Privacy Policy
Last updated: December 2024
PureShell ("we", "us" or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect your personal data when you visit our website, purchase our products, or interact with us.
This Privacy Policy is provided in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Cyprus Processing of Personal Data (Protection of Individuals) Law of 2018 (Law 125(I)/2018).
1. Data Controller
The data controller responsible for your personal data is:
- Company Name: [COMPANY NAME]
- Registration Number: [HE NUMBER]
- Registered Address: [REGISTERED ADDRESS, CYPRUS]
- Email: [email protected]
2. Personal Data We Collect
We collect and process the following categories of personal data:
2.1 Data You Provide Directly
- Identity Data: First name, last name
- Contact Data: Email address, shipping address, billing address, telephone number
- Transaction Data: Details of products you purchase, order history
- Communication Data: Correspondence you send to us, customer support inquiries
2.2 Data Collected Automatically
- Technical Data: IP address, browser type and version, time zone setting, operating system, device type
- Usage Data: Pages visited, time spent on pages, clickstream data, browsing patterns
- Location Data: General geographic location based on IP address
2.3 Payment Data
Payment card details are processed securely by our payment processor (Stripe) and are not stored on our servers. We only receive confirmation of successful payment and the last four digits of your card for identification purposes.
2.4 Special Categories of Data
We do not intentionally collect any special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, etc.). If you provide such data in communications with us, we will only use it as necessary to respond to your inquiry.
3. How We Collect Your Data
- Directly from you: When you place an order, create an account, contact us, or subscribe to our newsletter
- Automatically: Through cookies and similar technologies when you use our website
- From third parties: Our analytics providers (e.g., Google Analytics), payment processors, and delivery partners
4. Purposes and Legal Bases for Processing
Under Article 6 of the GDPR, we process your personal data for the following purposes and legal bases:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| To process and fulfill your orders, including payment and delivery | Performance of contract (Art. 6(1)(b)) |
| To send order confirmations, shipping updates, and service communications | Performance of contract (Art. 6(1)(b)) |
| To respond to your inquiries and provide customer support | Performance of contract (Art. 6(1)(b)) / Legitimate interests (Art. 6(1)(f)) |
| To process returns, refunds and warranty claims | Performance of contract (Art. 6(1)(b)) / Legal obligation (Art. 6(1)(c)) |
| To comply with legal obligations (tax, accounting, fraud prevention) | Legal obligation (Art. 6(1)(c)) |
| To send marketing communications (with your consent) | Consent (Art. 6(1)(a)) |
| To improve our website, products and services | Legitimate interests (Art. 6(1)(f)) |
| To protect against fraud and ensure website security | Legitimate interests (Art. 6(1)(f)) |
| To establish, exercise or defend legal claims | Legitimate interests (Art. 6(1)(f)) |
Where we rely on legitimate interests, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms.
5. Recipients of Your Data
We may share your personal data with the following categories of recipients:
- Payment Processors: Stripe, PayPal – to process payments securely
- Shipping Partners: Courier and postal services – to deliver your orders
- Hosting Providers: Web hosting and cloud storage services
- Analytics Providers: Google Analytics – to analyze website usage
- Email Service Providers: To send transactional and marketing emails
- Professional Advisors: Lawyers, accountants, auditors – as required
- Public Authorities: Tax authorities, courts, regulators – when required by law
We do not sell your personal data to third parties.
All third-party service providers are required to process your data only on our instructions and in compliance with applicable data protection laws.
6. International Transfers
Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, including:
- Transfers to countries with an adequate level of data protection as determined by the European Commission (Article 45 GDPR)
- Standard Contractual Clauses approved by the European Commission (Article 46(2)(c) GDPR)
- Other appropriate safeguards as permitted by the GDPR
You may request a copy of the safeguards we use by contacting us.
7. Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected:
- Order and Transaction Data: 7 years from the date of transaction (for tax and accounting purposes under Cyprus law)
- Customer Account Data: Until you request deletion or close your account, plus 2 years
- Marketing Data: Until you withdraw consent or unsubscribe
- Customer Support Communications: 3 years from the last communication
- Website Analytics Data: 26 months
- Legal Claims Data: 6 years from the date of the relevant transaction (Cyprus limitation period)
8. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
Your Data Protection Rights:
• Right of Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Request correction of inaccurate data
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to Restriction (Art. 18): Request restriction of processing
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent
• Right Not to be Subject to Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. This period may be extended by two further months if necessary, taking into account the complexity and number of requests.
We may need to verify your identity before processing your request. There is no fee for exercising your rights, but we may charge a reasonable fee for manifestly unfounded or excessive requests.
8.1 Right to Object to Direct Marketing
You have the absolute right to object to processing of your personal data for direct marketing purposes at any time. To unsubscribe from marketing emails, click the "unsubscribe" link in any marketing email or contact us directly.
9. Cookies and Tracking Technologies
We use cookies and similar technologies on our website. Cookies are small text files stored on your device that help us improve your experience.
9.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for website functionality (e.g., shopping cart, checkout) | Session |
| Functional | Remember your preferences (e.g., currency, language) | 1 year |
| Analytics | Help us understand how visitors use our website (Google Analytics) | 26 months |
| Marketing | Used to show relevant advertisements and track campaign effectiveness | Various |
9.2 Managing Cookies
You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.
To opt out of Google Analytics, you can install the Google Analytics Opt-out Browser Add-on.
10. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure or destruction, including:
- SSL/TLS encryption for all data transmission
- Secure payment processing through PCI DSS-compliant providers
- Access controls and authentication measures
- Regular security assessments and monitoring
- Employee training on data protection
While we implement robust security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.
11. Links to Third-Party Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.
12. Children's Privacy
Our website and Products are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. The "Last updated" date at the top of this policy indicates when it was last revised.
14. Complaints
If you have concerns about how we handle your personal data, please contact us first at [email protected]. We will endeavour to resolve your complaint.
You have the right to lodge a complaint with the supervisory authority in Cyprus:
Commissioner for Personal Data Protection
Address: Iasonos 1, 1082 Nicosia, Cyprus
Phone: +357 22 818 456
Fax: +357 22 304 565
Email: [email protected]
Website: www.dataprotection.gov.cy
If you are located in another EU member state, you may also lodge a complaint with the supervisory authority in your country of residence.
15. Contact Us
For any questions about this Privacy Policy or ou