Privacy Policy

PRIVACY POLICY

 

This privacy policy is for this website http://babbilon.com/  and governs the privacy of its users who choose to use it. 

 

For the purposes of using this website, your controller of personal data shall be babbilon.com. MT1941-6431 Our registered office is at 108, Victory Street, Qormi

 

This policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.



INTRODUCTION

 

This is a notice to inform you of our policy about all the information that we record about you. 

It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal data”) and information that could not. In the context of the law and this notice, “process” or “processing” means the collection, storage, transfer, use or otherwise of your personal data.

 

We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.

Our policy complies with the Data Protection Act Chapter 586 of the Laws of Malta) and the EU General Data Protection Regulation (GDPR). The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data.

 

The law requires us to determine under which of six defined bases we process different categories of your personal information. If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data. If the basis changes, then, if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.


Where we collect personal data from


We may collect your personal data from these sources:

 

  • When you enquire about our services or purchase our products.

  • When you speak to us on the telephone, through our website or through our social media on Facebook www.facebook.com/BABBILONHomeandDecor and any other correspondence. 

As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.



Information from third parties

 

We may receive personal data about you from various third parties and public sources as set out below:

 

  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services.

  • Identity and Contact Data from brokers or intermediaries.

  • Identity and Contact Data from publicly available sources.

 

How your personal data is processed

 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract, we are about to enter into or have entered into with you and/or any other transaction entered into upon your request.

 

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

  • Where we need to comply with a legal or regulatory obligation.

 

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time.

 

Purposes for which your personal data will be used

 

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

 

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

 

Purpose/ Activity

Type of Data

Lawful basis for processing of personal data

To register you as a new customer, when providing you with a quotation for our services, when you request our services 

  • identity data

  • contact data

  • performance of a contract with you

To process and deliver your order when you request our services and/or purchase our products and to carry out your instructions including:

  • manage payments, fees and charges

  • Collect and recover money owed to us

  • Collect and deliver for removals, storage etc

  • identity data

  • contact data

  • financial data

  • performance of a contract with you

  • for our legitimate interests (to recover a debt owed to us)

To manage our relationship with you which will include:

  • Notifying you about changes to our terms or privacy policy

  • after-sales support

  • resolving complaints

  • Recovering money which you owe

  • identity data

  • contact data

  • performance of a contract with you

  • necessary to comply with a legal obligation

  • necessary for our legitimate interests

To process the order and the products which were ordered and paid by yourself 

  • Vendors will receive your order and prepare it for collection 

  • Transport and logistics company will point out which order needs to be collected and for the consolidation of the order

  • The vendor will issue the official receipt directly to you on the data provided upon placing the order  

  • identity data

  • contact data

  • performance of a contract with you

  • necessary to comply with a legal obligation

Disclosure of your personal data

 

We may have to share your personal data for the purposes set out in the table above with external third parties such as:

  • Subcontractors or third parties who we might engage to carry out some or all of the services we provide to you.

 

  • Vendors or resellers of products on the platform

  • Service providers who provide IT and system administration services.

  • Professional advisers including lawyers, auditors and accountants who provide consultancy, legal and accounting services.

  • National authorities who require reporting of processing activities in certain circumstances.

 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

International transfers of data

Some of our external sub-contractors may be based outside the European Economic Area (EEA) so their processing of your personal data may involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

 

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

 

Where we use service providers to provide you with our services, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

 

Security of Data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

 

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for ten years after they cease being customers for tax purposes.

 

Some data we are required to maintain for a minimum period of time, examples include:


  • CCTV video recordings of our premises for up to 7 days, or longer where it is necessary for the establishment, exercise or defence of legal claims.

  • Details of orders and invoices to customers (comprising names, addresses, telephone numbers, email addresses, payment details) for a minimum of 5 years where it is necessary for the establishment, exercise or defence of legal claims.

 

Cookies

Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information to be gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved. Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely. Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use. 

 

Our website uses cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use.


When you first visit our website, we ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose.


We use cookies to track how you use our website, to keep you signed in our website and to save your preferences when using our website.

 

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data as follows:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. 

  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. 

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

  • You have the right to lodge a complaint to the Information and Data Protection Commissioner’s office if you believe that we have not complied with the requirements of the Data Protection Act and the GDPR.

 

Should you wish to enforce any of your rights listed above, please email hello@babbilon.com

Main Menu