Yanelex Limited ("We") are committed to protecting and respecting your privacy.
On May 25th 2018, a new European privacy regulation called the General Data Protection Regulation (GDPR) came into effect. GDPR applies to companies that are based in the EU and global companies that process personal data about individuals in the EU. It provides citizens of the EU with greater control over their personal data and assurances that their information is being securely protected across Europe.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Yanelex Limited of 18 Norfolk Square, Paddington, London W2 1RS with company number 07104239.
As a company, we comply with all previous EU Data Protection Law (1998 Act) and will continue to comply with new GDPR Law (2018 Act), by doing the following:
We mapped and continue to map where all of the personal data in our entire business comes from and document what we do with the data. We identify where all this data resides, who can access it and if there are any risks to the data.
As a mail order online retailer, for us to be able to process customer orders and deliveries, we require certain information. At the time of purchase, you will be required to provide us with personal information:
Additional information such as your Date of Birth may also be asked for. This is because some of our products/services are age restricted and this is to ensure that one purchasing is over the legal age relevant to our website.
In addition to holding your personal details on file (so as to process orders), there are other forms and submit requests such as ‘Contact Us’ and ‘Newsletter’ forms/fields. This information will be kept on file, so please be aware that by providing us with your details you have consented that you are happy for us to store this information. However, please note that under new GDPR legislation, you are able to remove your details from our system at any time.
The data we collect from you may be transferred to, and/or stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us, other members of our group, or for one of our suppliers. By submitting your personal data, you agree to this transfer. We will take all steps reasonably necessary and within our reasonable control to ensure that where we act as data controller your data is treated securely and in accordance with this privacy policy. Information you provide to us is stored on our servers or those of our subcontractors.
Where our Website is an ecommerce site, all information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We have developed and implemented safeguards throughout our infrastructure to help contain any data breaches. We have put security measures in place to guard against data breaches and taking quick action to notify individuals and authorities in the event a breach does occur.
All our privacy statements and disclosures comply where necessary.
We will notify all accordingly should there be any changes in GDPR and also by changing it on our Website.
Questions, comments and requests regarding this GDPR policy are welcomed and should be addressed to our GDPR Data Controller responsible - [email protected].