Privacy Policy
Last updated: January 2024
At Skynthera Ltd, we are committed to protecting your privacy and ensuring you have a positive experience on our website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
1. Data Privacy & GDPR Compliance
Skynthera Ltd complies fully with the UK General Data Protection Regulation (UK GDPR) and all applicable data protection laws. We take your privacy seriously and have implemented comprehensive measures to ensure that your personal data is protected at all times.
Our commitment to GDPR compliance means that:
- We only collect personal data that is necessary for legitimate business purposes
- We obtain explicit consent before processing any personal information
- We provide clear information about how your data will be used
- We implement strict security measures to protect your data from unauthorized access
- We respect your rights to access, correct, and delete your personal information
- We maintain detailed records of all data processing activities
When you place an order or submit information through our website, we collect only the data necessary to process your request. For e-commerce transactions, this includes your name, address, email, and payment information. This data is used exclusively for shipping natural products, processing orders, and providing customer service.
We never share your personal data with third parties without your explicit consent, except where required by law or necessary to fulfill your order (such as sharing your address with shipping carriers).
Your Rights Under GDPR
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate information
- Right to Erasure: Request deletion of your data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
How We Protect Your Data
- Encryption: SSL/TLS encryption for all data in transit
- Secure Servers: Data stored on secure, protected servers
- Access Controls: Limited employee access to personal data
- Regular Audits: Continuous security assessments
- Incident Response: Rapid response to any data breaches
2. Information We Collect
We collect information in various ways to provide you with the best possible service and experience. The types of information we collect include:
Personal Information You Provide
When you create an account, place an order, or contact us, we collect:
- Name and contact information (email, phone number)
- Billing and shipping addresses
- Payment information (processed securely through payment gateways)
- Order history and preferences
- Communication preferences and feedback
Information Collected Automatically
When you browse our website, we automatically collect:
- IP address and browser information
- Pages visited and time spent on the site
- Device type and operating system
- Referral sources and search queries
- Cookie data for site functionality and analytics
Information from Third Parties
We may receive information from:
- Payment processors for transaction verification
- Shipping carriers for delivery tracking
- Analytics providers for site performance data
- Social media platforms if you connect your account
3. How We Use Your Information
We use the information we collect for legitimate business purposes, including:
Order Processing & Fulfillment
We use your personal information to process and fulfill your orders, including shipping natural products to your address, processing payments, and sending order confirmations and updates.
Customer Communication
We communicate with you about your orders, respond to inquiries, provide customer support, and send important updates regarding your account and our services.
Marketing & Personalization
With your consent, we send promotional emails, newsletters, and personalized product recommendations based on your browsing and purchase history.
Website Improvement
We analyze site usage patterns to improve website functionality, user experience, and content. This helps us serve you better with enhanced features and services.
Fraud Prevention & Security
We use your information to detect and prevent fraudulent transactions, unauthorized access, and other security threats to protect your account and our platform.
Legal Compliance
We may process your information to comply with legal obligations, respond to lawful requests from authorities, and enforce our terms of service.
4. Data Sharing & Third Parties
We are committed to protecting your privacy and do not sell your personal data to third parties. However, we may share your information in the following circumstances:
Service Providers
We share necessary information with trusted service providers who assist us in operating our website and conducting our business, including payment processors, shipping carriers, email service providers, and analytics platforms. These providers are contractually bound to protect your data and use it only for the purposes we specify.
Legal Requirements
We may disclose your information when required by law, such as in response to subpoenas, court orders, or other legal processes. We will provide you with notice of such requests unless prohibited by law.
Business Transfers
If Skynthera Ltd is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your personal data.
With Your Consent
We only share your information with third parties for purposes other than those listed above when we have obtained your explicit consent to do so.
5. Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site performance, and deliver personalized content. Cookies are small data files stored on your device that help us remember your preferences and track your activity.
Types of Cookies We Use
Essential Cookies
These cookies are necessary for the website to function properly. They enable core functionality such as security, network management, and accessibility. Essential cookies are always active and cannot be disabled.
Performance Cookies
These cookies collect information about how you use our website, such as which pages you visit, how long you stay, and any errors you encounter. This data helps us improve website performance and user experience.
Functional Cookies
These cookies remember your preferences and choices, such as language selection, product preferences, and login information, to provide a more personalized experience on future visits.
Marketing Cookies
With your consent, we use marketing cookies to track your activity across websites and deliver targeted advertisements based on your interests. You can control these cookies through your browser settings or our cookie consent tool.
Managing Your Cookie Preferences
You have the right to control which cookies we can use on your device. You can manage your cookie preferences by:
- Using our cookie consent banner when you first visit the site
- Adjusting your browser settings to accept or reject cookies
- Using your browser's "Do Not Track" feature
- Clearing cookies from your device at any time
- Visiting our Cookie Policy for more detailed information
For more detailed information about cookies and how we use them, please review our Cookie Policy.
6. Data Retention & Deletion
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.
Retention Periods
- Account Information: Retained for the duration of your account
- Order Data: Retained for 7 years for tax and legal purposes
- Marketing Data: Retained until you unsubscribe
- Website Analytics: Retained for 24 months
- Payment Records: Retained per PCI DSS compliance requirements
Your Right to Deletion
Under GDPR, you have the right to request deletion of your personal data in certain circumstances, including when:
- Your data is no longer necessary for our purposes
- You withdraw your consent
- You object to processing
- The data has been unlawfully processed
How to Request Data Deletion
To request deletion of your personal data, please contact us at:
Email: [email protected]
Address: Skynthera Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Phone: +44 20 7946 0958
We will respond to your request within 30 days and inform you of any reasons we cannot comply with your deletion request.
7. International Data Transfers
Skynthera Ltd is based in the United Kingdom. Your personal data is primarily stored and processed in the UK in compliance with UK GDPR. However, in some cases, we may need to transfer your data to countries outside the UK or European Economic Area.
Data Transfer Safeguards
When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the UK government
- Binding Corporate Rules (BCRs) for transfers within corporate groups
- Adequacy decisions recognizing equivalent data protection standards
- Your explicit consent where required
Your Rights in International Transfers
You have the right to know about international transfers of your data. If you would like more information about the safeguards we use for international transfers, please contact us at [email protected].
8. Children's Privacy
Skynthera Ltd does not knowingly collect personal information from children under the age of 13. Our website and services are not directed toward children, and we do not intentionally solicit information from anyone under 13 years of age.
If We Learn We Have Collected Data from a Child
If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete such information and terminate the child's account. Parents or guardians who believe their child has provided information to us can contact us immediately at:
Email: [email protected]
Phone: +44 20 7946 0958
9. Security Measures
We implement comprehensive security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. Our security practices include:
Encryption
All data transmitted between your device and our servers is encrypted using SSL/TLS technology. Sensitive data such as payment information is encrypted at rest using industry-standard encryption algorithms.
Firewalls & Access Control
Our servers are protected by advanced firewalls and intrusion detection systems. Access to personal data is restricted to authorized personnel who need it to perform their duties.
Regular Audits
We conduct regular security audits and penetration testing to identify and address potential vulnerabilities before they can be exploited.
Incident Response
We maintain a comprehensive incident response plan to quickly address any security breaches. If a breach occurs, we will notify affected individuals and authorities as required by law.
Employee Training
All employees receive regular training on data protection, privacy practices, and security protocols to ensure they handle your data responsibly.
Compliance Standards
We comply with PCI DSS for payment processing, ISO 27001 information security standards, and other relevant security frameworks.
Important Note: While we implement robust security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your data. If you have concerns about the security of your information, please contact us immediately.
10. Your Privacy Rights & Requests
Under UK GDPR and other applicable data protection laws, you have several important rights regarding your personal data. We are committed to honoring these rights and making the process as simple as possible.
Right to Access (Subject Access Request)
You have the right to request a copy of all personal data we hold about you. We will provide this information in a clear, understandable format within 30 days of your request. This is often called a Subject Access Request (SAR).
Right to Rectification
If you believe any of the personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will update your information promptly and inform any third parties to whom we have shared the data.