Policy

Welcome to the Eva Universal Limited’s ( " Eva Universal ") Privacy Policy.

Eva Universal respects your privacy and is committed to protecting your personal information. This Privacy Policy will inform you as to how we collect and use your personal information and data, in accordance with the EU General Data Protection Regulation (GDPR) when you:

  • visit our website (regardless of where you visit it from);
  • Call us
  • or provide information to us by writing and sending us by post.

and tell you about your privacy rights and how the law protects you.

Eva Universal Limited is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy policy statement. This statement applies to data subjects. This statement does not form part of any contract to provide services. We may update this statement at any time. It is important that you read this statement, together with any other privacy statement we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

This privacy notice is provided in a layered format so you can click through to the specific areas set out below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy Policy.

1. Important information and who we are ?
PURPOSE OF THIS PRIVACY POLICY

Eva Universal Limited ("Eva Universal ") is committed to protecting the privacy and security of your personal information.

This Privacy Statement describes and aims to give you information on how Eva Universal collects and processes your personal information in accordance with the EU General Data Protection Regulation ("GDPR"), through your use of this website, our mobile app, or when you provide information, including any data you may provide through these channels when you sign up to our newsletter or purchase a product or service or take part in a competition. This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy statement together with any other privacy Policy or fair processing Policy that we may provide on specific occasions when we are collecting or processing personal information about you so that you are fully aware of how and why we are using your data. This privacy Policy statement supplements the other notices and is not intended to override them.

DATA CONTROLLER

Eva Universal Limited

Eva Universal Limited is the controller and responsible for your personal information (collectively referred to as”Eva Universal”, “we”, “us” or “our” in this privacy statement).

Eva Universal Limited is a legal entity, details of which can be found here. This privacy Policy statement is issued on behalf of the Eva Universal Limited so when we mention ”Eva Universal”, “we”, “us” or “our” in this privacy statement, we are referring to Eva Universal Limited responsible for processing your data and include the Website, mobile app and newsletter. Eva Universal Limited is the Data controller and responsible for this website.

We have appointed a GDPR team who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy statement, please contact the GDPR team using the details set out below. If you would like to exercise any of your legal rights please complete the relevant form included at the "Your legal rights" section of this Privacy Statement and send this to us at the details included on the form. Our GDPR team will be happy to help with any questions that you may have.

CONTACT DETAILS
  • Our full details are:
  • Legal entity: Eva Universal Limited
  • Contact: GDPR Team
  • Email address: [email protected]
  • Postal address: Eva Universal Limited, 45, Easter Park, Benyon Road, Silchester,
  • Reading - RG7 2PQ, United Kingdom.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

This version was last updated on 25th May 2018 and historic versions are archived here. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us. You can update your information at any time by amending your personal information within Your Details section of My Account at evauniversal.co.uk or alternatively by clicking here for more options Contact us.

THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy Policy of every website you visit.

Data protection principles

We will comply with data protection law. This says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

 

2. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are "special categories" of more sensitive personal data which require a higher level of protection. We may collect, use, store and transfer different kinds of personal information about you which we have grouped together follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, gender, marital status, title, date of birth, email address.
  • Personal Data includes details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Contact Data includes billing address, delivery address, email address and telephone number.
  • Financial Data includes bank account and card payment details. (But excludes Credit Card numbers and PIN or passwords for that card used for making any payments, which are not stored by us)
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, cookie ID’s, web log information, device identifiers and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services, your browsing activity including intended purchases and aborted baskets, completion of surveys, wish-lists, connection information and statistics on your visits to site and page views, the links you click and other actions you take on our services, within our advertising or e-mail content and participation in promotional activity Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

 

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal information but is not considered personal information in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy notice.

We do not collect any of Personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership and biometric data). Nor do we collect any information about criminal convictions and offences.

We may also collect, store and use the following "special categories" of more sensitive personal information:

Information about your health, including but not limited to any medical conditions, food allergies.

We do process some Special Categories of Personal Information about you based on the confidential information which you provide to Eva Universal for this purpose. We process this information which you have provided to us with your consent only Special Categories of Personal Information which may be processed about you include details about your race or ethnicity, philosophical beliefs, sex life and information about your health.

IF YOU FAIL TO PROVIDE PERSONAL INFORMATION

Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3. How is your personal data collected?

We capture, process and retain personal information from you and any devices you may use when you navigate to evauniversal.com web or mobile view, by transacting, by registering an account and otherwise interacting with us.

We may capture customer information, purchase data and browsing behaviour as part of the rewards for life loyalty programme. This is so we can optimise and personalise your experience with EvaUniversal.com.

Some more examples of the different methods by which we collect information from and about you include through:

Direct interactions You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you
  • register or purchase our products or services through the site or mobile app;
  • return a product to us;
  • apply to join our rewards for life;
  • create an account on our website;
  • subscribe to our services or publications;
  • request marketing to be sent to you;
  • contact our customer service team;
  • enter a competition, promotion, survey or complete a questionnaire;
  • give us some feedback.

Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. These machine learning algorithms generate content which they apply to personalising your experience and select more specifically the items you have an interest in as well as supporting general service optimisation including bid/ markdown automation. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

We may allow you to share information with social media sites, or use social media sites to create your account or to connect your account with the respective social media site. Those social media sites may give us automatic access to certain personal information retained by them about you (e.g., content viewed by you, content liked by you and information about the advertisements you have been shown or may have clicked on). Where this information is received by us, we will use this information to further personalise your experience with www.evauniversal.com.

Third parties or publicly available sources. We may receive personal information about you from various third parties as set out below: Technical Data from the following parties:

  • (a) analytics providers such as Google Analytics and Google DoubleClick based outside the EU;
  • (b) advertising networks such as Amnet based inside the EU and Google Display Network based outside the EU;
  • (c) Social Network providers such as Facebook based outside the EU;

 

Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as PayPal based outside the EU;

Identity and Contact Data from data brokers or aggregators such as Experian based inside the EU;

Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.

Data sharing

We may have to share your data with third parties, including third-party service providers.

We require appointed third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside of the EU.

We have a nominated a GDPR representative within the European Union, they can be contacted directly on  [email protected]

If we do, you can expect the same degree of protection in respect of your personal information.

We will share your personal information with third parties where required by law, or where we have another legitimate interest in doing so, or when we have your explicit consent.

"Third parties" includes third-party service providers (including contractors and designated agents) and other entities associated with Eva Universal.

All our third-party service providers and other entities within Eva Universal are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal information within Eva Universal as part of our regular reporting activities on company performance, in the context of system maintenance, support and hosting of data.

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.

We will transfer the personal information we collect about you to service provider in India in order to perform our contract with you, or with your explicit consent.

There is no an adequacy decision by the European Commission in respect of that country. This means that the country to which we transfer your data is not deemed to provide an adequate level of protection for your personal information. To ensure that your personal information does receive an adequate level of protection we have put in place the strong inter country security measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection: Pursuant to GDPR article 3(2) and article 27

4. How we use your personal data?

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Business management and planning, including accounting and auditing.

Making decisions about grievances.

Dealing with legal disputes

Complying with health and safety obligations.

To prevent fraud.

To monitor your use of our information and communication systems to ensure compliance with our Global IT policy and laws of the land.

To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.

To conduct data analytics studies to review and better understand customer satisfaction and needs.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Please see point 5 below (Purposes for which we will use your personal information) to find out more about the types of lawful basis that we will rely on to process your personal information.

Generally, we do not rely on consent as a legal basis for processing your personal information other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by accessing your account “My Account”, or by e-mailing or contacting our Customer Services team. For more information about these and other options click here - Contact us.

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Principles of GDPR

We will use your personal data only in-line with the following principles:

  • 1. Lawfulness, fairness and transparency
  • 2. Purpose limitation
  • 3. Data minimisation
  • 4. Accuracy
  • 5. Storage limitation
  • 6. Integrity and confidentiality

This is the only principle that deals explicitly with security. The GDPR states that personal data must be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”.

The GDPR is deliberately vague about what measures organisations should take, because technological and organisational best practices are constantly changing. Currently, organisations should encrypt and/or pseudonymise personal data wherever possible, but they should also consider whatever other options are suitable.

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

5. Purposes for which we will use your information

We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

In general terms, we use the personal information we collect to help EvaUniversal better understand you and to enable us to personalise your experience with EvaUniversal, including offers, promotions and services to meet your needs. We use your information to:

  • personalise our services, offers and promotions to you and provide you with a personalised experience on our sites.
  • operate your online account and your rewards for life account.
  • process your tele or online orders / purchases.
  • offer you site content that includes items that you might like and to keep track of your basket.
  • contact you about your account and tell you about important changes to Eva Universal.
  • provide, develop and improve our products and services.
  • provide you customer service.
  • manage promotions, competitions, customer surveys and questionnaire.
  • check and verify your identity, and prevent, mitigate or detect and investigate crime, fraudulent or illegal activities.
  • process purchases, payments, customer support and order fulfilment.
  • Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. If you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below you can request this information by e-mailing your request for this information to @evauniversal.com

Protect your loved ones by getting this health shielding products