- What principles do we follow during data processing?
Our company follows the following principles during data management:
- We use personal data lawfully and fairly, as well as in a transparent manner.
- We only collect personal data in accordance, for a clear and legitimate purpose and we do not misuse them.
- The collected and handled personal information are appropriate and relevant and is limited to the neccessary.
- We do every reasonable measure, that the data used by us are precise and up-to-date, data that is incorrect will be corrected or deleted without delay.
- Personal data is saved in a form which permits identification ofdata for no longer than is necessary for the purpose for which the data were collected or for which they are further processed
- We protect personal data with appropriate technical and organisational measures, to protect the data against accidental or unlawful usage, accidental loss, destruction or impairment.
How we handle your data
- We collect, organise, store and use your data based on your prior informed consent and voluntary permission, and only in the required manner and always connected to the purpose.
- In certain cases your data’s handling is based on regulatory requirements and is obligatory, we will inform you about these cases.
- In certain cases handling your personal data is required to be done by us or is in the interest third party, for example, our website’s and shop’s maintenance, development, and security.
- Company information
United Flow Limited
Registered office and trading address: Unit 4, Orbital Industrial Estate, Horton Road, London, UB7 8JL
Our website: https://thegoodnessproject.co.uk
Address: Unit 4, Orbital Industrial Estate, Horton Road, London, UB7 8JL
E-mail address: firstname.lastname@example.org
Registered number: 8408252
Our company is not required to appoint a data protection officer in accordance to the GDPR article 37
Our hosting service provider’s name, address and contact details:
Nimenor Consulting & Marketing Ltd.
Hova House, 1 Hova Villas
Brighton & Hove, BN3 3DH
In order to provide our customers with a quality service, we use the following data processors:
Admiral Accounting Ltd
Accounting, tax processing
Nimenor Consulting & Marketing Ltd.
Hova House, 1 Hova Villas
IT services, database maintenance and processing, issuing riports, hosting services, direct marketing
Royal Mail plc
100 Victoria Embankment London EC4Y 0HQ
PO BOX 6979, Roebuck Lane, Smethwick, West Midlands, B66 1BN
55 rue d’Amsterdam, 75008 Paris
email marketing, online marketing
Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101
Stripe Payments Company
Suite 550, 185 Berry Street, San Francisco, CA 94117
Online card payment
In case there are changes in the group of data processors, we will reflect this in our current document.
Data handled by us:
Name of the activity and purpose of data processing
The aim is to provide the working of a functional and quality website,
To monitor and correct the quality of our services,
To identify malicious visitors attacking our website,
To measure visitor numbers,
Our company’s legitimate interest
Time of visit
Data from the visited subsites
The operating system and browser used by you
Registration on the website
The goal is that our visitors receive a better user experience, notification about fallback, changes to our company’s contact details, etc.
First name, Last name
Until the registration is deleted or until the contribution is withdrawn
Use of the website shop services
Aim is the registration and recording the visitors
Order processing and fulfilment,
Handling orders, invoices and deliveries,
handling of complaints, processing returns,
analysing the habits of our customers,
keeping in touch with our customers.
(GDPR article 6, paragraph (1), section c)
Phone number and e-mail address,
Details of your purchase (product, quantity, price, date and time, gift message),
Details regarding your payment (payment deadline, bank account number, bank or debit card number, ePurse, cash on delivery, etc.),
Participation in one-off or constant offers, discounts,
Data regarding delivery: delivery deadline and delivery address (Postcode, country, county, address line 1 and 2, house number)
Billing name, in case of a person full name,
Your VAT number or VAT registration number (in case these details are required for invoicing)
Billing address ((Postcode, country, county, address line 1 and 2, house number).
Undefined timeframe whilst the online shop is functioning, but latest until the data processing consent is withdrawn
Data regarding fulfilment of a contract – 5 years.
Issued invoices and documents linked to the invoice – 8 years.
Aim: keeping in touch, informing you about offers, news and our new products
Until you unsubscribe from the e-newsletter
Direct marketing service
Through the analyzation of your shopping habits
We create and send personalised offers,
We contact you for direct marketing
Sending information about the products and services carried by us.
Direct marketing services until cancellation (unsubscribe)
· Reply to feedback and complaints
· legal obligation
· full name
· e-mail address
· phone number
· postal address
· other personal message
· 5 years
· Aim: to guide the company’s course of business in a positive direction by drawing attention and give away valueable prizes
· To increase the satisfaction of our customers
Depending on the competition/giveaway:
· Full name
· e-mail address
· phone number
· home address
· for participant until the competition/giveaway is closed
· in the winners’ case 8 years
We will only request personal information from our visitors, if they wish to register, login, shop in our online Shop or if they wish to be included in an online competition.
Personal data given at registration and during the usage of the online shop services will not be connected and the identification of our visitors is not our goal.
If you have any questions regarding our data processing, please contact us at the email@example.com email-address or through our postal address. Our answer will be sent within 15 days (or at least within 1 month) to the contact address given by you.
- What are cookies and how do we handle them?
There are cookies that doesn’t require your prior consent. Our website gives a short introduction about these, such as authentication, multimedia player, balancing, session and user-based security cookies.
Cookies that require your consent – in case the data processing has already started by entering the website – will have to be acknowledged before the start of your visit.
Our company doesn’t use and doesn’t allow cookies, which would allow third parties to collect your data without your consent.
Accepting the cookies isn’t mandatory, however our company doesn’t take responsibility, if our website doesn’t work properly due to the not acceptance of the cookies.
What type of cookies do we use?
Firewall session cookie for the online operation, which prevents the abuse against cross-references
Securing the operation of the website
End of the browsing session
saving of your settings
to increase the efficiency of our services
(from third parties)
To identify new visitors and sessions, saved by Google Analytics online debugger
Connected to the the third parties services (eg. Google) during the website visit
- Information about the data processing of our online Shop.
As you provide us with your personal details during registration, shopping and communication with our company, therefore we ask you to pay attention to the genuineness, correctness and promptness of the data, as you are responsible for these. Incorrect, imprecise and incomplete data can be the barrier of using our services.
In case you provide us with other person’s details, we will assume that you have the necessary authorisation to do so.
You can always withdraw your consent of your data handling anytime free of charge
- By deleting your registration,
- By withdrawing your consent of your data handling, and
- By requesting the withdrawal and deletion of consent, that was requested at registration and is necessary for data processing.
We agree to undertake the registration of the consent withdrawal – due to technical reasons – within 15 days, however, we would like to draw your attention to the fact that some data might be used after the consent withdrawal for fulfilling legal obligations or for purpose of legitimate interests.
In case of misleading personal data or if one of our visitors commit criminal offence or is attacking our company’s system, we will delete the persons data are through the deletion of their registration profile immediately, or we will keep them – if necessary – for the time of the criminal trial or identification of civil liability.
- Information about direct marketing and e-newsletter data handling
With your consent during registration or later, through the changing of your personal data saved in our website shop (which means your consent is given) you approve that we use your personal details for marketing activities too.
In this case – until the consent is withdrawn – your data can be used for direct marketing and/or by sending of an e-newsletter, promotional or other items, as well as information and offers.
You can give your consent to direct marketing and e-newsletter together or separately and you can withdraw them anytime free of charge.
In every case, we will see a deletion of a registration profile as a withdrawal of consent. The withdrawal of the consent to direct marketing and/or e-newsletter will not be identified as the withdrawal of the consent given regarding our online shop data handling.
We agree to undertake the registration of the consent withdrawal – due to technical reasons – within 15 days.
- Information about competitions/giveaways
Our company can host competitions/giveaways on an ad hoc basis, which terms and conditions will be presented in a separate policy. Our current offering and the T&Cs will always be displayed on the landing page of our website in a link at a central place
- Other data handling questions
We only forward your data in a framework determined by law, in case of our data processors, we secure this via contracts, that your personal data cannot be used for conflicting goals without your consent. Further information can be found in the 2. Paragraph.
Our company can only forward data abroad in accordance with the policies set by the GDPR. The court, the prosecutor and other authorities (e.g. Police, tax office, Information Commissioner’s Office) can contact our company to provide information, data or documents. In these cases, we have the data handling right to fulfil these obligations, however only in the manner that it necessary to fulfil the purpose of the request.
Our contributors and employees involved in the data handling and processing are entitled to know your personal data - besides the obligation for confidentiality.
We protect your personal data with appropriate technical and other measures, and we secure your data’s security, availability and protect them from illegal access, modification, damage as well as publication and any unlawful usage.
In accordance to our security questions, we would like to ask your help to protect your password used for our website and/or shop and not to share it with anyone.
- What are your rights and your facilities to appeal?
About the data processing you can: request information,
- request the correction, change and add to your personal data that we manage
- object the data handling and request the deletion of their data (except data for the neccessary data processing),
- appeal in front of the court bíróság előtt jogorvoslattal élhet,
- report a concern or start proceedings at the supervisory authority (https://ico.org.uk/concerns/).
Supervisory Authority: Information Commissioner’s Office
- Address: Information Governance department
Information Commissioner's Office
- Phone number: 0303 123 1113
- E-mail: firstname.lastname@example.org
- Website: https://ico.org.uk
- At your request, we provide information about your data handled by us or handled by data processors appointed by us
- About data,
- About their source,
- About the aims and legal base of data handling,
- Time frame, but if that is not possible, about the aspects of determining the time frame,
- The names, addresses and activities connected to data processing of the data processors
- The circumstances of data protection incidents, their effect and their aversion as well as the measures taken to their intervention, and
- The legal base and recipient of the forwarding of your personal data
We kindly ask you, before turning to the supervisory authority or court you’re your complaint – for identification and resolving the problem as soon as possible – please contact our company.
- What is the main legal policy for our activity?
- regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. General Data Protection Regulation (GDPR) (EU) 2016/679
London, 24th of May 2018
Latest update: 28th of November 2022