Privacy Policy
Last Updated: January 2024
At Altheriva, we are committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and interact with our business. Please read this privacy policy carefully. If you do not agree with our policies and practices, please do not use our services.
1. Information We Collect
Personal Information You Provide Directly
We collect information you voluntarily provide when you interact with Altheriva. This includes:
- Contact Information: Name, email address, phone number, postal address, and country of residence
- Account Information: Username, password, and profile details when you create an account
- Purchase Information: Billing address, shipping address, payment method details, and transaction history
- Communication Preferences: Newsletter subscriptions, communication frequency preferences, and contact method preferences
- Customer Support Data: Messages, inquiries, feedback, complaints, and any documentation related to customer service interactions
- Survey and Feedback Data: Responses to surveys, questionnaires, reviews, and feedback forms
Information Collected Automatically
When you visit our website, certain information is collected automatically through various technologies:
- Device Information: Browser type, operating system, device type, device identifiers, and mobile network information
- Usage Data: Pages visited, time spent on pages, clicks, scroll depth, referring website, and navigation patterns
- Location Data: IP address, approximate geographic location based on IP address, and location-based services if you grant permission
- Cookie Data: Information stored in cookies, web beacons, and similar tracking technologies
- Performance Data: Website performance metrics, error logs, and system diagnostics
Information from Third Parties
We may receive information about you from third-party sources, including payment processors, shipping providers, social media platforms (if you connect your account), analytics providers, and marketing partners. This information helps us verify your identity, prevent fraud, and improve our services.
2. How We Use Your Information
Altheriva uses the information we collect for various legitimate purposes, all designed to provide you with the best possible service and experience:
Service Delivery
Processing orders, delivering products and services, managing accounts, and providing customer support. We use your information to fulfill contractual obligations and ensure smooth transaction processing.
Communication
Sending transactional emails (order confirmations, shipping updates, password resets), responding to your inquiries, and providing customer support. We only send marketing communications if you have opted in.
Marketing and Personalization
With your consent, we use your information to send newsletters, promotional offers, and personalized recommendations based on your preferences and purchase history. You can opt out at any time.
Analytics and Improvement
Analyzing website usage patterns, measuring campaign effectiveness, improving user experience, and developing new features. This helps us understand how customers interact with our services.
Legal Compliance and Security
Complying with legal obligations, preventing fraud, protecting against malicious activity, enforcing our terms of service, and protecting the rights and safety of our users and business.
3. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your browsing experience, remember your preferences, and analyze website performance. Cookies are small files stored on your device that help us recognize you on return visits.
Types of Cookies We Use
Essential Cookies
Required for basic website functionality, security, and account management. These cookies cannot be disabled as they are necessary for the site to operate properly.
Performance Cookies
Help us understand how visitors use our website by collecting anonymous data about page visits, traffic sources, and user interactions.
Functional Cookies
Remember your preferences, language selection, and personalization settings to provide a customized experience on future visits.
Marketing Cookies
Track your interests and behavior to deliver targeted advertisements and measure the effectiveness of marketing campaigns across websites.
You can control cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, blocking essential cookies may affect website functionality. For more details, please visit our Cookie Policy.
Other Tracking Technologies
Beyond cookies, we may use other technologies such as web beacons (small transparent images), pixel tags, and similar technologies to track website usage, measure campaign effectiveness, and understand user behavior patterns.
4. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. However, we may share your information in the following circumstances:
Service Providers
We share information with trusted service providers who assist us in operating our website, processing payments, shipping products, providing customer support, and conducting analytics. These providers are contractually obligated to use your information only as necessary to provide services to us.
Business Transfers
If Altheriva is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice if such a change occurs and any choices you may have regarding your information.
Legal Requirements
We may disclose your information when required by law, such as in response to subpoenas, court orders, or other legal processes. We may also share information to protect the rights, privacy, safety, or property of Altheriva, our users, or the public.
With Your Consent
We may share your information with third parties for purposes other than those listed above only with your explicit consent. You can withdraw consent at any time by contacting us.
Aggregated Data
We may share aggregated, anonymized information that cannot identify you with third parties for research, marketing, analytics, and other purposes. This data cannot be used to identify or contact you.
5. Your Privacy Rights (GDPR and UK Data Protection)
As a UK and EU-compliant business, Altheriva respects your rights under the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. If you are located in the UK or EU, you have the following rights regarding your personal data:
Right of Access
You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request in a structured, commonly used, and machine-readable format.
Right to Rectification
You can request correction of any inaccurate or incomplete personal data we hold. We will make corrections promptly and inform you of the changes made.
Right to Erasure
You can request deletion of your personal data, subject to certain exceptions. We will erase your data unless we have a legitimate legal reason to retain it.
Right to Restrict Processing
You can request that we limit how we use your personal data while we verify its accuracy or assess the lawfulness of our processing.
Right to Data Portability
You can request your personal data in a portable format to transfer to another service provider. We will provide this in a structured, commonly used format.
Right to Object
You can object to our processing of your personal data for marketing purposes, profiling, or legitimate interests. We will stop processing upon receipt of your objection.
Right to Withdraw Consent
If we process your data based on your consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have violated your data protection rights.
How to Exercise Your Rights
To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will verify your identity before processing your request and respond within 30 days (extendable by two months for complex requests). There is no charge for exercising these rights unless your request is manifestly unfounded or excessive.
6. Data Security and Protection
Altheriva takes data security seriously and implements comprehensive measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security practices include:
SSL/TLS Encryption
All data transmitted between your browser and our servers is encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols to prevent interception.
Password Protection
User passwords are hashed and salted using industry-standard algorithms. We never store passwords in plain text and cannot access your password.
Secure Payment Processing
We use PCI-DSS compliant payment processors. Credit card information is never stored on our servers and is processed through encrypted, secure channels.
Access Controls
Only authorized personnel have access to personal data, and access is restricted based on job responsibilities. All staff are trained on data protection protocols.
Regular Security Audits
We conduct regular security assessments and penetration testing to identify and address vulnerabilities in our systems.
Data Backup
We maintain secure, encrypted backups of your data to ensure continuity and recovery in case of system failures or disasters.
While we implement robust security measures, no system is completely immune to security breaches. If we discover a security incident that compromises your personal data, we will notify affected individuals and relevant authorities as required by law.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Retention periods vary depending on the type of information and the context of processing:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 2 years | Legal compliance and dispute resolution |
| Purchase/Transaction Data | 7 years | Tax, accounting, and legal requirements |
| Customer Support Communications | 3 years | Dispute resolution and service improvement |
| Marketing Consent Records | Duration of consent | Legal proof of consent |
| Website Analytics Data | 13-26 months | Website improvement and trend analysis |
| Fraud Prevention Data | 5 years | Fraud detection and prevention |
When data is no longer needed, we securely delete or anonymize it. Some information may be retained longer if required by law or if deletion is technically impractical. You can request deletion of your data at any time, subject to legal retention requirements.