Privacy Policy

Your privacy is important to us. It is Warmly Deal's policy to respect your privacy regarding any information we may collect from you across our website, https://warmlydeal.com/, and other sites we own and operate.

We provide important information for California residents here and for individuals in Europe here.

Table of Contents

  • Information we collect
  • Legal bases for processing
  • Collection and use of information
  • Disclosure of personal information to third parties
  • International transfers of personal information
  • Your rights and controlling your personal information
  • Cookies
  • Business transfers
  • Limits of our policy
  • Changes to this policy
  • Use of the Website by Minors
  • California Do Not Track Disclosures
  • Copyright, credit and logo
  • Privacy Notice for California Residents
  • Privacy Notice for European Residents.
  • How to Contact Us.


  • Information we collect.

    • Log data

    When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.

    We use a third-party server to host our website called Shopify Inc., the privacy policy of which is available here. Our website server automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our website (e.g. the website or URL (link) which referred you to our website), and your browser version and operating system.

    Our website servers are located in the United States of America and Canada and, accordingly, your information is transferred outside the European Economic Area (EEA). For further information and information on the safeguards used, please see the section of this privacy policy entitled Transfers of your information outside the European Economic Area.

    • Device data.

    We may also collect data about the device you’re using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

    • Personal information.

    We may ask for personal information, such as your:

    • Name
    • Email
    • Social media profiles
    • Date of birth
    • Phone/mobile number
    • Home/Mailing address
    • Work address
    • Payment information

    Email and Contact Form Details.

    When you send an email to the email address displayed on our website we collect your email address and any other information you provide in that email (such as your name, telephone number and the information contained in any signature block in your email).

    Mail.

    If you contact us by mail, we will collect any information you provide to us in any postal communications you send us.

    Data about others.

    For whom you purchase an item or gift, such as name, delivery address and phone number. Please do not purchase a gift for someone or share their contact information with us unless you have their permission to do so.

    Communications.

    Such as information you provide when you contact us with questions, feedback, survey responses, or otherwise correspond with us.

    Marketing data.

    Such as the email address or contact details that we use to send marketing communications and your preferences for receiving communications about our activities, events, sweepstakes and contests.

    Purchase data.

    Including your order history and information needed to process and fulfill your order, including order details, billing address, and delivery address.

    Information we obtain from third party platforms.

    We may collect information from third party platforms like Google, Facebook etc. You may also have the opportunity to provide us with additional information via the third-party platform or network, such as a list of your friends or connections and your email address.  You can read more about your privacy choices in the Your rights and controlling your personal information section.

    Data from other sources.

    We may also collect information about you from:

    • Business partners, such as advertising and joint marketing partners.
    • Data providers, such as information services and data licencors.
    • Public sources, such as blogs, forums or social media platforms.

    Other information.

    That we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

    Referrals.

    Users of the Service may have the opportunity to refer friends or other contacts to us.  If you are an existing user, you may only submit a referral if you have permission to provide their contact information to us so that we may contact them.

    Legal bases for processing.

    We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so.

    These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where: 

    • it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us);
    • it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests;
    • you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter); or
    • we need to process your data to comply with a legal obligation.

    Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).

    We don’t keep personal information for longer than is necessary. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.

    Collection and use of information.

    We may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes:

    • to enable you to customize or personalize your experience of our website;
    • to enable you to access and use our website, associated applications and associated social media platforms;
    • to contact and communicate with you;
    • for internal record keeping and administrative purposes;
    • for analytics, market research and business development, including to operate and improve our website, associated applications and associated social media platforms;
    • to run competitions and/or offer additional benefits to you;
    • for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you;
    • to comply with our legal obligations and resolve any disputes that we may have; and
    • to consider your employment application.

    Disclosure of personal information to third parties.

    We may disclose personal information to:

    • third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
    • our employees, contractors and/or related entities;
    • sponsors or promoters of any competition we run;
    • credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
    • courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
    • third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you; and
    • third parties to collect and process data.

    International transfers of personal information.

    The personal information we collect is stored and processed in United States and Canada, or where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal information, you consent to the disclosure to these overseas third parties.

    We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

    Where we transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to the ones in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction and this might mean that you will not be able to seek redress under our jurisdiction’s privacy laws.

    Your rights and controlling your personal information.

    Choice and consent: By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this privacy policy. If you are under 16 years of age, you must have, and warrant to the extent permitted by law to us, that you have your parent or legal guardian’s permission to access and use the website and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this website or the products and/or services offered on or through it. You can read more about this fromUse of the Website by Minors section.

    Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

    Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.

    Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party.

    Correction: If you believe that any information, we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

    Notification of data breaches: We will comply laws applicable to us in respect of any data breach.

    Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

    Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

    Cookies: Most browsers let you remove and/or stop accepting cookies from the websites you visit.  To do this, follow the instructions in your browser’s settings.  For more details, see our Cookie Policy.

    Privacy settings and location data:  Users of our App can disable our access to their device’s precise geolocation in their mobile device settings.

    Cookies.

    We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified. Please refer to our Cookie Policy for more information.

    Business transfers.

    If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.

    Limits of our policy.

    Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

    Changes to this policy.

    At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.

    If we make a significant change to this privacy policy, for example changing a lawful basis on which we process your personal information, we will ask you to re-consent to the amended privacy policy.

    Use of the website by minors.

    The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Information from individuals under 16. If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian as required by law, we will delete it.

    California do not track disclosures.

    “Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on a Do Not Track signal in their browser, the browser sends a message to websites requesting that they do not track the user. We do not currently respond to browser do-not-track signals. For information about Do Not Track, please visit www.allaboutdnt.org

    Copyright, credit and logo.

    This Privacy Policy is based on a General Data Protection Regulation (Regulation (EU) 2016/769) (GDPR) compliant template provided by GDPR Privacy Policy. For further information, please visit https://gdprprivacypolicy.org

    The copyright in this Privacy Policy is either owned by, or licensed to, us and is protected by copyright laws around the world and copyright protection software. All intellectual property rights in this document are reserved.

    Where we display the GDPR Privacy Policy logo on our website, this is used to indicate that we have adopted a privacy policy template provided by GDPR Privacy Policy as the basis for this Privacy Policy.

    Privacy notice for California residents.

    We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide to California residents an explanation of how we collect, use and share their Personal Information, and of the rights and choices we offer to California residents with respect to that Personal Information.  This CCPA Notice does not apply to our job applicants, employees, contractors, owners, directors, or officers where the Personal Information we collect about those individuals relates to their current, former, or potential role with us.

    Website may have collected the following categories of personal information from its consumers within the last twelve (12) months:

     

    Category

    Examples

    Collected and How We Collect.

    Source Of Personal Information

    A. Identifiers.

    A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

    Yes

     

    · Contact data

    · Registration data

    · Data about others

    · Profile data

    · Communications

    · Marketing data

    · Purchase data

    · From the user

     

    · Business partners

     

    · Data providers

     

    · Public sources

     

    · Third party platforms

    B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

    A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

    Yes

     

    · Contact data

    · Registration data

    · Data about others

    · Profile data

    · Communications

    · Marketing data

    · Purchase data

     

    · From the user

     

    · Business partners

     

    · Data providers

     

    · Public sources

     

    · Third party platforms

    C. Protected classification characteristics under California or federal law.

    Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

    We do not intentionally collect this information, but it may be revealed in profile data or other information we collect

     

     

     

    D. Commercial information.

    Records of personal property, products or services purchased, obtained, or considered, or NO other purchasing or consuming histories or tendencies

    Yes

     

    · Contact data

    · Registration data

    · Purchase data

    · Communications

    · Marketing data

    · Device data

    · Online activity data

    · From the user

    · Business partners

    · Data providers

    · Public sources

    · Automatic collection

    E. Biometric information.

    Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

    No

     

    G. Geolocation data.

    Physical location or movements.

    Yes

     

    · Web suite visiting.

    · Purchasing

     

    Google Analytics.

    H. Sensory data.

    Audio, electronic, visual, thermal, olfactory, or similar information

    No

     

    I. Professional or employment-related information.

    Current or past job history or performance evaluations.

    No

     

    J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

    Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

    No

     

    K. Inferences drawn from other personal information.

    Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

    May Be

    May be derived from your:

    · Device data

    · Online activity data


    Personal information does not include:

    • Publicly available information from government records.
    • Deidentified or aggregated consumer information.
    • Information excluded from the CCPA's scope, like:
      • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
      • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy.

    The business and commercial purposes for which we collect this information are described in the section above entitled How We Use Your Personal Information.  The categories of third parties to whom we disclose this information are described in the section above entitled How We Share Your Personal Information.

    Your California privacy rights

    The CCPA grants California residents the following rights.  However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

    • Information

      You can request information about how we have collected, used and shared and used your Personal Information during the past 12 months.

      • The categories of Personal Information that we have collected.
      • The categories of sources from which we collected Personal Information.
      • The business or commercial purpose for collecting and/or selling Personal Information.
      • The categories of third parties with whom we share Personal Information.
      • Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third-party recipient.
      • Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party recipient.
    • Access.

      You can request a copy of the Personal Information that we have collected about you during the past 12 months.

    • Deletion.

      You can ask us to delete the Personal Information that we have collected from you.

    You are entitled to exercise the rights described above free from discrimination in the form of legally prohibited increases in the price or decreases in the quality of our Service.

    How to exercise your California rights.

    You may exercise your California privacy rights described above as follows:

    • Right to information, access and deletion.

      You can request to exercise your information, access and deletion rights by clicking here, by emailing support@warmlydeal.com or by calling +94710873073. We reserve the right to confirm your California residence to process your requests and will need to confirm your identity to process your requests to exercise your information, access or deletion rights. As part of this process, government identification may be required. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification. We cannot process your request if you do not provide us with enough detail to allow us to understand and respond to it.

    • Request a list of third-party marketers.

      California’s “Shine the Light” law (California Civil Code § 1798.83) allows California residents to ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide certain information about the companies’ sharing of certain personal information with third parties for their direct marketing purposes during the preceding year (if any). You can submit such a request by sending an email support@warmlydeal.com with “Shine the Light” in the subject line. The request must include your current name, street address, city, state, and zip code and attest to the fact that you are a California resident.

      We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

    Privacy notice for European residents.

    Principles for processing personal data.

    Our principles for processing personal data are:

    • Fairness and lawfulness. When we process personal data, the individual rights of the Data Subjects must be protected. All personal data must be collected and processed in a legal and fair manner.
    • Restricted to a specific purpose. The personal data of Data Subject must be processed only for specific purposes.
    • Transparency. The Data Subject must be informed of how his/her data is being collected, processed and used

    What personal data we collect and process.

    Except as otherwise specified, references to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

    Warmly Deal Data Controller.

    The controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation is ,

    No 55,
    Wanduramulla Watta,
    Panadura,
    Sri Lanka.

    Legal bases for processing.

    The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it.  However, the legal bases we typically rely on are set out in the table below.  We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent, or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we process your personal information, contact us at support@warmlydeal.com

    Processing purpose

    Legal basis

    Service delivery

    Processing is necessary to perform the contract governing our operation of the Sites or the provision of the Service, or to take steps that you request prior to engaging our services.  Where we cannot process your personal data as required to operate the Service on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the products or services you access and request.

    Marketing

    Interest-based advertising

     

    Processing is based on your consent where that consent is required by applicable law.

     

    Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business, and showing you tailored relevant content.

    For research and development

     

    To create anonymous data

     

    For compliance, fraud prevention and safety

    These activities constitute our legitimate interests.

    To comply with laws and regulations

    Processing is necessary to comply with our legal obligations.

    With your consent

    Processing is based on your consent.  Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service. 

     

    Use for new purposes.

    We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.  If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

    Sensitive personal information.

    Unless we specifically request it, we ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Service, or otherwise to us.

    Retention.

    We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.  When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

    Your rights.

    European data protection laws give you certain rights regarding your personal information.  You may ask us to take the following actions in relation to your personal information that we hold:

    • Access.

      Provide you with information about our processing of your personal information and give you access to your personal information.

    • Correct.

      Update or correct inaccuracies in your personal information.

    • Delete.

      Delete your personal information.

    • Transfer.

      Transfer a machine-readable copy of your personal information to you or a third party of your choice.

    • Restrict.

      Restrict the processing of your personal information.

    • Object.

      Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

    You may submit these requests by email to support@warmlydeal.com or our postal address provided above.  We may request specific information from you to help us confirm your identity and process your request.  Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions.  If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.  You can find your data protection regulator from herehttps://edpb.europa.eu/about-edpb/board/members_en

    Transfers of your information outside the European Economic Area. 

    If we transfer your personal information out of Europe to a country outside of Europe such that we are required to apply additional safeguards to your personal information under European data protection laws, we will do so.  Please contact us at support@warmlydeal.com for further information about any such transfers or the specific safeguards applied.

    How to contact us.

    Please direct any questions or comments about this Policy or privacy practices to support@warmlydeal.com.

     

    This policy is effective as of May 20, 2020.