top of page

PRIVACY POLICY

Last updated: February 26, 2021

 

Mandia is committed to protecting the privacy of our customers. Please take the time to review this Privacy Policy which explains what information we collect about you, how we use it, and your rights. Mandia is (hereinafter referred to as “we” or “us”, “our”) the data controller of the personal data collected via or in connection with https://www.Mandia.ca/ (the “Site”). 

 

        What personal data do we collect about you? 

The usage of the Internet page of our Site does not demand personal data, however, we collect personal data from you when you provide it to us directly in order to use our services. This information may include-

  • Information you provide to us when you use our Site (e.g. your name, contact details, gender, product reviews); 

  • Transaction and billing information, if you make any purchases from us or using our Site (e.g. credit/debit card details and delivery information);

  •  Records of your interactions with us (e.g. if you contact our customer service team, interact with us on social media); 

  • Information you provide us when you enter a competition or participate in a survey; 

  • We may also collect information about the device you use to access our Site; and 

  • Other information necessary to provide the Site, for example we may access your location if you give us your consent.  What do we use this personal data for? 

 

Depending on how you use our Site, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include: 

 

  • To fulfil your order and maintain your online account. 

  • To manage and respond to any queries or complaints to our customer service team. 

  • To personalize the Site to you and show you content we think you will be most interested in, based on your account information, your purchase history and your browsing activity. 

  • To improve and maintain the Site and monitor its usage. 

  • For market research, e.g. we may contact you for feedback about our products. 

  • To send you marketing messages and show you targeted advertising, where we have your consent or are otherwise permitted to do so. 

  • For security purposes, to investigate fraud and where necessary to protect ourselves and third parties. 

  • To comply with our legal and regulatory obligations.
     

We rely on the following legal basis, under data protection law, to process your personal data: 

  • Because the processing is necessary to perform a contract with you or take steps prior to entering into a contract with you (e.g. where you have made a purchase with us, we use your personal data to process the payment and fulfil your order). 

  • Because we have obtained your consent (e.g. where you contact us with a query, where you add optional information to your account profile, or if you consent to receive marketing from us). 

  • Because it is in our legitimate interests as an e-commerce provider to maintain and promote our services. We are always seeking to understand more about our customers in order to offer the best products and customer experience. We use information about you to tailor your view of the Site, to make it more interesting and relevant in respect of the products and offers on view.

    Marketing 

We love to communicate with our customers and so, depending on your marketing preferences, we may use your personal data to send you marketing messages by email, phone or post. Some of these messages may be tailored to you, based on your previous browsing or purchase activity, and other information we hold about you. 

If you no longer want to receive marketing communications from us (or would like to opt back in!), you can change your preferences at any time by contacting us (details below), clicking on the ‘unsubscribe’ link in any email, or updating your settings in your account. If you unsubscribe from marketing, please note we may still contact you with service messages from time to time (e.g. order and delivery confirmations, and information about your legal rights). 

 

Who do we share this personal data with? 

We share customers’ personal data with third parties in the following circumstances: 

  • With other companies in our group of companies, as necessary to operate the Site. 

  • With our suppliers and service providers working for us, e.g. payment processors and delivery companies. 

  • With our professional and legal advisors. 

  • With third parties engaged in fraud prevention and detection. 

  • With law enforcement or other governmental authorities, e.g. to report a fraud or in response to a lawful request. 

If we sell any business assets, the personal data of our customers may be disclosed to a potential buyer. In this event, we will make reasonable attempts to ensure the buyer will be bound by the terms of this Privacy Policy. Otherwise where we have your consent or are otherwise legally permitted to do so. 

 

Storage and Retention 

The collected information will presently be stored in the United States only and the personal data will be processed here itself. However, if third party fulfilment centres overseas begin shipping orders, personal details of the users will have to be transferred there. If we transfer personal data outside the USA, we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate safeguards. Please contact us if you would like more information about these safeguards. 

We will keep your personal data for as long as we need it for the purposes set out above, and so this period will vary depending on your interactions with us. For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty purposes. We may also keep a record of correspondence with you (for example if you have made a complaint about a product) for as long as is necessary to protect us from a legal claim. Where we no longer have a need to keep your information, we will delete it. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future. 

 

Security 

This Site ensures that data is encrypted when leaving the Site. This process involves the converting of information or data into a code to prevent unauthorized access. This Site follows this process and employs secure methods to ensure the protection of all credit and debit card transactions. Encryption methods such as SSL are utilized to protect customer data when in transit to and from this Site over a secure communications channel. 

Whilst we do everything within our power to ensure that personal data is protected at all times from our Site, we cannot guarantee the security and integrity of the information that has been transmitted to our Site. 

 

Children 

Our Site is not intended for, and should not be used by, children under the age of 18. We do not knowingly collect personal data from children under 18. 

 

Cookies 

Our Sites uses cookies and similar technologies to provide certain functionality to the Site, to understand and measure its performance, and to deliver targeted advertising.

 

Your rights 

If you are in the United States, You have certain rights in respect of your personal data, including the right to access, portability, correct, and request the erasure of your personal data. 

You also have the right to object to your personal data being used for certain purposes, including to send you marketing. See ‘Marketing’ above, for more details of how to opt-out of marketing. 

We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are a number of limitations to these rights, and there may be circumstances where we are not able to comply with your request. To make any requests regarding your personal data, or if you have any questions or concerns regarding your personal data, you should contact us using the details below. You are also entitled to contact your local supervisory authority for data protection. 

 

Data protection provisions about the application and use of Google Analytics (with anonymization function)

On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

For the web analytics through Google Analytics the controller uses the application “_gat. _anonymizeIp”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymized when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, among other things, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.

Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript that any data and information about the visits of Website may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.

 

Data protection provisions about the application and use of MailChimp. 

On this website, the controller has integrated MailChimp. MailChimp is an online service provider which allows the advertising growth of business. The purpose of MailChimp’s integration is to promote the services of the website to existing users as well as to potential new users. MailChimp’s data privacy policy is further explained under the following link

Privacy Policy

Data Processing Addendum

 

Data protection provisions about the application and  use of Wix

This website has been developed using the cloud-based web development platform from Wix. Applications within the Wix platform may allow the collection, gathering, and analysis of data.

The operator of Wix is Wix.com Ltd, 40 Namal Tel Aviv St., Tel Aviv, Israel, Wix.com Inc. , 500 Terry A. Francois Boulevard, 6th Floor, San Francisco, CA, 94158, Wix.com Luxembourg S.a.r.l, 5, rue Guillaume Kroll, L-1882 Luxembourg.

Further information and the applicable data protection provisions of Wix may be retrieved under https://www.wix.com/about/privacy.

 

Data protection provisions about the application and use of Facebook

On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.

A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Stripe, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/.  During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.

The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook, e.g. the Facebook blocker of the provider Webgraph, which may be obtained under http://webgraph.com/resources/facebookblocker/. These applications may be used by the data subject to eliminate a data transmission to Facebook.

Data protection provisions about the application and use of Instagram

On this website, the controller has integrated components of the service Instagram. Instagram is a service that may be qualified as an audio-visual platform, which allows users to share photos and videos, as well as disseminate such data in other social networks.

The operating company of the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram. During the course of this technical procedure, Instagram becomes aware of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on Instagram, Instagram detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Instagram component and is associated with the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, then Instagram matches this information with the personal Instagram user account of the data subject and stores the personal data.

Instagram receives information via the Instagram component that the data subject has visited our website provided that the data subject is logged in at Instagram at the time of the call to our website. This occurs regardless of whether the person clicks on the Instagram button or not. If such a transmission of information to Instagram is not desirable for the data subject, then he or she can prevent this by logging off from their Instagram account before a call-up to our website is made.

Further information and the applicable data protection provisions of Instagram may be retrieved under https://help.instagram.com/155833707900388

and https://www.instagram.com/about/legal/privacy/.

Data Protection provisions about the application and use of YouTube

On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/.

During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.

YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/,

provide information about the collection, processing and use of personal data by YouTube and Google.

Payment method: Data protection provisions about the use of Stripe, PayPal, AliPay as payment processors. 

On this website, the controller has integrated components of Stripe, AliPay and PayPal, which are online payment and service providers. Payments are processed via so-called Stripe, AliPay and PayPal accounts, which represent virtual private or business accounts. Stripe, AliPay and PayPal are also able to process virtual payments through credit cards when a user does not have a Stripe, AliPay or PayPal account.  A Stripe, AliPay and PayPal account is managed via an e-mail address, which is why there are no classic account numbers. Stripe, AliPay and PayPal make it possible to trigger online payments to third parties or to receive payments. Stripe, AliPay and PayPal also accept trustee functions and offers buyer protection services. The personal data transmitted to Stripe, AliPay and PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order. 

Stripe, AliPay and PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or for data to be processed in the order. 

 

Period for which the personal data will be stored 

The personal data of the users will be stored in the system for as long as we need it. Such personal data shall only be used for the aforementioned reasons and shall be deleted upon request by the users. 

 

Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data 

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact our Data Protection Officer. Our Data Protection Officer clarifies to the data subject whether the provision of the personal data is required by law, contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data. 

 

Contact Us 

If you have any queries on any aspect of our Privacy Policy, please contact our Data Protection Officer on the details below:  

DPO: Nadia Masoudi, 

Email: contact@mandia.ca

bottom of page