At Nest&Co we respect your privacy and are committed to protecting it through our compliance with this privacy policy (“Policy”). This Policy applies to the www.nestcy.com website (“Website” or “Service”) and associated products and services (“Services”) operated by Messrs. Anthony Kleopa & Co Ltd (trading as “Nest&Co,” “we,” “us,” or “our”). By accessing and using our Website and Services, you agree to be bound by the terms of this Policy. “Personal Information” refers to any information that can identify you as a specific, identifiable individual. This may include, but is not limited to, your name, email address, contact information, geolocation data, and any materials you submit.
This Policy is a legally binding agreement between you (“User”, “you” or “your”) and Anthony Kleopa & Co Ltd (doing business as “Nest&Co”, “we”, “us” or “our”). If you are entering into this Policy on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this Policy, in which case the terms “User”, “you” or “your” shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this Policy, you must not accept this Policy and may not access and use the Website and Services. By accessing and using the Website and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.
Automatic Collection of Information
When you open the Website, our servers automatically record information that your browser sends. This data may include information such as your device’s IP address, browser type, and version, operating system type and version, language preferences or the webpage you were visiting before you came to the Website and Services, pages of the Website and Services that you visit, the time spent on those pages, information you search for on the Website, access times and dates, and other statistics.
Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding the usage and traffic of the Website and Services. This statistical information is not otherwise aggregated in such a way that would identify any particular User of the system.
Collection of Personal Information
You can access and use the Website and Services without telling us who you are or revealing any information by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the features offered on the Website, you may be asked to provide certain Personal Information (for example, your name and e-mail address). We receive and store any information you knowingly provide to us when you fill any forms on the Website. We may collect information you provide, such as contact details, geolocation data, or materials you submit voluntarily. You can choose not to provide us with your Personal Information, but then you may not be able to take advantage of some of the features on the Website. Users who are uncertain about what information is mandatory are welcome to contact us.
Privacy of Children
We do not knowingly collect Personal Information from children under 18. If you believe a child has provided information, please contact us. Parents are encouraged to monitor and guide their children’s online activities.
Use and Processing of Collected Information
We act as both a data controller and a data processor under the General Data Protection Regulation (GDPR) when handling Personal Information, unless a specific data processing agreement has been established with you, designating you as the data controller and us as the data processor.
Our role varies based on the specific situation involving Personal Information. As a data controller, we determine the purposes and means of processing when you submit Personal Information necessary for your access and use of the Website and Services. In such instances, we comply with data controllers’ obligations outlined in the GDPR. In situations where you submit Personal Information through the Website and Services, we act as a data processor. We neither own nor control the submitted Personal Information, and we process it strictly in accordance with your instructions. Here, you, as the User providing Personal Information, act as a data controller in terms of the GDPR.
To provide you with the Website and Services or to meet legal obligations, we may collect and use specific Personal Information. Failure to provide requested information may hinder our ability to offer products or services. The information collected may be used for various purposes, including but not limited to:
Creating and managing user accounts; Fulfilling and managing orders; Delivering products or services; Improving products and services; Sending administrative information; Sending marketing and promotional communications; Sending product and service updates; Responding to inquiries and offering support; Requesting user feedback; Improving user experience; Posting customer testimonials; Delivering targeted advertising; Enforcing terms and conditions and policies; Protecting from abuse and malicious users; Responding to legal requests and preventing harm; Running and operating the Website and Services.
Processing your Personal Information depends on factors such as your interaction with the Website and Services, your location, and legal requirements. The legal bases on which we collect and process your Personal Information include user consent, performance of a contract, compliance with legal obligations, personal Information is already publicly available and the pursuit of legitimate interests by us or a third party. We rely on these legal bases, as defined in the GDPR, to collect and process your Personal Information. Note that under certain legislations, we may be allowed to process information until you object to such processing by opting out, without relying on consent or other legal bases. We are happy to clarify the specific legal basis that applies to the processing, including whether the provision of Personal Information is a statutory or contractual requirement or a necessity to enter into a contract.
Disclosure of Information
Depending on the requested Services or as necessary to complete any transaction or provide any service you have requested, we may share your information with our trusted subsidiaries, joint venture partners, affiliates, contracted companies, and service providers (collectively referred to as “Service Providers“). These Service Providers play a crucial role in assisting the operation of the Website and Services, ensuring their availability to you. Their privacy policies align with ours, or they agree to adhere to our policies regarding Personal Information.
Service Providers are strictly prohibited from using or disclosing your information except as necessary to perform services on our behalf or to comply with legal requirements. They receive information solely for the purpose of executing their designated functions, and we explicitly do not authorise them to use or disclose provided information for their own marketing or any other purposes. Your information will only be shared with specific categories of Service Providers, including but not limited to:
Advertising networks; Affiliate programs; Cloud computing services; Communication and collaboration services; Data analytics services; Data storage services; Financial services; Order fulfillment services; Payment processors; Performance monitoring services; Product engineering and design services; Sales and marketing services; User authentication services and website hosting service providers.
Additionally, we may disclose any Personal Information we collect, use, or receive if required or permitted by law, such as in response to a subpoena or similar legal process. We will also make such disclosures in good faith when we believe it is necessary to protect our rights, ensure your safety or the safety of others, investigate fraud, or respond to a government request. In the event of a business transition, such as a merger, acquisition, or sale of all or a portion of our assets, your Personal Information is likely to be among the assets transferred. We will make reasonable efforts to ensure that your Personal Information continues to be treated in accordance with this privacy policy.
Retention of Information
We are committed to retaining and using your Personal Information responsibly. The duration of this retention aligns with the period necessary to fulfill legal obligations, complete our services, and satisfy the obligations of both our affiliates and partners. This retention period also allows us to enforce our policy, resolve disputes, and comply with any legal requirements. However, unless a longer retention period is required or permitted by law, we ensure that this retention does not exceed a maximum of 84 months.
After you update or delete your Personal Information, we may still use aggregated data derived from or incorporating your information. This aggregated data is used responsibly and ethically, ensuring that it cannot identify you personally. Once the specified retention period concludes, your Personal Information will be promptly deleted. Consequently, the rights to access, erasure, rectification, and data portability cannot be enforced beyond the expiration of this retention period. We prioritise the security and privacy of your information throughout its lifecycle.
Transfer of Information
Your data’s secure transfer aligns with privacy standards. Depending on your location, your information may move and be stored outside your country. For transfers beyond the European Union, we ensure explicit consent or compliance with GDPR provisions.
You have the right to know the legal basis for international transfers and the security measures we take. Feel free to inquire about these measures or check our Policy sections for more details. Your data’s safety is a priority.
Data protection rights under the GDPR
If you’re a resident of the European Economic Area (“EEA“), you hold specific data protection rights. We’re committed to facilitating your rights effectively. Contact us to inquire about, update, or delete your information. Your rights encompass the withdrawal of consent, access to data, correction, objection, restriction, erasure, and data portability. In specific scenarios:
(i) Withdraw your consent at any time without affecting prior lawful processing.
(ii) Discover if your Personal Information is being processed, obtain relevant details, and secure a copy undergoing processing.
(iii) Verify and update your information, requesting completion where incomplete.
(iv) Object to processing, especially for direct marketing, and restrict processing under certain circumstances.
(v) Obtain erasure of your Personal Information in defined situations, except where exclusions apply.
(vi) Receive your data in a structured, machine-readable format, with the option for transmission to another controller.
(vii) Lodge complaints with a data protection authority if unsatisfied with our data collection and use. This provision applies to automated processing based on your consent, a contract, or pre-contractual obligations.
How to exercise your rights
To initiate the exercise of your rights, direct your requests to the contact details specified in this document. Be aware that identity verification may be necessary before we address your requests. Provide ample information in your request for us to verify your identity or your authorised representative’s status. If an authorised representative submits the request, we may seek evidence of their authority, such as power of attorney. Include comprehensive details to ensure a clear understanding of your request. Please note that we cannot fulfill your request or disclose Personal Information without prior verification of your identity or confirmation of your authority to make such requests, ensuring a direct connection to the relevant Personal Information.
Cookies
Our Website and Services utilise “cookies” for security, personalisation, and statistical purposes. A cookie is a text file placed on your hard disk by a web page server. It cannot run programs or deliver viruses. Cookies, uniquely assigned to you, can only be read by a web server in the issuing domain. If you opt to decline cookies, some features of the Website and Services may not be fully accessible.
We employ cookies to gather, store, and track information for security, personalisation, operational, and statistical purposes. Your browser settings allow you to accept or decline cookies. While most web browsers automatically accept cookies by default, you can customise your preferences. For more detailed information on our cookie practices, please refer to our separate Cookie Policy available on our Website.
Advertisements
We may present online advertisements and share aggregated, non-identifying information collected from your use of the Website and Services with our advertisers. Individual customers’ personally identifiable information is not shared. At times, we use this aggregated data to provide customised advertisements to the targeted audience.
Additionally, we may authorise specific third-party companies to assist in tailoring advertising of potential interest to Users. These companies might deliver ads that place cookies and track User behaviour on the Website. For more details on our advertising practices, please refer to our separate Advertising Policy.
Links to Other Resources
The Website and Services feature links to external resources not owned or controlled by us. It’s important to note that we do not oversee the privacy practices of these external resources or third parties. We urge you to exercise caution when navigating away from the Website and Services and to review the privacy statements of each external resource that might collect Personal Information.
Information Security
We diligently secure the information you furnish on computer servers within a controlled, secure environment, shielded from unauthorised access, use, or disclosure. Employing reasonable administrative, technical, and physical safeguards, we strive to safeguard Personal Information in our control and custody against unauthorised access, use, modification, and disclosure.
It’s essential to recognise that, despite our efforts, no data transmission over the Internet or wireless network can be entirely guaranteed. Consequently, you acknowledge that (i) the Internet has inherent security and privacy limitations beyond our control; (ii) assurance cannot be given regarding the security, integrity, and privacy of exchanged information and data between you and the Website and Services; and (iii) such information and data may be subject to viewing or tampering in transit by a third party, even with our best efforts.
Given that the security of Personal Information is influenced by both the security of your communication device and the measures you adopt to protect your credentials, we strongly advise taking appropriate measures to secure this information.
Data Breach
Should we become aware of any compromise to the security of the Website and Services, or if Users’ Personal Information is disclosed to unrelated third parties due to external activities such as security attacks or fraud, we retain the right to take appropriate measures. These measures may include, but are not limited to, conducting investigations, reporting the incident, and cooperating with law enforcement authorities. In the unfortunate event of a data breach, we are committed to making reasonable efforts to notify affected individuals. This notification will occur if we believe there is a reasonable risk of harm to the User resulting from the breach or if such notice is mandated by law. We will communicate any such incidents via email.
Changes and Amendments
We retain the right to modify this Policy or its terms related to the Website and Services at our discretion. Upon such modifications, we will update the date at the bottom of this page to reflect the latest revision. Additionally, we may choose to notify you through other means, such as using the contact information you have provided. The updated version of this Policy becomes effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Website and Services after the effective date of the revised Policy (or such other act specified at that time) will be considered as your consent to those changes. It is important to note that we will not, without your explicit consent, use your Personal Information in a manner significantly different from what was originally stated at the time of its collection.
Acceptance of this Policy
By accessing and using the Website and Services and submitting your information, you acknowledge that you have read and agreed to all the terms and conditions outlined in this Policy. Your use of the Website and Services signifies your commitment to be bound by the provisions of this Policy. If you do not consent to abide by the terms herein, you are not authorized to access or use the Website and Services.
Contact us
If you have any questions regarding the information, we may hold about you or if you wish to exercise your rights, we encourage you to contact us at info@nestcy.com.
This document was last updated on November 20, 2023
