Privacy Policy

Effective Date: March 25, 2024
Last Updated: March 25, 2024

 

1. INTRODUCTION

The Website is owned and operated by AL IDILIO STUDIO LTD, as Data Controller (hereinafter referred to as “Data Controller”, “Fay Spirits” or “we”). We are committed to protecting your personally identifiable information (“Personal Data”).

Your privacy is important to us. We provide you with this Privacy Policy, so that you can make informed choices about the use of your data. This Privacy Policy describes how we collect, use, share, and store the Personal Data of visitors to our website (Guests), individuals who register (Registered Users) and our Advisors.

As we are a Cyprus based company, we comply with the EU Data Protection Regulation, (hereinafter referred to as “GDPR”). Our location in Europe necessitates compliance with GDPR, irrespective of whether you are located in or outside of Europe.

Please read this Privacy Policy carefully, as it constitutes an integral part of and is incorporated into our Terms and Conditions. By using the Fayspirits.com website you agree that the Terms and Conditions, along with this Policy, establish a legally binding agreement between you and us.

You can contact us if you have any questions about our privacy practices.

Our online shop www.fayspirits.com/shop (hereinafter referred to as the “e-Shop”) forms part of our website (hereinafter referred to as the “Website”), that is available under the domain name of www.fayspirits.com.

We reserve the right to periodically amend this Privacy Policy to reflect updates to our services, alterations in the manner in which we handle your Personal Data, and / or modifications in applicable laws. Any revisions to the Policy will be made without prior notice, so we advise you to regularly review it on our website.. Such changes will become effective upon their publication on our Website, or once a specific enforcement date is specified. Your continued use of our Website following such changes constitutes acceptance of the updated Privacy Policy.

If there are any terms in this Privacy Policy with which you do not agree, we kindly ask you to refrain from using our Website and services.

Explicit consent for each type of data processing of Personal Data shall be obtained from you, either by using or registering through the Website via the checkboxes or by freely providing the Personal Data when it is being collected.

Data Controller’s principles of data processing are in accordance with legal provisions in force relating to data protection, including but not limited to:

  • Regulation (EU) 2016/679 of the European Parliament and of The Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  • National Data Protection law adopted for the effective implementation of provisions of the GDPR in Cyprus:
    • Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data (Law No. 125/I//2018),
    • other jurisdictional data protection laws, as applicable. We shall carry out all the necessary developments and modifications, depending on changes in the legal and technical framework.

Only individuals with legal capacity aged 18 or older are allowed to visit and / or make purchases via our e-Shop or provide advice. Therefore, you are responsible for ensuring that all your activities on this Website comply with this Privacy Policy and all applicable Laws.

This Privacy Policy document is protected by copyright, and any use of it other than on the present Website, whether partially or wholly, is not permitted!

 

2. DATA CONTROLLER (Contact Details)

Company Name: AL IDILIO STUDIO LTD
Registered Address: 4, Parodos 49th street, 4152 Kato Polemidia, Limassol, Cyprus
Registration Number: HE 371655
Country of Registration: Cyprus
E-mail: [email protected]

 

3. DEFINITIONS (Terms used in this Policy)

  • “Data Subject” / “You”: refers to a natural person who is identified or identifiable based on any information that the Data Controller holds as Personal Data. Specifically, in the context of this Privacy Policy, it includes the Visitor, User, Registered User, Advisor.
  • “Personal Data”: refers toany information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual. An identifiable natural person is someone who can be identified, directly or indirectly. This includes, but is not limited to:
    • Real name
    • Alias
    • Postal address
    • Phone number
    • E-mail address
    • Records of products or services purchased
    • Internet or other electronic network activity information, including, but not limited to browsing history and search history
    • One or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  • “Data Controller”: refers to the entity that determines the purposes and means of processing of Personal Data (i.e., when, why and how to process). The Data Controller is responsible for implementing appropriate technical and organizational measures to comply with the Law. This includes maintaining and updating records of processing activities and making accurate records available to the Commissioner upon request, as well as cooperating with the Commissioner.
  • “Processor”: refers toa natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Controller.
  • “Processing by Controller”: refers to any operation or set of operations performed on Personal Data or sets of Personal Data, whether by automated means or not. This includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Processing by Processor”: refers to performing technical tasks related to data processing operations, regardless of the method or means used for executing these operations or the location of execution, as long as the technical task is performed on the data.
  • “Data Transfer”: refers to providing access to the data to a third party.
  • “User”: any individual who visits the Website and / or any person/consumer who places an order on the Website.
  • “Consent”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
  • “Personal Data Breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to Personal Data transmitted, stored or otherwise processed.
  • “Third Party”: a recipient of Personal Data, which refers toa natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and individuals who, under the direct authority of the controller or processor, are authorised to process Personal Data.
  • “Commissioner of Personal Data Protection”: the supervisory authority appointed to monitor the application of the GDPR and Article 19 of the Data Protection Law of Cyprus, along with other legislative measures related to the processing of Personal Data.

 

4. PRINCIPLES AND SCOPE OF DATA PROCESSING

We will ensure that Personal Data is recorded and processed in a lawful, fair, and transparent manner concerning you.

Personal Data will only be processed for specified, explicit, and legitimate purposes.

The Personal Data processed will be adequate, relevant, and limited to what is necessary for the purposes of the processing, considering both the extent and duration of such processing.

 

5. HOW DO WE USE YOUR PERSONAL DATA?

We process your Data for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and / or your explicit consent.

The Personal Data collected via our Website is used for the purposes described below. This processing is based on purposes aligned with our legitimate business interests, to enter into or perform a contract with you, with your consent, and/or to comply with our legal obligations.

We will request your consent before using Personal Data for a purpose other than those outlined in this Privacy Policy.

 

6. WHAT PERSONAL DATA DO WE COLLECT?

Generally, we collect and store different types of your Data.

We primarily process the Personal Data you provide when creating your online account. Through your account, you can manage your settings. We process this information to fulfill the contract that we have with you and to provide you with the requested services.

We use your Data to improve the functionality and quality of our online entertainment services. Our goal is to optimize our Website and enhance users’ experience.

We may rely on a legal obligation to process your personal data. For example, we are required to retain your transaction information to comply with legally required accounting records.

We may also use your information to respond to requests of competent authorities or as part of our legitimate interest to establish, exercise or defend legal claims. If necessary, we may use your Data to investigate issues with the bank processing your payment, or in cases of unpaid transactions, chargebacks or refunds.

We may retain some of your information to fulfill tax, legal reporting and auditing obligations.

In the event of detecting fraud or illegal activity, we implement measures to prevent further incidents. This includes blacklisting all former usernames for a certain period, during which time these usernames will not be available for new registrations.

 

7. WE INDICATE THE SPECIFIC DATA PROCESSING METHODS IN THE FOLLOWING:

7. 1. Personal Data of website visitors

When you visit our Website or use our services, we collect certain information, even if you haven’t created an account or logged in.

Scope of data processing: When you visit, use, or navigate our Website, we automatically collect certain information. This information does not reveal your specific identity, such as your name or contact details, but it may include device and usage information. This includes your IP address, browser type, device characteristics, operating system, language preferences, referring URLs, device name, country, location, details about how and when you use our Website and other technical information. Additionally, we collect information through cookies, web beacons and similar technologies.

Purposes of data processing: The information collected serves primarily to maintain the security and operation of our Website, as well as for internal analytics and reporting purposes. It facilitates market research, analytics, monitoring of the functioning of services, providing customized services, preventing misuse, conducting technical operations and defending against complaints and legal claims.

Period for which Personal Data are processed, time limit for erasure: Personal Data are processed from the time of collection until the fulfillment of our business purposes, and no later than 30 days from the date of viewing the Website.

Legal basis of processing: The processing of Personal Data is based on your consent, which is freely given, specific, informed and unambiguous, in accordance with Article 6 (1) (a) of GDPR.

7. 2. Registration as a User

Scope of data processing: The data processing encompasses the following information: name, username, alias, e-mail address, password, date and time of registration, IP address of your computer at the time of registration, and the date of your last login. In case of follow-up invitations to leave reviews, additional data such as your photo, occupation, and opinion about a service may also be processed.

Purposes of data processing: The processing of data serves multiple objectives, including but not limited to: authorizing access to our Website and services, identifying the Data Subject, creating and maintaining your account once you become a registered user, securing account login, facilitating effective communication, conducting necessary technical operations, enabling the provision of our services, delivering products as requested, accepting payments for products and services, managing fees and charges, as well as handling, managing, or processing legal claims and ensuring compliance with legal obligations.

Legal basis of data processing: The processing of data is based on the consent that you freely provide, in accordance with Article 6 (1) (a) of the GDPR.

Period for which Personal Data are processed, time limit for erasure: We retain your Personal Data for a necessary period to fulfill the purposes described above, and in any case until your request for erasure or until it is no longer necessary for the purposes for which it was collected and processed.

7. 3. Online purchase and payment

Please note that depending on the payment method you choose, your payment will be processed by third-party payment processor/service providers, as explained in our Payment, Pricing and Billing Terms.

The use of your Personal Data is strictly necessary in this instance in order to execute any payments and provide you with the services you have purchased.

Scope of possible data processing: name, surname, zodiac sign, gender identity, your portrait photo (attached), date of birth, time of birth, occupation, e-mail address, billing and shipping data (name, ZIP/postcode, city, street, house number), tax number (optional), amount of transaction, bank account number (in the case of direct bank transfer or refunds provided by the User); other optional information you provide if you have a specific matter for which you seek insight.

Special category of Data: This refers to data of a sensitive nature, e.g. your philosophical or religious interests/beliefs.

Purposes of data processing:

  • identification of you;
  • execution of any purchase made with us;
  • confirmation of transactions;
  • provision of more effective personalized insights on your questions
  • issuing invoices in accordance with the applicable rules;
  • enforcement of claims, response to legal requests and prevention of harm;
  • execution of technical operations;
  • addressing complains or comments submitted by you;
  • communication with you regarding any unavailability of requested services or any query or problem with your order;
  • soliciting reviews by you;
  • utilization of your information for other business purposes, such as data analysis, to evaluate and improve our Website, services, marketing and your overall experience.

Period for which Personal Data are processed, time limit for erasure: We will utilize any data associated with the performance of electronically concluded for contract-related purposes, and we will delete and destroy them upon termination of the contract or upon expiration of the legally mandated retention period. Accounting documents and their supporting documents will be retained in accordance with the provisions of Cyprus Tax Laws.

Legal basis of the data processing: Your freely given consent serves as one legal basis for the processing of Personal Data. Additionally, the processing of Personal Data is deemed necessary for the performance of the Contract, as outlined in the General Terms & Conditions, pursuant to Article 6 (1) (b) of GDPR. Furthermore, our legitimate interest, as defined in Article 6 (1) (f) of GDPR, also provides a legal basis for certain aspects of the data processing.

Recipients of Personal Data (entitled to access your personal data): Personal Data may be processed by us and third-party service providers authorized to act on our behalf, as described in this Policy.

7. 4. Communication with Users

You can contact us using the contact information provided above or by filling the “Connect with Us” form on our Website. By sharing your Personal Data with us, we can efficiently provide you with answers and assistance as needed. Please be aware that we may contact you via e-mail.

Scope of data processing: The data processing includes the sender’s full name, e-mail address, date and time of the message and other optional Personal Data disclosed within the message.

We shall delete all messages received no later than one year from the date of providing such Data.

7. 5. Become an Advisor

To apply to become an Advisor, you need to fill out our online application form. Once submitted, our team will carefully review your application. If you meet our qualifications, we will schedule an interview where you can demonstrate your skills.

Scope of possible data processing includes collecting and processing the following information:

  • First name
  • Last name
  • E-mail address
  • Phone number
  • Profile photo

Additionally, contact and identification information provided in your application form and documents may include:

  • First name
  • Last name
  • Postal address
  • E-mail address
  • Phone number

Furthermore, we may collect and process the following types of data:

  • Information about your experiences (if applicable), including qualifications, CV, cover letter, licenses (such as name of certifications, issuing authority, date of obtaining certificate), and language skills.
  • Optional Data that you have provided to us, such as information about disabilities.
  • Data from online assessments (e.g., personality tests) and video interviews, if applicable.
  • Data provided to us about your referees, if applicable.

The purposes of data processing include:

  • Contacting you and communicating with you to inquire about your experience during the interview process.
  • Assessing your application thoroughly.
  • With your consent, sending you information and contacting you regarding alternative opportunities within Fay Spirits.

Legal basis of the data processing:

Your Personal Data provision is voluntary, in accordance with Article 6 (1) (a) of GDPR. This information will be utilized for assessing your application and, if a contractual relationship is established, it will also be used for executing the contract.

Your consent is freely given by you; however, there are specific circumstances where we cannot proceed without certain Personal Data from you. Providing Personal Data is necessary for processing your application or concluding a contract with us. Therefore, if you choose not to provide such data, it might adversely affect you.

For certain positions, this may include your participation in a personality, cognitive ability or any other tests deemed necessary by Fay Spirits. Participation in these tests is also voluntary, as per Article 6 (1) (a) of GDPR.

When we gather information from publicly accessible sources (limited to information relevant to your professional life) or your public profile on professional social networks like LinkedIn, we rely on our legitimate interest to establish a basis for decision-making in order to enter into a contractual relationship with you. This processing is legally grounded in Article 6 (1) (f) of GDPR in conjunction with Article 9 (2) (e) of GDPR.

Furthermore, we may process Personal Data about you when necessary to defend ourselves against legal claims. The legal basis for this processing is Article 6 (1) (b) and (f) of GDPR; the legitimate interest, for instance, involves establishing a burden of proof in proceedings under the Equal Treatment Law, No. 205(I)/2002.

Time limit for erasure of Personal Data:

You can withdraw your consent at any time. However, withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.

Your personal data will be deleted when it is no longer reasonably required for the permitted purposes for which we initially collected your personal data. This means your data shall be used until the assessment of your application. If an Advisor contractual relationship is established, the necessity for the performance of the contract between us will serve as the legal basis for storing your Personal Data.

You can request the deletion of your application at any time.

 

8. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

We only share information with your consent, to comply with laws, to protect your rights, or to fulfill business obligations. Therefore, we may engage Data Processors in relation to our activities and we only share and disclose your information in the following situations:

  • Advisor: The information about you is available to Advisors with whom you interact. Any content or information that you send or transmit through the Website will be disclosed to an available Advisor. We do not provide Advisors with your personal information, such as your e-mail address, location, or phone number. However, we may forward details such as your username, alias, date of birth, gender and/or any other mandatory fields required to facilitate the Service. We prohibit you from disclosing personal contact information to Advisors. If you decide to share any additional content with the Advisors, please note that you are fully responsible for the sharing of such information, and we cannot be held responsible for any disclosure that you freely make.
  • Other Users & the Public: If you submit a review, it will be visible to other users.
  • Third parties – Service Providers: We engage carefully selected and trusted third parties to act as service providers for our site.
    We ensure that they are contractually obligated to process information we share with them in accordance with our instructions, this Privacy Policy and all applicable data protection laws.
    We share your Personal Data with the following third-parties/companies as they assist us in delivering services to you:

    • Courier: Cyprus Post – companies that provide postal, courier or any other delivery services.
    • Banking services: Stripe Payments Europe Limited, Revolut Ltd., PayPal Ltd. – responsible for paying for orders.
    • Governmental authorities
      To the extent permitted by applicable laws, we may also share information with law enforcement agencies or authorities if such disclosure is reasonably necessary for the following reasons:

      • To comply with our legal obligations.
      • To respond to information requests for fraud investigations and other alleged illegal activities.
      • To protect our rights or defend ourselves against any claims.
    • Technical Support: AL IDILIO STUDIO LTD – provides IT, system administration services and technical support for any issues of the Website.
    • Google Analytics: Where anonymous usage and traffic data are stored for analytical purposes.
  • Compliance with Laws: We may disclose your information where legally required to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process. This may include responding to a court order, subpoena, or requests from public authorities to meet national security or law enforcement requirements.
  • Consultants and Other Third-Party Service Providers: We may share your data with professional advisers acting as processors, including lawyers, bankers and auditors who provide consultancy, banking, legal and accounting services. Additionally, we may share information with third-party service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to complete their work. These entities agree to comply with our Privacy Policy. We do not share, sell, rent or trade any of your information with third parties for their promotional purposes.

 

9. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We use cookie technology to store and access specific information whenever a visitor or user browses our online store using a web browser. Cookies are essential for providing important services such as logging into user accounts, checking order status, accessing personal settings, and adding items to the cart. Without cookies, these functionalities would not be feasible.

Cookies are small data files stored on the visitor or user’s computer via the Internet to facilitate services as mentioned earlier. Cookies do not harm users’ computers or the files stored on them. Visitors or users can configure their browser settings to block the acceptance of new cookies or to prompt them each time a new cookie is about to be installed on their hard drive.

Third parties, advertisers or advertising servers may place or recognize unique cookies in Users’ browser. The use of cookies by these third parties or advertisers is not governed by this Privacy Policy but is subject to their respective Privacy Policies. Therefore, it’s recommended that you review their Privacy Policies carefully.

Remote servers may assist in the independent measurement and auditing of data concerning the frequency of visits to the Website and web analytics data using services such as Google Analytics software. Information regarding the processing of measurement data is provided by the policies applicable to such services, which can be accessed at www.google.com/analytics.

For detailed information on how we use cookies, please review our Cookie Policy.

 

10. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only retain your personal information as long as your account remains active. Upon receiving a written request for the deletion of your account, all your Personal Data, as well as any associated data such as orders, will be deleted.

 

11. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate technical and organizational security measures designed to safeguard the personal information we process. However, it’s important to note that while we strive to protect your data, we cannot guarantee absolute security over the internet. Transmission of personal information to and from our website is undertaken at your own risk. We recommend accessing our services only within a secure environment.

Please review our “Data Security Terms” for more comprehensive information regarding the measures we have implemented to safeguard your data.

 

12. WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?

You have the following privacy rights, which may be exercised by contacting us via email at [email protected]. We will handle all requests in accordance with the applicable Data Protection Laws.

Please understand that we may need to verify your identity and request additional information before fulfilling your request.

12. 1. Right to access

You have the right to request access to your Personal Data, allowing you to receive a copy of the information we hold about you.

12. 2. Rectification of inaccurate or incomplete data

You have the right to request that we correct or update any inaccuracies in your personal data.

12. 3. Right to erasure

You have the right to request the deletion of your Personal Data. However, please note that we may need to retain certain information for legal, compliance, or administrative purposes, such as record-keeping or to detect fraudulent activities.

If you wish for us to erase your personal data and close your account, you can make this request by sending us an email. Please be aware that initiating the erasure process, upon successful verification of your identity as the account owner, will result in the inability to log in to our site (Fayspirits.com).

It’s important to note that even if you request the erasure of your personal information, we may retain some of it for as long as necessary to comply with our legal obligations or other legitimate interests, as explained in the preceding section.

12. 4. Right to be forgotten

If the Data Controller has made Personal Data public, then the Data Controller is obliged to erase it, the Data Controller must take reasonable steps, including technical measures, to inform other controllers processing the Personal Data. This includes requesting that these controllers remove any links to, or copies or replications of, the erased Personal Data. These steps should be taken with consideration of available technology and the cost of implementation.

12. 5. Right to restriction of processing

You have the right to request that we stop processing your data. This is only possible in the following four cases:

  • Accuracy: If you dispute the accuracy of your personal data, processing will be stopped while we verify your claim.
  • Legitimate Interest: If you object to processing based on legitimate interest, the processing will be paused while we investigate your objection.
  • Unlawful Processing: If you believe your data is being processed unlawfully but do not want it immediately erased, you can request restriction of processing.
  • Data Storage: You can request us to store your data if you need it to establish, exercise, or defend any legal claims, and we no longer need it for other purposes. However, we may continue processing your data if necessary to establish, exercise, or defend legal claims. We will notify you before lifting any restriction.

12. 6. Right to data portability

You have the right to receive the Personal Data you’ve provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another party where technically feasible. This includes data actively and knowingly provided by you, such as your email address and username.

12. 7. Right to object

You have the right to object to the collection and use of your Personal Data.

12. 8. Right to revoke consent

Any person affected by the processing of Personal Data may withdraw their consent at any time. In this case, the revocation must be sent in writing or by e-mail to us.

12. 9. Information request

You are entitled to request information at any time from Data Controller relating to the processing of your Personal Data. You may request access to, erasure or alteration of your Personal Data, as well as restriction of the processing of Personal Data. You will be informed in writing about all the measures taken upon the above requests, without undue delay but at the latest within 30 days from the receipt of the request.

 

13. POSSIBILITIES OF ENFORCING RIGHTS

13. 1. You may send any observation relating to the processing of Personal Data concerning you to us.

13. 2. If you consider that our processing of your Personal Data infringes the GDPR or any other applicable national laws, you have the right to lodge a complaint with the relevant supervisory authority. You can find their contact details here.

You can contact the Office of the Commissioner for Personal Data Protection in Cyprus at the following contact details:

Office address: Iasonos 1, 1082 Nicosia, Cyprus
Postal address: P.O. Box 23378, 1682 Nicosia, Cyprus
Telephone number: +357 22 818 456
Fax: +357 22 304 565
E-mail: [email protected]

13. 3. If your rights have been infringed, you may file a lawsuit against the Data Controller.

13. 4. If you have caused damage in any way when using the Website, the Data Controller reserves the right to claim damages against you. In such cases, the Data Controller will take all necessary measures to assist the relevant authorities in identifying the infringer.

 

14. CONTACT US

If you have any specific questions regarding this Privacy Policy or our privacy practices in general, please feel free to contact us. We will do our best to respond to your inquiry as promptly as possible.

 

All rights reserved.
FAY SPIRITS | AL IDILIO STUDIO LTD

X

Your Shopping cart

Close