Privacy Policy
This Privacy Policy outlines how Benu LLC (https://benupens.com/) (referred to as “We” or “Us”) manages the personal data of our users (referred to as “You”).
We hold your privacy in high regard and aim to provide you with a clear understanding of how we safeguard your personal data. Please take a moment to thoroughly read this Privacy Policy, and feel free to contact us with any inquiries.
What is personal data and other related terms used in this Privacy Policy?
In this Privacy Policy, the following terms are employed:
‘personal data’: Refers to any information pertaining to an identified or identifiable natural person (‘data subject’).
‘data subject’: Denotes an identifiable natural person, one who can be directly or indirectly identified, especially by utilizing an identifier like a name, an identification number, location data, an online identifier, or by considering factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the individual.
While using our website or app you are considered to be a data subject.
- ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
We start processing your personal data after you provide it to us, for instance, during the registration.
- ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law;
We hold control over your personal data. For additional details about us, refer to Chapter 3 within this Privacy Policy.
- ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
For instance, processors act as our subcontractors when we opt to engage their services.
- ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; ‘GDPR’ means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
What kind of personal data do we process?
We securely store and process the following personal data:
- Your name, utilized for shipping and personalizing addressing in profile notifications and email correspondence.
- Your email address, used for order confirmation, updates on order status, and shipping notifications.
- Your phone number, employed for facilitating product delivery.
- The shipping address you provide, essential for the efficient delivery of products.
We gather the mentioned information to facilitate your usage of our website. Should you wish to enhance your user experience, you have the option to voluntarily provide us with additional personal data, including:
- Date of birth: This information enables us to send a personalized discount on your birthday.
- Social Media Connections: Providing your social media profiles allows for quick and convenient login options.
Additionally, your provided email address may be utilized for newsletters and “Back in Stock” notifications.
Kindly be aware that our website is not designed to provide services directly to children, and we do not knowingly collect information from them. If you are under the age of 16 and wish to contact us, please send us a written consent from your parents or guardians authorizing the processing of your personal information.
Who is the controller of your personal data?
The controller of the personal data within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
BENU LLC
Registration number: 286.110.1231346
Registered address: Bldg. 20/19, Proshyan 1st Lane Yerevan, 0019, Armenia
Responsible person: Kate Dmitrieva
Phone number: +374 11 772774
Email: [email protected]
Feel free to contact us at any time by sending an electronic message to our email or giving us a call. Please refer to the contact information provided above for both options.
How long do we store your personal data?
The data collected by Google Analytics in the form of pseudonymous user profiles will be deleted no later than 38 months after the last new entry in the respective user profile.
In all other respects we delete your personal data as soon as they are no longer needed for the purposes pursued with the collection and processing and as far as no legal storage obligations stand in the way.
What are the legal basis for processing your personal data?
Article 6 I lit. a GDPR – the data subject has given consent to the processing of his or her personal data for one or more specific purposes – serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I lit. b GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR – processing is necessary for compliance with a legal obligation to which the controller is subject.
In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR – processing is necessary in order to protect the vital interests of the data subject or of another natural person.
Finally, processing operations could be based on Art. 6 I lit. f GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller.
Your personal data may be transferred to a country other than your own. This includes transfer to both EU countries and non-EU countries, in which no level of data protection comparable to that in the EU is guaranteed. This applies in particular to the USA, where unsolicited access by government agencies is possible. A transfer to recipients outside the EU only takes place if it is ensured that the recipient of the data guarantees an adequate level of data protection and that there are no other interests worthy of protection against the data transfer.
Do we share your personal data?
Your personal data may be transferred to a country other than your own. This includes transfer to both EU countries and non-EU countries, in which no level of data protection comparable to that in the EU is guaranteed. This applies in particular to the USA, where unsolicited access by government agencies is possible. A transfer to recipients outside the EU only takes place if it is ensured that the recipient of the data guarantees an adequate level of data protection and that there are no other interests worthy of protection against the data transfer.
For example, we use GoDaddy for our website hosting. Given that their servers are located outside the country of our registration, your personal data will be transferred and stored there. For further details about these servers, we encourage you to review the privacy notice provided at this link: https://no.godaddy.com/legal/agreements/privacy-policy/
Please be aware that we use third-party materials on our website. In particular, the following plugins having access to your personal data are used:
- WooCommerce;
- DHL Parcel;
- DHL Shipping Germany;
- Facebook;
- Google Listings and Ads;
- Kadence Shop Kit;
- Mailchimp;
- MonterInsights Pro;
- Revolut;
- PayPal;
- Evocabank.
We recommend you checking the privacy notices provided by the mentioned services.
Do we use cookies on our website?
Yes. Please see our Cookies Policy for more details.
What are your rights with respect to protection of your personal data?
- The right to be informed – our responsibility to communicate how we utilize your personal data, and that’s precisely what we’re addressing in this Privacy Notice.
- Right of access – The Controller provides you with the opportunity to access the personal data we process. You have the right to contact us and inquire about the confirmation of whether your personal data is being processed. If affirmative, you are entitled to request access to your data, which we will furnish in the form of a comprehensive “registry.” This registry includes details such as purposes, categories of personal data, categories of recipients of personal data, and the storage periods or criteria for determining storage periods.
- Right to rectification – You have the right to have inaccurate personal data we have stored about you rectified.
- Right to erasure – You may also ask us to erase your personal data from our systems. We will comply with such requests unless we have a legitimate ground to not delete your personal data.
- Right to restriction of processing – You may request us to restrict certain processing of your personal data. If you restrict certain processing of your personal data, this may lead to fewer possibilities to use our Services and website.
- Right to data portability – You have the right to receive your personal data from us in a structured, commonly used and machine-readable format in order to transmit the personal data to another controller.
- Right to object – grants you the authority to oppose the processing of your personal data by us. This includes instances where you object to the processing of your data for direct marketing purposes.
- Rights in relation to automated decision-making and profiling – this right ensures your entitlement to transparency regarding any profiling or automated decision-making conducted by us.
- Right to withdraw Consent — the right to withdraw any previously granted consent at any time. If we have collected and processed your personal information based on your consent, withdrawing your consent will not impact the legality of any prior processing carried out with your consent. Additionally, it will not affect the processing of your personal information grounded in lawful processing grounds other than consent.
How to use your rights – You may exercise your rights above in writing by sending an email to the contact details in Section 3 of this Privacy Policy. You will not have to pay a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may require confirmation of your identity depending on your request. We respond to all requests we receive from individuals wishing to exercise their data rights in accordance with applicable data protection laws.
Can this Privacy Policy be amended?
Yes.
We reserve the right to make amendments to this Privacy Policy periodically. The updated version will take effect upon its publication on our website. Stay informed about any changes to our privacy policy by checking the “last modified” legend located at the top of the page.