Privacy Notice
Better Health Today MT
Website Privacy Notice
At Pharmasud Limited (hereafter referred to as the “Pharmasud”, the “Company”, “we”, “us”), we are committed to the protection of Personal Data and individual’s right to privacy.
This privacy notice (the “Privacy Notice” or the “Notice”) applies to users or visitors of https://betterhealthtodaymt.com (the “Website” or the “Site”), as well as to those who use our services and purchase any Better Health Today products (collectively referred to as “You”).
The Company adopts the General Data Protection Regulation (EU) 2016/679 (GDPR) (hereinafter referred as “GDPR” or “Regulation”), the Data Protection Act, Chapter 586 of the Laws of Malta, and subsidiary legislation as may be amended from time to time, regulating the process of Personal Data and the rules relating to the free movement of such data, so as to protect the fundamental rights and freedoms of natural persons.
This Privacy Notice is issued by Pharmasud Limited which is the data controller (“Controller”).
How your data is collected
When You visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information for instance if you contact us for customer support, if you create an account with us, if you request free samples and if you use our services.
What personal data we collect, why we collect it, and what is the legal basis
1. Access to website and log file
When you visit this Website, our web server automatically stores the domain name or IP address of the requesting computer system (usually your internet access provider), including the date, time and length of your visit, the sub-sites/URLs you visit, and information on the applications and devices you use to view our Website
Data collected
- Log file
- Name
- Surname
- email address
- mobile number
- chosen payment method
- IP address
- login info
- pages viewed,
- duration website visits
- site usage, user’s operating system
- user’s internet service provider
- Abandoned checkouts
- Reference to Human behaviour while browsing our Website
Purpose: we collect and use your data to better understand our users’ needs, to continuously improve our website and to enable users to access the website, for purposes of (network) security, to measure and improve the effectiveness of this website, to help diagnose problems with our server, to administer this website, to see where website traffic is coming from and to identify our users.
Legal basis: art. 6 (1) (f) of GDPR, the process is necessary to fulfil our legitimate interests.
Retention period: 2 years – from when user's activity on website is concluded.
Retained for analytical and statistical purposes, to study how customers use our website, to develop our customer base, to grow our business and to help us implement marketing strategies.
2. When you create an account with us
Data collected
- Name
- Surname
- Email address
Purpose: we collect and use your data to register an account with us.
Legal basis: Art. 6 (1) (f) of GDPR, the process is necessary to fulfil our legitimate interests.
Retention period: 3 years from the deletion of your account.
3. Marketing
Data collected
- title
- name & surname
- surname
- mobile number
- social media accounts; Facebook, Instagram
- IP address,
Purposes: we collect and use your data to the purpose of providing you with promotional materials (including news and special offers) concerning our Services as well as products, services and promotions
Legal basis: art. 6 (1) (a) of the General Data Protection Regulation (GDPR). We process data for the purpose of marketing activities with your consent.
Retention period: your data will be erased when you either unsubscribe or withdraw your consent.
4. Newsletters
Data collected
- title,
- name & surname
- surname
- IP address,
- Data and time of registration
Purposes: we collect and use your data to send you news on our products, promotions & services
Legal basis: art. 6 (1) (a)) of the General Data Protection Regulation (GDPR) - We process data for the purpose of sending news about us with your consent.
Retention period: your data will be erased when you either unsubscribe or withdraw your consent.
5. Orders
Data collected
- Billing address
- Shipping address
- Name & Surname
- Telephone or mobile number
- Bank account details
- Credit or Debit card information
Purpose: we collect and use your data to provide products or services to you and to fulfil our contract, to process your payment information and provide you with invoices and/or order confirmations, to arrange for shipping, to communicate with the sender and the addressee in order to deliver the shipment
Legal basis: Art. 6 (1) (b) of GDPR. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Art. 6 (1) © of GDPR. Processing is necessary for compliance with applicable accounting and tax laws.
Retention period: 10 years – from when the last order is placed.
Retained to comply with a legal obligation.
6. Customer support information
Data collected
- Name & Surname
- Company
- Phone number
- Country
Purposes: We collect and use your data to process your request, to respond to your question/query, to provide customer support and to solve the issues you encountered using our services.
Legal basis: Art. 6 (1) (f) of GDPR Processing is necessary for our legitimate interests in conducting an existing business relationship or performing our other business activities
Retention period: 1 year – from when the last contact is made.
Retained for our legitimate interests including to help users get the best ‘customer care’, to study how clients use our website, to assess our operations and the quality of our service, to develop them and grow our business.
7. When you contact us
Data collected
- Name
- Surname
- Email address
- Phone number
Purposes: we collect and use your data to process your request and to respond to your request/question/query
Legal basis: art. 6 (1) (f) of GDPR Processing is necessary for our legitimate interests of conducting our business
Retention period: 1 year – from when the last contact is made.
Retained for follow-ups including queries, questions, claims and customer requests.
8. Management of the relationship with you
Data collected
- Name
- Surname
- Address
- address
- Phone number
- Shipping data
- Amount paid
- Amount paid
Purposes: we collect and use your data to manage the relationship with you, to notify you about your shipping status, To respond to your question/query, To respond to your request
Legal basis: art. 6 (1) (f) of GDPR Processing is necessary for our legitimate interests of conducting our business
Retention period: 1 year – from when the relationship with you is concluded.
Retained for follow-ups and updates including shipping and order status notifications.
9. When you file a claim
Data collected
- Name & Surname
- Email address
- Phone number
- Shipping details
- Information / details about the claim
Purposes: to process your claim and to respond/assist with your claim
Legal Basis: Art. 6 (1) (b) of GDPR. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Retention period: 5 years – from when the relationship with you is concluded.
Retained to establish, exercise or defend legal claims, to pursue any remedies available (including debt recovery).
10. Chatbox (integrated Facebook’s Messenger plug-in)
Data collected
- Displayed Messenger profile name
Purposes: personal data provided to us in the course of the use of our chatbot is processed in order to answer the question(s) posed there and to safeguard our legitimate interests in conducting an existing business relationship or performing other business activities
Legal Basis: art. 6 (1) (f) of GDPR Processing is necessary for our legitimate interests of conducting an existing business relationship and/or performing other business activities
Retention period: 1 year – from when the last communication is made.
In relation to the legal basis of our legitimate interest under art. 6 (1) (f) GDPR, in addition to the purposes listed above, we might process Your data also for the purposes of the establishment, exercise or defense of a claim or a legal action, to ensure network and information security and to report criminal acts.
If You fail to provide Your personal data
If You fail to provide the personal data requested we won’t be able, for instance, to process Your request, to enter into a contractual relationship with You, to provide our services or to provide You with offers.
Minors
The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact Us at the address below to request deletion.
Security
We have implemented appropriate technical, organizational and security measures designed to reduce the risk of accidental destruction or loss, or unauthorized disclosure or access to such personal data, according to the nature and context of the type of data and processing carried out.
In addition, we limit access to Your personal data to those employees, contractors and other third parties who have a business need to know. They will only process Your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify You and any applicable regulator of a breach where we are legally required to do so.
How we share Your personal data
We may share Your Personal Data as follows:
- to the extent necessary, with regulators, to comply with all applicable laws, with other governmental agencies or if required to do so by court order;
- to professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
- where You have provided Your consent to us in sharing the Personal Data (e.g., where You provide us with marketing consents or opt-in to optional additional services or functionality);
Trusted service providers we are using to run our business such as “Shopify”. See Privacy for Shopify Visitors.
Payment services providers such as PayPal, Stripe & Revolut facilitate your payments to us when you purchase our product and to ensure the security of Your payment transaction. To this end they might process your data, including those related to your Credit or Debit card information and bank account. Please find the link to their privacy notices:
- We share also your personal data with the shipping companies or postal services such as MaltaPost to deliver our products.
- In the event that we are acquired by or merged with a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, or assign Personal Data in connection with the foregoing events, when allowed or imposed by applicable law and in compliance with legal and regulatory requirements.
International Transfer
Personal data collected through this form may be transmitted to third parties which may be located outside of EU. Where the recipient and/or third party is situated in a jurisdiction outside of the EU that has not received an adequacy decision issued by the European Commission (Art. 45 GDPR), the transmission of data shall be subject to appropriate safeguards within the meaning of Article 46(1) of Regulation (EU) 2016/679 and any contractual agreement shall include the Standard Contractual Clauses (SCCs) for the transfer of personal data to third countries. You can obtain a copy of the Standard Contractual Clauses (SCCs) by contacting us at info@betterhealthtoday.mt.
Retention Of Your Personal Data
We will only retain Your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, or reporting requirements. Subsequently, such data will be deleted in order to comply with the principle of data minimization.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of Your personal data, the purposes for which we process Your personal data, whether we can achieve those purposes through other means and the applicable legal requirements.
If obliged to do so by law, we process personal data according also to commercial or tax law or to meet legal security requirements. Data will be deleted once the retention period expires.
Details of retention periods for different aspects of Your personal data are available in our Data Retention Policy.
If Your personal data is no longer required by us, we will either securely delete or anonymise them.
Automated decision-making
You have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
However, we do not engage in fully automated decision-making activities.
Your rights
Under GDPR you have the following rights:
Right to be informed – by way of this Privacy Notice, You are exercising your right to be informed of all the rights.
Right to request access to your personal data – this is commonly known as a Subject Access Request. This will enable you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Right to rectification – this enables You to have any incomplete or inaccurate data that we hold about you corrected.
Right to erasure – this enables You to ask us to delete or remove personal data where there is not good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are requested to erase your personal data to comply with local law. However, it must be noted that we may not always be able to comply with your request of erasure for specific legal reasons.
Right to object to processing – you may object to processing of certain personal data by Us (or third parties). Where an objection is entered, the processing of data shall cease, unless, We as data controller provide compelling and legitimate grounds requiring the continuation of the data processing which outweigh the objections You may have raised. When your data is being processed for direct marketing or newsletters, You have the right to object at any time to such processing.
Right to restriction of processing – this enables You to ask us to suspend the processing of personal data pertaining to you in instances where the personal data is not accurate, when the processing is unlawful, when we no longer need the Personal Data for the purposes for which they were collected for and, when You exercise Your right to Object.
Right to Data Portability – You have the right to ask Us to Provide Your personal data to You in a structured, commonly used, machine-readable format or to have to ported directly to another data controller, provided that this does not adversely affect the rights and freedoms of others.
Right to withdraw consent – when the processing of your personal data by Us is relied on consent, You have the right to withdraw Your consent at any time. Should You exercise this right at any time, We will determine whether at that stage an alternative legal basis exists for processing Your Personal Data where We would be legally authorised to process Your Personal Data without needing Your consent, and if so, notify You accordingly.
Cookies
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
For more detailed information including what cookies are and how and why We process such data in this manner (including the difference between essential and non-essential cookies) please read our Cookies Policy.
Changes
We may update this Notice from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.
Contact
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at info@betterhealthtodaymt.com
If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here: https://idpc.org.mt/
Version 1
last update: 08/01/2023