Last update: 18 July 2022
- WHAT DATA DO WE COLLECT?
- ANALYTICS AND ADVERTISING
- HOW LONG DO WE STORE YOUR DATA?
- HOW DO WE DISCLOSE YOUR DATA?
- HOW DO WE PROTECT YOUR DATA?
- HOW CAN YOU MANAGE YOUR PERSONAL DATA?
1.2 Data controller. The Froothie Website is owned and operated by Athena Solutions UG having a registered place of business at Oberstraße 3, 47829 Krefeld, Germany, with HRB 18251 and USt-IdNr DE345401048 (“we,” “us,” and “our”).
1.3 Children. The Froothie Website is not intended for use by persons under the age of 18. Therefore, we do not knowingly collect personal data belonging to children. If you become aware that a person younger than 18 has provided us with his or her personal data and you are a parent or a legal guardian of that person, please contact us immediately and we will remove the child’s personal data from our systems.
In this section, we explain in detail what personal data we collect from you, for what purposes we use it, what technical data is collected automatically when you use Froothie, and how we communicate with you.
2.1 Sources of personal data. We obtain your personal data from the following categories of sources:
- Directly from you. For example, if you submit your personal data when you register your user account, purchase our products, or contact us;
- Directly or indirectly through your activity on the Froothie Website. When you use the Froothie Website, we automatically collect technical information about your use of the Froothie Website by means of cookies and analytics services; and
- From third parties. We may receive information about you from third parties to whom you have previously provided your personal data, if those third parties have a legal basis for disclosing your personal data to us (for example, for payment processing purposes).
- Your account. When you register your user account, we collect your first name, last name, email address, and password. When you update your user account, we collect your first name, last name, company name, and address. We use such information to register and maintain your user account, enable you to purchase our products, process your orders, contact you, if necessary, ensure security, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ’pursuing our legitimate interests’ (i.e., operate, analyse, grow, protect, and administer the Froothie Website). We will store this data until your user account is deleted, unless we are required by law to keep some records longer.
- Orders and p When you place an order on the Froothie Website, we collect your first name, last name, full address, and phone number. When you make a payment, we collect your billing address and payment data, which depends on the payment method chosen by you. If you choose to pay by credit card, we collect the cardholder’s name, credit card number, CVV code, expiration month and year. If you choose to pay by PayPal, we collect your PayPal details. If you choose to pay by a bank transfer, we collect the bank account number and holder’s name. Your payment data is used to process payments and maintain our accounting records. The legal bases on which we rely are ‘performing our contractual obligations’ and ‘pursuing our legitimate interests’ (i.e., to administer and protect our business). We store such data for the time period prescribed by law.
- Order information. When you make an order, we collect information about your order (e.g., the products that you order, payment methods, and returns). This information helps us to analyse your use of the Froothie Website, develop new products and services, and ensure your compliance with our legal terms. The legal basis on which we rely is ’pursuing our legitimate interests’ (i.e., analyse, grow, and protect our business). We will store this data until your user account is deleted. We reserve the right to store this information longer, if all personal data is removed from it.
- When you write a review to be featured on the Froothie Website, we collect your email address, name, or Facebook profile information (if you login through Facebook). In addition, we collect any information and materials (photos or videos) that you decide to provide us in your review. We use such information to publish your review, filter fake reviews, ensure your compliance with our legal terms, and maintain our business. The legal bases on which we rely are ‘performing our contractual obligations’ and ‘pursuing our legitimate interests’ (i.e., to administer and protect our business). If you decide, at your sole discretion, to provide certain personal data in your review that was not asked by us, we will process it on the ‘your consent’ basis. We store such data until you delete your review.
- When you contact us by email, we collect your first name, last name, email address, and any information that you decide to include in your message. When you contact us through the form available on the Froothie Website or claim your warranty, we collect your email address, first name, last name, phone number (optional), country, order number (optional), date of purchase (optional), product name, and any information that you provide us with in your message. When you contact us by WhatsApp, we collect your name, phone number, and any information that you decide to include in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data). We will store this data until you stop communicating with us.
- If you opt-in for our newsletter, subscribe to our newsletter on the Froothie Website by submitting your country, email address, and name, or purchase a product from us, we will inform you about our products and special offers by email. The legal bases on which we rely is ‘your consent’ (if you opt-in) and ‘pursuing our legitimate business interests’ (i.e., to promote our business). You can opt-out from receiving our commercial communication at any time free of charge by clicking on the “unsubscribe” link included in our newsletters or by contacting us directly. We will store your contact details until you unsubscribe from our newsletters.
- Warranty registration. When you register your warranty, we collect your first name, last name, email address, address, purchase date, order number, and product serial number. We use such information to register your warranty and maintain our business records. The legal bases on which we rely are ‘performing our contractual obligations’ and ‘pursuing our legitimate interests’ (i.e., to administer our business). We will store such data as long as your warranty lasts.
2.4 Sensitive data. We do not collect or have access to any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data refers to your health, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation.
2.5 Refusal to provide personal data. If you refuse to provide us with your personal data when we ask for it, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Froothie Website, purchase products, receive the requested information, or get our response. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose.
2.6 Your feedback. If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and our response. Where possible, we will de-identify your personal data (i.e., we will remove all personal data that is not necessary for keeping such records).
2.7 Aggregate and de-identified data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregate data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any legitimate purpose.
2.8 Transactional notices. If we have your email address and it is necessary to do so, we may send you important informational messages, such as order confirmations, payment receipts, invoices, and other technical or administrative emails. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from service-related notices.
3.1 Collection of analytics data. When you browse the Froothie Website, we collect certain technical analytics data collected from you. Such data includes the following information:
- URL addresses from which you access the Froothie Website;
- Your device type;
- Your operating system;
- Average time that you spend on the Froothie Website;
- Products viewed;
- What products you add to your cart;
- Initiated Checkouts;
- Added payment information;
- Your purchases;
- Number of visits;
- Visitor bounces;
- Session by traffic source;
- Approximate geo-location data; and
- Your IP address.
3.2 Purposes of analytics data. We use your analytics data to analyse what kind of users access and use the Froothie Website, measure your engagement, see which parts of the Froothie Website are interesting to you, what products you buy, improve our content, develop new products, and investigate and prevent security issues and abuse. In most cases, analytics data is non-personal and it does not allow us to identify you as a natural person. However, some of such data like your IP address may be considered personal data and we will make sure that we have the necessary legal basis for processing such data. When we process your analytics data that is personal data, we rely on the ‘legitimate interest’ (i.e., to analyse, improve, and protect the Froothie Website) and ‘your consent’ bases.
3.4 Advertising and profiling. You may encounter personalised and non-personalised advertising based on your use of the Froothie Website and other websites on the Internet. We use Google Ads and Facebook Ads that deliver such services. Such advertising may also be based on profiling that automatically groups the users of the Froothie Website. Where necessary, we will seek your consent (for example, for the use of non-essential advertising cookies). If you provide your consent, you will see personalised and non-personalised advertising that may be based on your interests and cookie-generated data. If you would like to know more about how such advertising is served, please refer to the Google’s Privacy and Terms site available at https://policies.google.com/privacy?hl=en-US and Facebook and the Facebook Privacy Center available at https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0. You can control how advertising is shown to you or opt-out from targeted advertising by consulting the guide powered by the Digital Advertising Alliance available at https://youradchoices.com. For more information on opting-out from advertising features on your device, please visit https://www.networkadvertising.org. Where interest-based advertising uses non-essential cookies, we will ask your consent for such cookies. Also, you may adjust the settings of your Google or Facebook account to manage the advertising content that you are served.
3.5 Facebook Custom Audience. We use Facebook Custom Audience and Remarketing. It is a re-marketing and behavioural targeting service provided by Meta Platforms, Inc. located in the United States, that connects your activity of the Froothie Website with the Facebook advertising network. The information that can be collected by you is your cookie-related data and email address. Where necessary, we will seek your consent for using this tool or the cookies related to this tool. The use of this tool allows us to display interest-based advertisements when you visit the social network Facebook or other websites also using this tool. In this way, you can see advertising that may be relevant or interesting to you. You can opt-out from seeing such advertising by adjusting your cookie settings. Also, please refer to section 3.4 above for links that provide more information about controlling interest-based advertising.
- HOW LONG DO WE STORE YOUR DATA?
In this section, we explain for how long we keep your data in our systems and how we delete it.
4.3 Storage as required by law. When we are obliged by law to store your personal data for a certain period of time (e.g., for keeping accounting records), we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
- HOW DO WE DISCLOSE YOUR DATA?
In this section, you can find information about third parties that may have access to your personal data.
5.1 Disclosure to data processors. We keep your personal data in strict confidentiality. However, if necessary for the intended purpose of your personal data, we will disclose your personal data to entities that provide services on our behalf (our data processors). Your personal data may be shared with entities that provide technical support services to us, such as hosting, payment processing, and email distribution services. We do not sell your personal data to third parties and do not intend to do so in the future. The disclosure of your personal data is limited to the situations when it is required for the following purposes:
- Ensuring the proper operation of the Froothie Website;
- Processing your payments;
- Delivering your products;
- Receiving your messages;
- Responding to your enquiries;
- Pursuing our legitimate interests;
- Enforcing our rights, preventing fraud, and security purposes;
- Carrying out our contractual obligations;
- Law enforcement purposes; or
- If you provide your prior consent to such a disclosure.
- Our email marketing service provider ActiveCampaign located in the United States;
- Our e-commerce software provider Shopify located in Canada;
- Our review service provider Trustpilot located in Denmark;
- Our behaviour analytics service provider Hotjar located in Malta;
- Our messaging service provider Facebook Messenger located in the United States;
- Our payment service providers PayPal and Stripe located in the United States, and Klarna located in the United Kingdom;
- Our analytics service provider Google Analytics located in the United States;
- Our advertising service providers Google Ads and Facebook Ads located in the United States;
- Our Web performance and and security service provider Cloudflare located in the United States;
- Our chat marketing service provider ManyChat located in the United States;
- Our form service provider Typeform located in Spain; and
- Our independent contractors and consultants.
5.3 International transfers. Some of our data processors may be based outside the country where you reside. For example, if you reside in the UK or a country belonging to the European Economic Area (EEA), we may need to transfer your personal data outside the UK or the EEA. In case it is necessary to make such a transfer, we will make sure that the country in which our data processor is located guarantees an adequate level of protection for your personal data or we conclude an agreement with it that ensures such protection (e.g., a data processing agreement based pre-approved Standard Contractual Clauses).
5.4 Disclosure of non-personal data. Your non-personal data may be disclosed to third parties for any purpose as it does not identify you as a natural person. For example, we may share it with prospects or partners for business or research purposes, for improving the Froothie Website, responding to lawful requests from public authorities or developing new products and services.
5.5 Legal requests. If requested by a public authority, we will disclose information about the users of the Froothie Website to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
- HOW DO WE PROTECT YOUR DATA?
Here you can find information on how we protect your data against breaches.
6.1 Security measures. We implement technical and organisational information security measures that protect your personal data from loss, misuse, unauthorised access and disclosure. The security measures taken by us include proper authentication, secured networks, SSL data encryption, transport layer security (TLS), strong passwords, limited access to your personal data by our staff, anonymisation of personal data (when possible), and carefully selected data processors. Shopify that provides us with its e-commerce software is Level 1 PCI DSS compliant.
6.2 Security breaches. Although we put our best efforts to protect your personal data, given the nature of communication and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
- HOW CAN YOU MANAGE YOUR PERSONAL DATA?
Here you can find detailed information about the rights that you have with regard to your personal data and how to exercise those rights.
7.1 The list of your rights. You have the right to control how we process your personal data. Subject to any exemptions provided by law, you have the following rights:
- Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;
- Right to rectification: you can rectify inaccurate personal data that we hold about you;
- Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;
- Right to restriction: you can ask us to restrict the processing of your personal data;
- Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another processor;
- Right to object: you can ask us to stop processing your personal data;
- Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
- Right to complaint: you can submit your complaint regarding our processing of your personal data.
7.3 Complaints. If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 30 days). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
Postal address: Athena Solutions UG, Oberstraße 3, 47829 Krefeld, Germany.