As of 1 December 2020 (the date of our foundation), Debene Wellness Ltd., complies with the General Data Protection Regulation of the European Union. Our GDPR compliance policy is stated below.
Customer Data Rights
Our GDPR compliance policy has been developed taking into account your right to access to, revision of, limitation of and deletion of your data. You can access your full list of rights here:
Customer Contact & Registration Data
We keep and use customer data limited to contact data gained by:
Registrations and sales on our website, as well as associated sales channels (such as Amazon.com or Facebook).
Registrations on our website or mailing list: this information typically comprises first name, last name, email address, and may include company name and VAT number, registered address and related information.
Customer data handed to us voluntarily, such as in terms of exchange of business cards.
User registration data collected for training events, conference registrations, or similar activities.
Inquiries and other information that derives from the exchange of emails, both within our website and via standard email.
We do not keep customer payment information, credit card numbers, or other payment information. Any processing of such information will be implemented by third-party online payment organisations or physical organisations (e.g. training or conference organisers).
We do keep contact information from both individuals (e.g. one-person companies or freelancers) as well as employees of organisations which provide a corporate email and telephone number.
Any online registration information, e.g. user passwords, are encrypted and cannot be seen by our website administrators. They will only be changed at user request.
Sensitive Customer Data
We do not keep or process any data considered as “sensitive” under the GDPR meaning:
racial or ethnic origin;
religious or philosophical beliefs;
trade union membership;
processing of genetic data;
biometric data for the purpose of uniquely identifying a natural person;
sex life or sexual orientation.
Social Media Data
We manage a social media ecosystem that include Facebook, LinkedIn, Twitter, Instagram and other social media profiles, pages and groups. Any customer data shared with these sites, such as customer IDs shared using “like” or “follow”, are bound by the terms of agreement of each respective social media platform.
In some cases, we have contracted to provide services with or to individuals, and our contracts may reflect a full individual name, date of birth, residential address and passport, tax or national identification (ID) number. This information is part of a legal contract and is bound by the non-disclosure and confidentiality terms of that contract.
Payment (Invoice) Data
We make national or international payments to individual customers or contractors. In this case, the contract and invoice documentation may contain payment information such as a bank account number (IBAN), SWIFT code, bank name and address, VAT or tax number and related information. All such information is kept as part of a contract or invoice document.
Data on customers for whom consulting projects have been implemented are kept on encrypted files regulated under non-disclosure agreements and confidentiality policies that have been agreed upon under project contract. All safeguards and procedures agreed upon in project contracting remains in effect.
Online Customer Data Storage
Customer data may be stored in our online databases:
a) on the ecommerce section of our website;
b) on newsletter sign-up forms on our website via self-entry of data;
b) on Mailchimp (www.mailchimp.com), a third-party electronic newsletter application.
Offline Customer Data Storage
Customer data may be stored in our corporate database. Data collected and stored for this purpose typically derives from conference and event registrations, projects, business card exchange and related activities. All data is collected and stored by two employees within our company, one of whom is our Data Protection Manager.
Uses of Customer Data
Customer data is used to send you electronic newsletters and related information specifically relating to our business, which you are free to unsubscribe from.
Customer data may also be stored as contract documents, invoices, or project documents.
Unethical Uses of Customer Data
Please note that we will never:
Harvest or scrape customer data from online resources
Purchase and use customer data from unverified sources
Sell customer data to third parties
We will never transfer your data to any entity either within or outside the European Union. The exceptions to this are if a public regulatory authority requires us to do so as part of an official product recall.
Finding out about Your Data
If you would like to learn what customer data we store relating to your organisation, please contact our Data Manager at firstname.lastname@example.org. We will contact you to confirm your identity prior to releasing any information.
Revising Your Data
If you would like to revise or update your customer data, please send your updated information to email@example.com. We will contact you to confirm your identity prior to updating or revising any information.
Deleting Your Data
If you wish to delete your data, please contact us with a specific request at firstname.lastname@example.org.
We store and use customer data indefinitely. This is a requirement due to:
a) National financial regulations in the countries we work in;
b) Product safety regulation, in case we need to inform customers of a product recall or licensing issue.
We take all measures to ensure that customer data stored is accurate and relevant to the purpose for which it has been provided.
Data Protection Officer
Our Data Protection Officer is:
All data is collected and stored by:
Debene Wellness Ltd.
133 Archbishop Makariou Avenue
Data Protection Authority
Our data protection authority is the Cyprus Commissioner for Personal Data Protection. Please refer to the European Commission Data Protection Authorities website (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) in case of updates.
Commissioner for Personal Data Protection
1 Iasonos Street,
P.O. Box 23378, CY-1682 Nicosia
Tel. +357 22 818 456
Fax +357 22 304 565