be GDPR compliant.

Changes to this Privacy Policy

If Vitresa Ltd makes changes to any terms or conditions in the Privacy Policy, the changes will be posted in this document so that you will always know what information we gather, how we might use that information and to whom we will disclose it. We may change, modify, add or remove portions of this Policy at any time, and any changes will become effective immediately.

Contacting us

If there are any questions regarding this privacy policy you may contact us using the information below.

Vitresa Limited
Broad Quay House
Prince Street
Bristol
BS1 4DJ
Tel: + 44 (0) 1172 301 173