Privacy Statement (EU)

This privacy statement was last updated on June 25, 2021 and applies to citizens and legal permanent residents of the European Economic Area.

In this privacy statement, we explain what we do with the data we obtain about you via https://lava.mt. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

1.1 Payments

For this purpose we use the following data:

  • First & last name
  • Delivery address
  • Billing address
  • Email address
  • Telephone number

The basis on which we may process these data is:

We process such personal data based on contractual necessity, legitimate interest and your consent (where required).

Retention period

We will only retain your personal data for as long as necessary to fulfil the purposes for collection, which may include satisfaction of any legal, accounting, or reporting requirements.

The criteria we base ourselves on when determining the ‘necessary’ duration depends on the category of personal data. EU or national laws may oblige the Company to retain certain personal data for a specific period of time, in which case we would retain that data for the maximum period indicated. We may also retain your personal data to defend ourselves against civil claims which may be brought against us, for a period equivalent to the prescriptive period for such action.

Where it is no longer ‘necessary’ to retain the personal data, we will securely delete such personal data.

 

1.2 Registering an account

For this purpose we use the following data:

  • First & last name
  • Gender
  • ID
  • Date of Birth
  • Email address
  • Telephone number
  • Home Address

The table below explains the purpose of the information requested upon signing up to the Website:

First Name

Basic identification of Member

Last Name

Basic identification of Member

Gender

Basic identification of Member

ID 

Basic identification of Member

Date of Birth

To prove that the individual is at least 16 years old

E-mail

To provide the Member with details on the order placed as well as communicate any updates or assist with any issues. This may be used for advertising purposes but only if the Member opts in. By default, no advertising messages will be sent.

Telephone number

To contact the customer for deliveries and communicate any issues. This will not be used for advertising purposes.

Home Address

This will primarily be used for delivery purpose. This can also be used for advertising purposes if the customer has agreed to the marketing consent.

The basis on which we may process these data is:

We process such personal data based on contractual necessity, legitimate interest and your consent (where required).

Retention period

We will only retain your personal data for as long as necessary to fulfil the purposes for collection, which may include satisfaction of any legal, accounting, or reporting requirements.

The criteria we base ourselves on when determining the ‘necessary’ duration depends on the category of personal data. EU or national laws may oblige the Company to retain certain personal data for a specific period of time, in which case we would retain that data for the maximum period indicated. We may also retain your personal data to defend ourselves against civil claims which may be brought against us, for a period equivalent to the prescriptive period for such action.

Where it is no longer ‘necessary’ to retain the personal data, we will securely delete such personal data.

 

1.3 To support services or products that a customer wants to buy or has purchased

For this purpose we use the following data:

  • First & last name
  • Address
  • Email address
  • Gender
  • Location
  • Telephone number

The basis on which we may process these data is:

We process such personal data based on contractual necessity, legitimate interest and your consent (where required).

Retention period

We will only retain your personal data for as long as necessary to fulfil the purposes for collection, which may include satisfaction of any legal, accounting, or reporting requirements.

The criteria we base ourselves on when determining the ‘necessary’ duration depends on the category of personal data. EU or national laws may oblige the Company to retain certain personal data for a specific period of time, in which case we would retain that data for the maximum period indicated. We may also retain your personal data to defend ourselves against civil claims which may be brought against us, for a period equivalent to the prescriptive period for such action.

Where it is no longer ‘necessary’ to retain the personal data, we will securely delete such personal data.

 

1.4 Deliveries

For this purpose we use the following data:

  • First & last name
  • Address
  • Email address
  • Telephone number

The basis on which we may process these data is:

We process such personal data based on contractual necessity, legitimate interest and your consent (where required).

Retention period

We will only retain your personal data for as long as necessary to fulfil the purposes for collection, which may include satisfaction of any legal, accounting, or reporting requirements.

The criteria we base ourselves on when determining the ‘necessary’ duration depends on the category of personal data. EU or national laws may oblige the Company to retain certain personal data for a specific period of time, in which case we would retain that data for the maximum period indicated. We may also retain your personal data to defend ourselves against civil claims which may be brought against us, for a period equivalent to the prescriptive period for such action.

Where it is no longer ‘necessary’ to retain the personal data, we will securely delete such personal data.

2. Sharing with other parties

We may share your information with the Vendors of the Website i.e.: Inspirations Limited (C 41431), Homemate Company Limited (C 22807), and Intercomp Marketing Limited (C 20612).

We may also share your information with:

  • Analytics providers and advertising and media companies to enable them to show you adverts or offers which may interest you;
  • Our professional advisors;
  • Any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party;
  • Payment gateways, and;
  • Delivery providers.

 3. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy. We have concluded a data Processing Agreement with Google.

4. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorized access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

5. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

6. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

7. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information further below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

8. Submitting a complaint

If you consider that the processing of your personal data is carried out in an unlawful manner, you may lodge a complaint with the Information and Data Protection Commissioner using the following email address: idpc.info@idpc.org.mt

9. Contact details

If you have any questions or comments about privacy or should you wish to exercise any of your rights at law, kindly contact us at:

Email: dpo@amsm.com.mt
Address: Sloane Limited, Zachary House, Marsa Industrial Estate, Marsa, Malta
Phone: +356 2554 0000

Annex

WooCommerce

We collect information about you during the checkout process on our store.

What we collect and store

While you visit our site, we may use your activity:

  • To track products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed;
  • To track how you use the Lava Rewards website and app, as well as Lava.mt website;
  • To track the effectiveness of our marketing activities;
  • To track your behaviour based on the information available to us and to send or show you information, offers, surveys and online advertisements for the products or services which we believe are most likely to interest you. This is only applicable if you have opted in to receive brand offers and updates. 

We’ll also use cookies to keep track of cart contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, delivery address, email address, phone number, credit card/payment details and the option to log in with your username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order;
  • Respond to your requests, including refunds and complaints;
  • Process payments and prevent fraud;
  • Set up your account for our store;
  • Comply with any legal obligations we have, such as calculating taxes;
  • Improve our store offerings;
  • Send you marketing messages, if you choose to receive them;
  • Operate Lava Rewards and Lava.mt, for example to enable you to collect and redeem Points, provide other programme-related services and ensure that the applicable terms and conditions are observed;

We will only retain your personal data for as long as necessary to fulfil the purposes for collection, which may include satisfaction of any legal, accounting, or reporting requirements.

The criteria we base ourselves on when determining the ‘necessary’ duration depends on the category of personal data. EU or national laws may oblige the Company to retain certain personal data for a specific period of time, in which case we would retain that data for the maximum period indicated. We may also retain your personal data to defend ourselves against civil claims which may be brought against us, for a period equivalent to the prescriptive period for such action.

Where it is no longer ‘necessary’ to retain the personal data, we will securely delete such personal data.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and;
  • Customer information like your name, email address, and billing and delivery information.

Our team members have access to this information to help fulfil orders, process refunds and support you.

What we share with others

We may share your information with the Vendors of the Website i.e.: Inspirations Limited (C 41431), Homemate Company Limited (C 22807), and Intercomp Marketing Limited (C 20612).

We may also share your information with:

  • Analytics providers and advertising and media companies to enable them to show you adverts or offers which may interest you;
  • Our professional advisors;
  • Any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party;
  • Payment gateways, and;
  • Delivery providers.

Payments

We accept payments through Trust Payments (MALTA) Ltd. (acquiring.com). When processing payments, some of your data will be passed to Trust Payments (MALTA) Ltd. (acquiring.com)., including information required to process or support the payment, such as the purchase total and billing information. Please see the Trust Payments (MALTA) Ltd. (acquiring.com) Privacy Policy for more details.

iThemes Security

Security Logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kids of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

When running Security Check, ithemes.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to ithemes.com as part of this process. Requests to ithemes.com include the site’s URL. For ithemes.com privacy policy details, please see the iThemes Privacy Policy.

This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

In order to ensure file integrity, iThemes Security pulls data from wordpress.org, ithemes.com, and amazonaws.com. No personal data is sent to these sites. Requests to wordpress.org include the WordPress version, the site’s locale, a list of installed plugins, and a list of each plugin’s version. Requests to ithemes.com and amazonaws.com include the installed iThemes products and their versions. For wordpress.org privacy policy details, please see the WordPress Privacy Policy. For ithemes.com privacy policy details, please see the iThemes Privacy Policy. Requests to amazonaws.com are to content added and managed by iThemes which is covered by the Amazon Web Services Data Privacy policy.

How long we retain your data

Security logs are retained for 60 days.

Where we send your data

This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

YITH Plugins

We collect information about you while you visit our site.

What we collect and store

YITH WooCommerce Wishlist

While you visit our site, we’ll track:

  • Products you’ve added to the wishlist: we’ll use this to show you and other users your favourite products, and to create targeted email campaigns.
  • Wishlists you’ve created: we’ll keep track of the wishlists you create, and make them visible to the store staff

We’ll also use cookies to keep track of wishlist contents while you’re browsing our site.

YITH Woocommerce Waiting List Premium

When you subscribe to a waiting list, we will track:

  • Email address: we’ll use this to populate a list that is used to send you notifications about subscribed product availability.

Who on our team has access

YITH WooCommerce Wishlist

Members of our team have access to the information you provide us with. For example, both Administrators and Shop Managers can access:

  • Wishlist details, such as products added, date of addition, name and privacy settings of your wishlists

Our team members have access to this information to offer you better deals for the products you love.

YITH Woocommerce Waiting List Premium

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access your email address.

Dokan

We collect information about you during the checkout process on our store.

What we collect and store

While you visit our site, we’ll track:

  • Stores you’ve viewed: we’ll use this to, for example, show you vendor stores you’ve recently viewed
  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and Delivery
  • Delivery address: we’ll ask you to enter this so we can, for instance, estimate delivery date. !

We’ll also use cookies to keep track of cart contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, delivery address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order;
  • Respond to your requests, including refunds and complaints;
  • Process payments and prevent fraud;
  • Set up your account for our store;
  • Comply with any legal obligations we have, such as calculating taxes;
  • Improve our store offerings;
  • Send you marketing messages, if you choose to receive them.

We will only retain your personal data for as long as necessary to fulfil the purposes for collection, which may include satisfaction of any legal, accounting, or reporting requirements.

The criteria we base ourselves on when determining the ‘necessary’ duration depends on the category of personal data. EU or national laws may oblige the Company to retain certain personal data for a specific period of time, in which case we would retain that data for the maximum period indicated. We may also retain your personal data to defend ourselves against civil claims which may be brought against us, for a period equivalent to the prescriptive period for such action.

Where it is no longer ‘necessary’ to retain the personal data, we will securely delete such personal data.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and Delivery information.

Our team members have access to this information to help fulfill orders, process refunds and support you.

What we share with others

In this section you should list who you’re sharing data with, and for what purpose. This could include, but may not be limited to, analytics, marketing, payment gateways, Delivery providers, and third party embeds.

We share information with third parties who help us provide our orders and store services to you; for example —

Payments

In this subsection you should list which third party payment processors you’re using to take payments on your store since these may handle customer data. We’ve included PayPal as an example, but you should remove this if you’re not using PayPal.

We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information. Please see the PayPal Privacy Policy for more details.

Modules

Dokan has premium modules that perform specific and special purpose tasks. Each of the modules collect additional information. Also third party extensions and integrations collect data that is applicable to the each of their individual privacy policy.

Slider Revolution

This is used to build the homepage slider on lava.mt For more information you may refer to https://www.sliderrevolution.com/terms/privacy/.  

Vimeo

Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our plugin or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored. If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account. For more information on how to handle user data, please refer to the Vimeo Privacy Policy at https://vimeo.com/privacy.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO. If your browser does not support web fonts, a standard font is used by your computer. Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

SoundCloud

On our pages, plugins of the SoundCloud social network (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, UK) may be integrated. The SoundCloud plugins can be recognized by the SoundCloud logo on our site. When you visit our site, a direct connection between your browser and the SoundCloud server is established via the plugin. This enables SoundCloud to receive information that you have visited our site from your IP address. If you click on the “Like” or “Share” buttons while you are logged into your SoundCloud account, you can link the content of our pages to your SoundCloud profile. This means that SoundCloud can associate visits to our pages with your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by SoundCloud. For more information on SoundCloud’s privacy policy, please go to https://soundcloud.com/pages/privacy. If you do not want SoundCloud to associate your visit to our site with your SoundCloud account, please log out of your SoundCloud account.