Nuubu Lavender PRIVACY POLICY

Version applicable as of 10 June 2021

  1. Why should I read this Privacy Policy?

This Privacy Policy (‘policy’) describes how WELLNOVA SOLUTIONS INC (trading as Nuubu Lavender, hereinafter referred to as the “Company”, “we”, “us”, “our”) collects, uses, discloses, and stores your personal information and what statutory rights do you have.

  1. Who is responsible for protecting my information?

We are: WELLNOVA SOLUTIONS INC, trading as Nuubu Lavender;

Our company number is: 001530076

Our address: 1574 WOODBERRY COURT BRENTWOOD, TN 37027 WILLIAMSON COUNTY

Our e-mail address: support@nuubu.com

  1. Why and how do you collect my information?
  1. 1. To process your orders on our web shop, receive payments and deliver purchased goods
When is this relevant for me? What information do you collect about me What is your legal basis to collect my information? Where do you collect the information from? Am I obliged to provide this information? How long do you store information about me?
When you purchase our products First name, last name, delivery address, phone number, email address, information about your paid purchase price and currency, your credit card brand, type, BIN number and credit card issuer country, IP address, language, device type, payment history Contract (Art. 6 (1) (b) of GDPR). From yourself It is a requirement necessary to enter into a contract. If you do not provide this information, you will not be able to purchase and receive our products. 10 years
  1. 2. To ensure security of and improve our website
When is this relevant for me? What information do you collect about me What is your legal basis to collect my information? Where do you collect the information from? Am I obliged to provide this information? How long do you store information about me?
When you use our website or violated our Terms of Service IP address, device information and ID, web browser information, information on your activity at our website, country, information about violations of Terms of Service and inclusion into a blacklist Legitimate interest (security and improvement of our website) (Art. 6 (1) (f) of GDPR) From yourself No 1 month after your last use of website; 10 years for information on violations of Terms of Service and blacklist
  1. 3. To provide you with customer support
When is this relevant for me? What information do you collect about me What is your legal basis to collect my information? Where do you collect the information from? Am I obliged to provide this information? How long do you store information about me?
When you submit an inquiry or file a complaint to our customer support First name, last name, e-mail address, country, telephone number, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, reply to your inquiry, customer contact history, order ID Consent (Art. 6 (1) (a) of GDPR)) From yourself

Customer support service providers
No 10 years from the moment your last inquiry was received
  1. 4. To inform you about our products or show you internet ads
When is this relevant for me? What information do you collect about me What is your legal basis to collect my information? Where do you collect the information from? Am I obliged to provide this information? How long do you store information about me?
When we want to inform you or ask your opinion about our products or show you internet ads Full name, e-mail, telephone number, IP address, order information, country, postback information, website that directed the company’s website, your interaction with internet add Consent (Art. 6 (1) (a) of GDPR))

Customer relationship

Legitimate interest (direct marketing and internet ads) (Art. 6 (1) (f) of GDPR)
From yourself

Social media service providers

Marketing service providers

E-commerce providers
No 5 years, unless you opt-out
  1. 5. To interact with you via social media
When is this relevant for me? What information do you collect about me What is your legal basis to collect my information? Where do you collect the information from? Am I obliged to provide this information? How long do you store information about me?
If you interact with our social media profiles (e.g., send a message, follow our profiles, share a post, react to a post) Name and surname, e-mail address, gender, country, picture, message, time and date the message was received, content of the message, message attachments, response to the message, time of response to the message, information about Company’s rating, comments on a post, post shares, information about post reactions. Consent (Art. 6 (1) (a) of GDPR)) From yourself and social media service providers No 10 years from from your last interaction with our social media profiles
  1. 6. To carry out the selection of potential employees
When is this relevant for me? What information do you collect about me What is your legal basis to collect my information? Where do you collect the information from? Am I obliged to provide this information? How long do you store information about me?
When we receive your application for a job position, when you give us your consent for storing your CV, or we contact you based on the information you publicly disclose on professional social media platforms Full name, e-mail, phone number, CV, work experience, other information you provide us with Consent (Art. 6 (1) (f) of GDPR)

Contract (Art. 6 (1) (b) of GDPR).

Legitimate interest (to contact you if you made your information public) (Art. 6 (1) (f) of GDPR)
From yourself

Professional social media service providers

HR agencies
It is a requirement necessary to enter into a contract only where we intend to enter into an employment contract with you. If you do not provide this information, we will not be able to enter into an employment contract with you. 6 months after the end of the relevant recruitment process

5 years after you give us your consent or publicly disclose your information on professional social media platforms
  1. 7. To fulfil statutory accounting requirements
When is this relevant for me? What information do you collect about me What is your legal basis to collect my information? Where do you collect the information from? Am I obliged to provide this information? How long do you store information about me?
When you order our products Full name, e-mail address, telephone number, bank account number, address, signature, invoices, reports, accounting documents, payments, paid amounts, other information we are statutorily required to collect Legal obligation (Art. 6 (1) (c) of GDPR) From yourself

Audit service providers
It is a statutory requirement. If you do not provide this information, you will not be able to buy goods or services from us 10 years following a transaction
  1. 8. To defend our rights and interests
When is this relevant for me? What information do you collect about me What is your legal basis to collect my information? Where do you collect the information from? Am I obliged to provide this information? How long do you store information about me?
In case we become a party to legal process which you are subject to or we are statutorily required to collect information about you All of the afore-mentioned information, accounting and legal case files, legal documents, other information you provide us with, other information that we are statutorily required to collect and/or provide Legal obligation (Art. 6 (1) (c) of GDPR)

Legitimate interest (to protect our rights and interests) (Art. 6 (1) (f) of GDPR).
From afore-mentioned sources, law enforcement authorities, parties that are subject to legal process, courts Yes, where we are statutorily obliged to collect personal information 10 years following the end of contractual relationship with us or, whichever is longer, for the duration of legal process and 3 years after a final authority decision came into full force
If the case arises - information about criminal offenses and convictions Establishment, exercise, or defence of legal claims (Art. 9 (2) (f) of the GDPR)
  1. Who do you share my information with?

We share your information with information recipients, both within and outside European Economic Area (EEA), in cases where necessary for the above-describe purposes and allowed in accordance with applicable laws.

The information we receive from you in connection with the SMS Services may include your cell phone number, the name of your network operator and the date, time and content of your SMS. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. For more information about how we use your personal information, including phone numbers, please refer to our privacy policy.

Information recipient or category of information recipient Purpose of information transfer Country of the recipient European Commission decision on whether a non-EEA country has an adequate level of information protection Suitable safeguards that protect my information, when it is transferred to non-EEA countries
Accounting and audit service providers To fulfil statutory accounting requirements EU N/A N/A
Archiving service providers To keep our archive EU N/A N/A
Electronic communication service providers To operate our electronic communications EU N/A N/A
Attorneys, notaries, bailiffs, auditors, data protection officers, consultants To ensure our compliance, defend our rights and interests EU N/A N/A
E-mail and cloud hosting service providers To operate IT resources Worldwide No EU Standard Contractual Clauses
Banking, payment processing and other financial service providers To process payments Worldwide No EU Standard Contractual Clauses
Marketing and telemarketing service providers To market our products Worldwide No EU Standard Contractual Clauses
Shipping service providers and fulfillment centers To ship our products Worldwide No EU Standard Contractual Clauses
Customer support service providers To provide customer support Worldwide No EU Standard Contractual Clauses
Social media service providers To manage our social media profiles Worldwide No EU Standard Contractual Clauses
  1. What statutory rights do I have regarding my information?

Subject to conditions and limitations established by applicable laws, you have a right (i) to receive a confirmation as to whether we collect the information related to you and to request access to that information; (ii) to correct inaccurate or incorrect information, or to supplement it when it is incomplete; (iii) to delete the information we have about you; (iv) to restrict the use of your information where you challenge the accuracy of the information, object to the processing of the information or need your information for legal purposes; (v) to request your information in a structured, commonly used and machine-readable format (vi) to object to the processing of the information; (vii) to withdraw any consent given to us regarding the processing of your information; (viii) to file a complaint with supervisory authorities; and (ix) not to receive discriminatory treatment while exercising your rights. More detailed information on your rights and the cases where they are applicable is provided in the sections below.

  1. What is my right to request access to information?

You have the right to request that we disclose certain information to you about our collection and use of your information. Once we receive and verify your request we will disclose to you the categories of personal information we collected about you, the categories of sources for the personal information we collected about you, our business or commercial purposes for collecting that personal information, the categories of third parties with whom we share that personal information, the specific pieces of personal information we collected about you and other information that we are obliged to provide under the applicable laws. We have disclosed the information to third parties for a business or commercial purpose as described in Section 4 of this policy.

  1. What is my right to rectification?

You have the right to obtain the rectification of inaccurate personal information concerning you. Taking into account the purposes of the processing, you have the right to have incomplete information completed, including by means of providing a supplementary statement.

  1. What is my right to request deletion of the information?

You have the right to request the deletion of your information collected and maintained by us in the cases where (i) information is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) you withdraw consent on which the processing is based and there is no other legal ground for the processing; (iii) when you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes; (iv) the information have been unlawfully processed; (v) where the information have to be erased for compliance with a legal obligation; (vi) the information have been collected in relation to the offer of information society services directly to a child and subject to a consent. Once we receive and verify your request, we will delete (and direct our service providers to delete) your information from our records, unless applicable laws do not provide for deletion of the information in a particular case (for instance, retaining the information is necessary for us or our service provider(s) to complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities, comply with a legal obligation, make other internal and lawful uses of that information that are compatible with the context in which you provided it).

  1. What is my right to restrict the processing of information?

You have the right to restrict the processing of your information in the cases where (i) the accuracy of the personal information is contested by you; (ii) the processing is unlawful and you oppose the erasure of the personal information and request the restriction of their use instead; (iii) where we no longer need the personal information for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (iv) where you have objected to processing.

  1. What is my right to information portability?

You have the right to information portability in the cases when you seek to receive the information you have provided in a structured, commonly used and machine-readable form or to transmit that information to another controller where the processing is based on consent or on a contract and is carried out by automated means.

  1. What is my right to object to the processing of my information?

You have the right to object to the processing of your information where the collection and use is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, including profiling, as explained in Section 3 of this policy, or where you object to the collection of your personal information for direct marketing purposes.

  1. What is my right to withdraw consent?

You have the right to withdraw any consent given regarding the processing of your information where the processing is based on consent, as explained in Section 3 of this policy, and you seek to withdraw it at any time.

  1. What is my right to file a complaint with supervisory authorities?

You have the right to file a complaint with supervisory authorities where you want to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR.

  1. What is my right not to receive discriminatory treatment while exercising my rights?

When you exercise your rights enshrined in applicable laws, you also have the right to non-discrimination. For example, because you exercised your rights under applicable laws, you will not be denied of any goods or services, charged with a different price, provided a different quality of good and services etc.

  1. How do I submit a request?

If you would like to exercise your rights described above, please submit a request to us via e-mail at support@nuubu.com or our toll-free telephone number: +1 (205) 782-7133 (US).

  1. Can I use an authorized agent?

Sure. You may use an authorized agent to submit a request to opt-out on your behalf if you provide us with the authorized agent written permission to do so. If this is the case, please provide us with a copy of the said permission as instructed under the Section 18 of this policy below. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. You may also make a request on behalf of your minor child.

  1. Do you engage in automated individual decision-making, including profiling?

No, we do not make decisions based solely on automated processing, including profiling, which would produce legal effects concerning you.

  1. Does your website place cookies on my device?

Yes, our website places the following cookies on your device

Cookie Name Cookie Description Cookie Expiry
Strictly Necessary & Statistics Cookies
_fbp Used to distinguish and keep track of unique users 3 months
_ga This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. 2 years
_gat This cookie is used b y Google Analytics to throttle request rate. 1 day
_gid This cookie stores and update a unique value for each page visited and is used to count and track page views. 1 day
__cfruid Cookie associated with sites using CloudFlare, used to identify trusted web traffic. During your session only
_fw_crm_v Used to track Visitor/User identity and chat sessions performed by the User 1 year
_hjid Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. 1 year
_uetvid This is a cookie utilised by Microsoft Bing Ads. It allows us to engage with a user that has previously visited our website. 1 year
XSRF-TOKEN This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks. 1 day
enence_session This is used to hold information about your current visit with us. This cookie is essential to the functionality of the site. While visiting the website only
c This cookie is used in order to detect spam and improve the web site's security. Does not store visitor specific data. 2 years
soundestID This cookie is used to determine if the visitor has visited the website before, or if it is a new visitor on the website. While visiting the website only
soundtest-views Assigns a specific ID to the visitor - This allows the website to determine the number of specific user-visits for analysis and statistics. While visiting the website only
Marketing Cookies
ads/ga-audiences This cookie is used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across web sites. While visiting the website only
REST/webTracking/v1/event This cookie measures the efficiency of the web site’s marketing. The cookie is used to measure the conversion rate between website marketing and telephone response. While visiting the website only
Targeting Cookies
_gat_gtag_UA_136786017_1 This cookie is part of Google Analytics and is used to limit requests (throttle request rate). 1 minute
  1. How can I manage cookies?

You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. You can control the use of functionality cookies, targeting cookies or advertising cookies by adjusting your browser settings. To find out how to manage cookies in your browser, please visit one of the links below:

  1. How can I contact your data protection officers?

If you have any questions, comments, or complaints regarding how we collect, use, and store your personal information, our data protection officers are ready to help you. If you need their help, you may contact them at any time via dpo@ekomlita.com.