PRIVACY POLICY

  

This Privacy Policy (the "Privacy Policy") provides information on how H6 LTD, registration no. 54103130731, Registered Office: Blaumana str. 16/18 - 7, Riga, Latvia, LV-1011, Website: habitsix.com (the "Company"), the Personal Data Manager processes Customer's Personal Data in connection with the Services offered by the Company.

 This Privacy Policy applies if the Customer visits the Company's website: habitsix.com and / or uses, has used or has indicated that he will use any Services provided by the Company in connection with the purchase of goods, or if the Customer is in any way connected with for these Services, including before the Privacy Policy enters into force.

 Upon receipt of Personal Data from the Customer, the Company shall act as a controller within the meaning of Article 4 (7) of the Regulation. The Company shall put in place and provide appropriate technical and organisational measures to ensure that the Customer's Personal Data Processing complies with the laws and regulations governing the Personal Data Processing (including but not limited to the Regulation) and to protect Personal Data from accidental or unlawful destruction, erasure or loss, modifications, alterations, disclosures, or access, including measures against physical hazards and measures implemented by means of software.

 If the Customer does not agree with the Privacy Policy or any of its terms, the Customer is not required to provide the Personal Data to the Company. In cases where the Customer does not provide the Company with the Personal Data necessary for the performance of the Agreement or the Services, as well as for the Company to fulfill its obligations under the regulatory enactments, the Company has a legal basis for refusing to provide the Services to the Customer.

 If the data specified by the Customer has changed or the information processed by the Company on the Customer is inaccurate or incorrect, the Customer has the right to request that this information be changed, adjusted or corrected. The Company shall not be liable for any inaccurate, incomplete or erroneous data submitted by the Customer.

 1. Definitions

Processing - any activity or set of activities performed on Personal Data (including collection, use, registration, organisation, transformation, disclosure, destruction, storage or any other making available of Personal Data, etc.). The definition corresponds to the definition in Article 4 (2) of the Regulation. Processing can be done either manually or using automated systems such as information technology systems.

Customer - any natural or legal person who accesses the Company's website: https://habitsix.com and / or has used, or has indicated that it will use, or is in any way connected with, the Services provided by the Company in connection with the purchase of goods.

Contract - a distance contract concluded between the Company and the Customer.

Services - Purchase of goods available on the Company's website https://habitsix.com.

Personal Data - Any information about a natural person that directly or indirectly identifies that person. The term corresponds to the definition in Article 4 (1) of the Regulation.

Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), effective May 25, 2018.

Company - H6 LTD, Registration No.54103130731, legal address: Blaumana str. 16/18 - 7, Riga, Latvia, LV-1011, Website: habitsix.com acting in its capacity as Personal Data Controller.

 2. The categories of personal data, the legal basis of the processing and the purposes of the processing.

The Company shall process the Customer's Personal Data in accordance with the following purposes and purposes of Personal Data Processing:

Categories and types of personal data processed

Legal basis of processing

Purposes of processing

Identifying information (eg name, surname, personal identification code, date of birth).

Taking action at the Customer's (data subject's) request prior to entering into the Contract; Performance of the contract.

Conclusion and performance of the Agreement, provision of the Service.

For general management of Customer Relationship and access to and administration of the Services: to provide the Services and to ensure that Personal Data is current and correct by verifying and completing the data.

To fulfill a legal obligation to which the controller is subject (requirements arising from accounting laws and regulations governing the economic activities of the controller).

Accounting.

To serve the legitimate interests of the controller (establishment of right of claim).

Establishing, defending, assigning and securing evidence of a claim against a claim for non-compliance with the Service and / or performance of the obligations under the Agreement, and for securing evidence against a potential tort claim.

Customer's consent to the processing of Personal Data (eg receiving personalized offers).

For preparing and sending personalized offers.

Contact details (eg declared and shipping address, telephone number, email address, communication language).

Taking action at the Customer's (data subject's) request prior to entering into the Contract; Provision of the Service and performance of the Contract.

Communication with the Client for the provision of the Service and execution of the Agreement.

For general management of Customer Relationship and access to and administration of the Services: to provide the Services and to ensure that Personal Data is current and correct by verifying and completing the data.

To serve the legitimate interests of the controller (establishment of right of claim).

Establishment, exercise, defense, assignment of the right of claim, and provision of evidence against claims of non-compliance with the Service and / or performance of the obligations under the Agreement, and provision of evidence against any claim arising out of tort.

Customer's consent to the processing of Personal Data (eg receiving personalized offers).

For preparing and sending personalized offers.

Bank details (for example: bank name, account holder, current account number, bank card number).

Taking action at the Customer's (data subject's) request prior to entering into the Contract; Provision of the Service and performance of the Contract.

To provide the Service and execute the Agreement to receive payments from the Customer.

To fulfill a legal obligation to which the controller is subject (requirements arising from accounting laws and regulations governing the economic activities of the controller).

Accounting.

Contact details (e-mail correspondence) and data collected when Customer visits the Company's website or via other Company channels:

1) technical information (such as device type, Internet Protocol (IP) address and Internet Service Provider (ISP) used to connect the device to the Internet; registration information; browser type and version; time zone settings; browser plug-in and versions, operating system and platform, screen resolution, location, font encoding;

(2) Visit information, including full URLs, click streams to, through and from the website (including date and time); services viewed or sought; referrals / exit pages, files viewed on the website (such as HTML pages, graphics, etc.), page response times, download errors, specific page visit times, page interaction information (such as scrolling, clicks, and mouse redirects), and methods used to leave the page, date / time stamps and / or click stream data, and any telephone number used to contact the Company representative.

Taking action at the Customer's (data subject's) request prior to entering into the Contract; Provision of the Service and performance of the Contract.

Conclusion and performance of the Agreement, provision of the Service.

For general management of Customer Relationship and access to and administration of the Services: to provide the Services and to ensure that Personal Data is current and correct by verifying and completing the data.

Arrangement of customer file documentation.

To fulfill the legal obligation applicable to the controller and to the Customers as consumers (requirements under the Consumer Rights Protection Act regarding: order confirmation and exercise of the right of withdrawal).

Documentation of the Customer's file as evidence of fulfillment of regulatory obligations (notification of order confirmation and right of withdrawal).

To protect the vital interests of the Customer (Personal Data).

Information security and improvement of technical systems and IT infrastructure.

Prevention or detection of crime related to the protection of property owned or used by the Company (including protection of the Website).

To serve the legitimate interest of the manager (performance of management functions; monitoring, improving and improving quality of service and / or customer service; security of information and development of technical systems and IT infrastructure; establishment of claims).

Execution of management functions (business strategy, sound risk management and corporate governance).

Monitoring, improving and improving the quality of service and / or customer service; measuring productivity.

The prevention of fraudulent use of the Services and the proper performance of the Services, to sanction and control access to and operation of digital channels, to prevent unauthorized access and fraudulent use, and to ensure the security of information.

To improve the technical systems, IT infrastructure, customize the representation of the Service on devices and develop the Company's Services, such as: testing and upgrading the technical systems and IT infrastructure.

Customer's consent to the processing of Personal Data (including the use of cookies when visiting the Website).

Customer's consent to automated processing of Personal Data, including profiling.

Preparation of personalized and customized information; more convenient provision of the Service.

Data relating to the Services, including Customer's file (eg order; Contract; delivery information; Customer's applications, submissions, requests, complaints; customer notices, alerts, etc.).

Taking action at the Customer's (data subject's) request prior to entering into the Contract; Provision of the Service and performance of the Contract.

Conclusion and performance of the Agreement, provision of the Service.

For general management of Customer Relationship and access to and administration of the Services: to provide the Services and to ensure that Personal Data is current and correct by verifying and completing the data.

To fulfill the legal obligation applicable to the controller (requirements arising from the Consumer Rights Protection Act, Accounting Laws and other statutory regulations pertaining to the controller's business activities).

To determine the start and end dates for the withdrawal right and the warranty period.

 

3. Sources of Personal Data Acquisition.

Customer's Personal Data may be collected directly from the Customer or from the use of the Customer's Services.

 4. Recipients of personal data.

By providing the Personal Data to the Company, the Customer agrees that the Company is entitled to receive and transfer the Customer's Personal Data to data controllers, third parties, including but not limited to, for the purpose of processing the Personal Data specified above for the specified purpose (purpose):

The Company is also obliged to transfer the Personal Data to state or municipal institutions in the cases specified by regulatory enactments (eg Consumer Rights Protection Center, law enforcement and financial investigation institutions, courts, out-of-court dispute resolution bodies, insolvency administrators, etc.).

 5. Personal Data Processing Area.

Personal data are processed in the European Union / European Economic Area (EU / EEA). However, if Personal Data is transferred outside the European Union / European Economic Area (EU / EEA), the Company undertakes to take all necessary precautions to ensure the same level of security for Personal Data as in the European Union / European Economic Area (EU / EEA), and appropriate guarantees in accordance with Article 46 of the Regulation. The Company will only transfer Personal Data if it has a legitimate basis, including sending Personal Data to a recipient who is (i) located in a country that provides an adequate level of protection of Personal Data, or (ii) in accordance with an instrument containing EU requirements for the transfer of Personal Data

 6. Term of storage of personal data.

The Company will store Personal Data in accordance with the purposes (purposes) of the Personal Data, as well as the requirements of the Regulation and laws and regulations, for as long as any of the legal bases for Personal Data Processing exists unless the applicable law provides for a longer retention period. If the same Personal Data is processed for multiple purposes, this data will be stored for the maximum applicable retention period.

 The retention period of Personal Data processed may be based on Customer's (data subject's) consent (until revoked, unless otherwise justified by the Personal Data Processing), the Agreement, the Company's legitimate interests or applicable laws (accounting and filing laws, civil law and the limitation period for claims, such as proof of non-compliance with the Service and / or performance of the Contract, and proof of any claim arising from the tort is ten years from the date of Service or performance of the Contract, etc.).

 If none of the legal grounds for the processing of Personal Data ceases to exist, and the law does not provide for a longer retention period for Personal Data, the Company shall delete files containing Personal Data.

 7. Automated decision making and profiling.

The Company shall carry out profiling to offer other Services to the Customer with whom the Agreement has already been concluded, through direct marketing (subject to Customer's consent). The legal basis for such Processing is the Company's legitimate interest in offering its Services to the market. Profiling does not have any legal consequences for the Client and does not otherwise significantly affect it, as it does not affect the Agreement already concluded.

 For each visit to the Company's website, the following information is automatically collected:

  1. technical information (such as device type, Internet Protocol (IP) address, and Internet Service Provider (ISP) used to connect your device to the Internet; registration information; browser type and version; time zone settings, browser plug-in types and versions, operating system and platform, screen resolution, location, font encoding;
  2. Visit information, including full URLs, click streams to, through, and from the website (including date and time) view or search the Services; referrals / exit pages, files viewed on the website (such as HTML pages, graphics, etc.), page response times, download errors, specific page visit times, page interaction information (such as scrolling, clicks, and mouse redirects), and methods used to leave the page, date / time stamps and / or click stream data, and any telephone number used to contact the Company representative.

Automatic processing of Personal Data on the Company's website is to evaluate certain Customer's personal attributes and enhance Customer's digital service experience, for example, by customizing the display of the Services on a used device, and to prepare appropriate offers to Customer; Performing Customer Data Analysis and Consulting; for direct marketing purposes; automated decision making, such as remote provision of Services, including Service monitoring to prevent fraud. Automatic processing of personal data is based on the Company's legitimate interests, fulfillment of legal obligations, performance of the Contract or consent of the Client.

Unless the Customer has restricted direct marketing in relation to himself, the Company may process Personal Data for the preparation of generic and personalized offers. Such marketing may be based on the Services used by the Customer and how the Customer uses the Services and how the Customer operates on the Company's digital channels. Through personalized offers and marketing-based profiling conducted in accordance with the Company's legitimate interests, the Company ensures that Customers can make a choice and use a convenient tool to manage their privacy settings.

The Company may also collect statistical data on the Customer, incl. for characteristic behavior. Statistics for segment / profile creation may also be obtained from external sources and may be combined with Company's internal data.

 8. Rights of the customer (data subject).

The Customer has the following rights:

 The Company's cookie policy is available on the Company's website: https://habitsix.com . The Website may use cookie technology that collects information about the Customer, including whether the Customer has previously visited the Website or whether the Customer is a new user and what information the Customer has viewed on the Website. Using cookies helps to improve the Services provided, for example, by preventing you from re-entering information that has already been entered. The use of cookies helps to track visitor numbers and collect statistics and information on how users use the Services to improve the quality of websites, apps and Services, and to create user-friendly content through ads.

 9. Company contact information and Customer identification.

In order to ensure the protection of the Personal Data, the personal identification in communication with the Customer will be done according to the following criteria. In order to expedite the electronic and telephone service, we kindly ask the Customer to make timely contact information updates.

 Upon receipt of the Customer's request for the provision of data or the exercise of other rights of the Customer, the Company shall verify the Customer's identity. For this purpose, the Company is entitled to request the Customer to provide the Personal Data by comparing the Customer's stated data with the corresponding Personal Data held by the Company. In carrying out this verification, the Company is entitled to send a control notice to the telephone or e-mail (in the form of a text message or e-mail) specified by the Customer requesting authorization. If the verification procedure is unsuccessful (eg, the Customer's details do not match the Personal Data held by the Company or the Customer has not authorized after sending a text message or e-mail notification), the Company will be forced to determine that the Customer is not the subject to reject the Customer's request. Upon receipt of Customer's request for the exercise of any Customer's rights and successful completion of the above verification procedure, the Company shall promptly, but in any event, within 1 (one) month of receipt of Customer's request and completion of the verification procedure made in accordance with the Customer's request. Considering the complexity and number of requests, the Company is entitled to extend the period of 1 (one) month for another 2 (two) months, notifying the Customer thereof by the end of the first month and stating the reasons for such extension. If the Customer's request is made by electronic means, the Company will also respond by electronic means, unless this is not possible (eg due to the high volume of information) or if the Customer has requested a different response. The Company shall be entitled to refuse to satisfy the Customer's request with a reasoned reply if the circumstances specified in the legal acts are established by informing the Customer thereof in writing. If the Customer's (data subject's) requests are manifestly unreasonable or excessive, in particular because of their regular repetition, the Company, as controller, may either: (a) charge reasonable fees, taking into account the administrative costs of providing information or communication or performing the requested action; or (b) refuse to comply with the request.

 In the event of any queries or uncertainties regarding the Personal Data Processing Questions or where the Customer wishes to revoke his consent to the processing of his Personal Data, the Company shall request to be contacted by email at: welcome@habitsix.com or by mail to the Company at: H6 LTD, registered office: Blaumana str. 16/18 - 7, Riga, Latvia, LV-1011 

10. Validity and Amendment of Privacy Policy

The Privacy Policy is available to Customers on the Company's website: habitsix.com . The Company may at any time unilaterally amend the Privacy Policy in accordance with the applicable laws and regulations by notifying the Client of such changes by publishing an updated Privacy Policy on the Website habitsix.com