International shipping | Free gift wrapping | Totebag available at check-out

PRIVACY POLICY

 

  1. INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA

Your data security is important to us, and we therefore take great care to ensure that your personal data is handled responsibly. Below you can read how Aiayu ApS (hereinafter ”aiayu”, “we”, “us” or “our”) process personal data about you when we act as data controller. You can also read about your rights in relation to our processing.

 

  1. AIAYU’S ROLE AS DATA CONTROLLER

In connection with the operation of our business, we process certain personal data. We do this in order to serve you in the best possible way. We mainly collect and process general (non-sensitive) personal data.

If you have any questions regarding our processing of your personal data, please contact aiayu here:

Aiayu ApS
CVR: 305 485 58
Forbindelsesvej 12, 2. th,
2100 København Ø, Denmark

Databeskyttelsesrådgiver (DPO):
Name: Maria Glæsel
Phone: +45 22121415
E-mail: mmg@aiayu.com

 

  1. WHAT PERSONAL DATA DO WE COLLECT AND WHY

We process personal data about you in a number of different situations. Read more about our processing in the different situations below.

    • Visitors to aiayu’s website and users of aiayu’s online services

When you visit aiayu’s website (e.g. https://www.aiayu.com/) or use our other online services (on, for example Facebook, Instagram, TikTok, Pinterest, LinkedIn), Aiayu may process information about your IP address as well as information about your computer, device and browser.

We also process information about your visit (e.g. information about how you access our websites, how you navigate around them, which pages you visit, content you view, your searches, advertisements you have seen, etc.). Personal data is collected through cookies, log files and other technologies (you can read more about our use of cookies here https://www.aiayu.com/en/page/info/cookies).

We also process personal data that you provide to us in connection with your use of the website or our online services, including your name, email address, and any other information you provide to us.

We use your personal data so that we can make relevant products, supplies, benefits and services (“Services”) available to you and to improve your experience of our websites and online services and the Services we offer. We also use personal data to show you content on our and other sites based on your activities and preferences, and to limit the number of times you see the same content.

The legal basis for processing is our legitimate interests in making our website (and online services) available to you (Article 6(1)(f) of the General Data Protection Regulation) or your consent (Article 6(1)(a) of the General Data Protection Regulation and Section 3 of the Danish Executive Order on Cookies).

We store personal data collected in connection with your visit to our website for 2 years.

    • Customers of aiayu

When you are a customer of aiayu, and purchase via our webshop, aiayu processes personal data about your name, your address, email address, your purchases, payment information, and other information that you provide to us.

We process the personal data for the purpose of fulfilling the agreement with our customers, for the purpose of providing the Services, invoicing, keeping statistics and performing quality management as well as for maintaining our customer records and providing general service, marketing and sales to our customers.

The legal basis for processing is the agreement with you (Article 6(1)(b) of the General Data Protection Regulation) or our legitimate interests in managing your information as a customer with us (Article 6(1)(f) of the General Data Protection Regulation).

We store personal data about our customers for 5 years.

    • Marketing recipients

When you receive marketing communications, including newsletters from aiayu, we process personal data about name, email address and product interest. We also process information about your use of the marketing we send to you (including, for example, whether you have opened an email from us, whether the email has been read and which links you have opened), and any other information you provide to us.

We process your personal data for the purpose of marketing our company and Services, and for setting up and managing your marketing subscription. We use the personal data about your preferences and usage to understand the way customers receive our marketing messages and to improve our marketing to you and other customers going forward.

We will only send you marketing material by email, text messages or other electronic means once we have obtained your consent where this is required under the Danish Marketing Practices Act.

We also use personal data about you to show you content on our and other sites based on your activities and preferences, and to limit the number of times you see the same content, as well as to measure the effectiveness of our content and marketing. For this purpose, we may upload your email address to advertising tools with for instance Google or Facebook for the purpose of sending targeted marketing messages.

The legal basis for processing is our legitimate interests in complying with your wish to receive marketing communications from us to which you have consented under the Danish Marketing Practices Act (Article 6(1)(f) of the General Data Protection Regulation).

We store personal data about recipients of marketing communications for 2 years.

    • Participants in competitions

When you participate in competitions, we process personal data about name, email address, responses to the competition.

We process your personal data for the purposes of managing competitions, drawing winners, etc.

The legal basis for processing is our legitimate interests in running the competition and contacting the winner (Article 6(1)(f) of the General Data Protection Regulation).

We store the personal data collected in connection with the organisation of competitions for 2 years.

    • Business partners and/or suppliers to aiayu

When you are a business partner or supplier to aiayu or are a contact person of a business partner/supplier, we process personal data about your name, company name, work telephone number, email address, title as well as publicly available information and other information you provide to us.

We process personal data for the purpose of contract management, receiving goods and services from our suppliers and business partners, and where appropriate to fulfil agreements with our customers.

The legal basis for processing is the agreement with you (Article 6(1)(b) of the General Data Protection Regulation) or our legitimate interests in managing the relationship with you/the company you represent as a business partner/supplier (Article 6(1)(f) of the General Data Protection Regulation).

We store the personal data about business partners and/or suppliers for 2 years.

 

  1. DISCLOSURE OF YOUR PERSONAL DATA TO OTHERS

Aiayu may disclose your personal data to other suppliers and/or service providers in the ordinary course of our business.

Aiayu may also disclose your personal data to a public authority in situations where we are specifically obliged to disclose your personal data pursuant to legislation and notification obligations to which we are subject.

It may for example be necessary to disclose personal data to the following recipients:

  • Marketing Automation platform providers
  • Digital Marketing software providers
  • CRO software providers
  • E-commerce providers
  • CMS providers
  • Web analytics tools
  • Logistics and shipping service providers

We try to limit the disclosure of personally identifiable information and thus the disclosure of information that can be attributed to you personally.

Aiayu also discloses your personal data to data processors. Our data processors only process your personal data for our purposes and under our instructions.

 

  1. TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE EU/EEA

In connection with our processing of your personal data, we may transfer such information to countries outside the EU/EEA (third countries).

Your personal data may be transferred to countries where the European Commission has determined that the level of data protection is equivalent to that in the EU/EEA (secure third countries).

We may also transfer your personal data to unsecure third countries. The transfer of your personal data to unsecure third countries will be based on the Standard Contractual Clauses (SCC) drawn up by the European Commission, which have been specifically designed to ensure an adequate level of protection. We assess the adequacy of the transfer basis and adopt additional measures if necessary to ensure an adequate level of protection for the transfer.

You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission’s website.

If you would like further information about our transfer of personal data to countries outside the EU/EEA, please contact us.

 

  1. STORAGE, DATA INTEGRITY AND SECURITY

When your personal data is no longer needed, we will ensure that it is deleted in a secure manner.

It is our policy to protect personal data by taking adequate technical and organisational security measures.

We have implemented security measures to ensure data protection for all personal data that we process. We conduct regular internal follow-ups on the adequacy of and compliance with policies and measures.

 

  1. YOUR RIGHTS

As a data subject, you have certain rights under the General Data Protection Regulation. If you want to exercise your rights, please contact us.

You may – unconditionally and at any time – withdraw your consent. You can do so by sending us an email (see email address above). Withdrawal of your consent will not have any negative impact. However, this may mean that we cannot meet specific requests from you in the future. Withdrawal of your consent will not affect the lawfulness of the processing based on consent before it is withdrawn. Furthermore, it will not affect any processing carried out on another lawful basis.

You can also – unconditionally and at any time – object to our processing when it is based on our legitimate interests.

Your rights also include the following:

  • Right of access: You have the right to access the personal data we process about you.
  • Right to rectification: You have the right to obtain rectification of any inaccurate and incomplete personal data about you.
  • Right to erasure (right to be forgotten): In exceptional cases, you have the right to obtain erasure of information about you before the time when we would normally delete your personal data.
  • Right to restriction of processing: In certain situations, you have the right to restrict the processing of your personal data. If you have the right to restrict the processing of your personal data, we may only process personal data in the future – apart from storage – with your consent, or for the establishment, exercise or defence of legal claims, or to protect an individual or important public interests.
  • Right to object: In certain situations, you have the right to object to our processing of your personal data, and always if the processing is for direct marketing purposes.
  • Right to data portability: In certain situations, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such personal data transferred from one data controller to another.
  • Right to lodge a complaint: You can lodge a complaint at any time with the Danish Data Protection Authority about our processing of personal data. See more at www.datatilsynet.dk where you can also find further information on your rights as a data subject.

 

  1. UPDATES OF OUR PRIVACY POLICY

From time to time it will be necessary to update this Privacy Policy. We will review our Privacy Policy on a regular basis in order to ensure that it is updated, valid and in accordance with current legislation and the principles for processing of personal data. We will publish new versions of the policy on our website.

 

This policy has version no. 1 and is valid from 1. January, 2023.