Privacy Policy

Aeviva (referred to as "we," "us," or "our") operates the website www.aeviva.io (the "Website"). We are committed to protecting your privacy and personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Slovenian data protection laws.

By using our Website, you consent to the collection, use, and disclosure of your personal data as described in this Privacy Policy. If you do not agree to this policy, please refrain from using the Website.

DEFINITION AND TYPES OF DATA WE COLLECT

- Identification Data: Name, surname, age, gender, postal address, email address, and country of residence.

- Payment Data: Information about your payment method (such as your credit card details, excluding CVV). Payment processing is handled by Stripe, a secure payment provider that complies with PCI DSS standards. We do not store your payment details, and all transactions are encrypted and protected by Stripe's security measures.

- Health Data: Information regarding your dietary supplements, health conditions, allergies, medical history, pregnancy status, and other relevant health-related information collected through the online quiz. This data is processed only with your explicit consent.

- Technical Data: Data about your browsing experience, including IP address, browser type, and device information, collected through cookies and similar technologies.

- Account Login Data: Any data required to give you access to your account profile. This includes your login ID/email address, screen name, password (stored in an unrecoverable form), and/or security question and answer.

- Other Information You Provide to Us: This includes communications with us, photos you share for contests or promotions, and any information you post through our services, such as reviews, blogs, or message boards.

- Commercial Information: Information about products or services purchased, obtained, considered, or returned, as well as purchasing or consuming behaviors, tendencies, and histories.

PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR DATA

We process your personal data for the following purposes:

- Providing Services: To personalise your supplement recommendations, process your orders, and fulfill your subscriptions.

- Order Fulfillment: Managing contracts, orders, deliveries, and customer service requests.

- To Communicate with You: We use your personal information (e.g., contact information) to respond to your questions, comments, or requests when you communicate with us through features like "Contact Us." We also use this data to send you important administrative information, such as updates to our services, changes to terms and conditions, or policy modifications.

- Abandoned Cart: We use cookies to track the items you add to your shopping cart, including when you abandon the cart. Based on this information, we may send cart reminder emails or notifications via other channels.

- Marketing Communications: Sending newsletters, offers, and updates, with your consent, regarding products and services you may be interested in.

- Surveys, Sweepstakes, and Message Boards: If you participate in features such as surveys, sweepstakes, or message boards, we will use your personal information to enable and manage your participation, including contact information to notify you about results or prize eligibility.

- Analytics and Improvements: Evaluating and enhancing the performance of our Website, understanding user behavior, and improving user experience.

Legal Basis for Processing:

- Performance of a Contract: Necessary for fulfilling your orders and providing services.

- Consent: Required for processing sensitive health data, sending marketing communications, and participating in surveys or sweepstakes.

- Legitimate Interests: For improving our services, provided it does not override your privacy rights.

DATA RETENTION PERIODS

We retain your data according to the following guidelines:

- Customer Data: Retained for the duration of your subscription, plus 5 years after its termination.

- Health Data: Stored only for the active period of your subscription or account.

- Inactive Accounts: Accounts are deleted after 2 years of inactivity.

- Marketing Data: Retained for 7 years from your last interaction unless you withdraw your consent.

- Payment Data: Handled and stored by Stripe, our payment service provider, which ensures compliance with security regulations. We do not store your payment details.

DATA SHARING AND TRANSFER

We may directly share your data with:

- Service Providers and Subcontractors: Including payment processors like Stripe, hosting services, and delivery partners, in compliance with GDPR.

- Public Authorities: To comply with legal obligations when necessary.

Data transfers outside the European Union are safeguarded by mechanisms such as standard contractual clauses or adequacy decisions by the European Commission.

COOKIES

We use cookies to enhance your experience on our Website, including:

- Technical and Functional Cookies: Essential for the proper functioning of the Website.

- Analytics Cookies: Used to track and analyze user behavior.

- Marketing Cookies: To provide personalized advertisements.

You can manage your cookie preferences through your browser settings.

YOUR RIGHTS UNDER GDPR

As a data subject under the GDPR, you have the following rights:

- Right of Access: Request access to the personal data we hold about you.

- Right of Rectification: Correct any inaccurate or incomplete personal data.

- Right to Erasure: Request the deletion of your personal data in certain circumstances.

- Right to Data Portability: Receive your personal data in a commonly used format and transfer it to another data controller.

- Right to Object: Object to the processing of your data for specific purposes, such as direct marketing.

- Right to Withdraw Consent: Withdraw your consent to the processing of health-related data at any time.

To exercise these rights, please contact us at infoaeviva@gmail.com. We may request proof of identity to verify your request.

DATA SECURITY

We implement strict security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. Payment transactions are securely processed through Stripe, which uses encryption and other safeguards in line with industry standards.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time without notice. Changes will be posted on this page, and we encourage you to review the policy periodically. Continued use of the Website after changes have been made will signify your acceptance of the updated policy.

CONTACT US

For any questions or concerns about this Privacy Policy, please contact us at:

Email: infoaeviva@gmail.com