“human beings are human beings, just treat everyone like that.”
― Hayley Williams

We understands that your privacy is important to you and that you care about how your personal data is used and shared online. In Mashu Mashu Box we comply with international privacy standards regardless of whether the customer is a business or a individual consumer, and/or country. We do all possible and reasonable actions to ensure that all personal data of data subjects that being processed and held remains protected regardless of the country’s location.  

This page is to inform our customers that we are committed to holding our client’s personal information with the strictest respect for their rights to comply with GDPR.

We recommend you familiarise yourself with GDPR regulations by visiting their website to verify how Mashu Mashu Box complies with the rules and regulations.  

Should you still have any inquiries regarding our Privacy Policy, please feel free to email us at GDPR@mashumashubox.com

The GDPR provides the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

We hereby disclose how each individual right is implemented within our business processes and systems in place.

1. The right to be informed

We set up several ways by which we inform our visitors and customers of the data we collect::
– by cookie consent dialog shown on our web site
– by specifying data collection, management and sharing practices in our Terms and conditions and Data Processing Agreement
– by providing a special page with description of every cookie available at Cookie declaration
– by providing a special page with description of our Data retention policy

 

We collect and store several data types:

These do not provide a means by which the information may be linked to the same person across multiple data records or information systems. We only collect and store types of device (desktop; mobile or tablet); a country from which you communicate with us via your device (IP based Geo Location); date and time of access and pages visited. 
The primary identification information is used solely to provide services tailored to our registered customers (“My Account” page and special offers that we may present). We store your password in encrypted form and are unable to access it without generating a new one. NOT UNDER ANY CIRCUMSTANCES we will ask you to provide your password. For all intents and purposes related to our business operations (sales), we store your user name and e-mail address used to process your orders and to provide means of communication, such as invoice delivery, order confirmation, etc. We have a separate policy regarding promo messaging (e-mail marketing) that depends upon the explicit consent of a customer.
Your full name is used mainly for delivery and invoicing and/or for addressing any of your requests in a proper manner. Addresses indicated are used to determine taxes applied during checkout (billing address), delivery price (shipping address), compliance with Israeli and international laws and for issuing an invoice after your payment has been processed successfully. The phone number is required by post\delivery company solely for communicating with you on all relevant matters.
All purchases made via our website are subject for TAX invoicing and therefore, kept for 7 mandatory years. According to regulations enforced by the State of Israel, we are required to partner with an accredited\certified bookkeeping party that will be responsible for managing our invoices. The following information will be thus shared with such party: customer full name, billing and delivery address, products purchased, transaction amount and transaction currency, date and time of transaction. We will ensure that all of the above mentioned comply with our obligations for privacy protection and GDPR guidelines.

In order to process your Subscription renewal payment, we use secure algorithm called “Tokenized Payments.”

We would like to emphasize that UNDER NO CIRCUMSTANCES does Mashu Mashu Box collect, process, or store your payment details (Card details or PayPal login). All processing is done through a secure channel directly between your computer and a payment gateway provider.

When you pay for your subscription plan first time, a payment clearing partner issues a secure token (identifier) that can be used for any recurring purchases in the future. Should this token even stolen, it will prevent any access to information regarding your Card or PayPal account or any order details that we hold. Only Mashu Mashu Box will be able to issue a payment request and even then – the payment parameters remain intact and unchangeable. The payment will be supported fully by payment clearing partner’s system. The token us time sensitive and will cease to exist if and when you stop or halt your subscription plan. 

Depending on a type of message sent and a manner it has been received, we will either store it together with a relevant order (if received as a comment, this will be embedded) for 7 years or will be discarded in accordance with data retention policy if a message was sent through other channels of communication.

 

We share some of our customers data:

According to regulations enforced by the State of Israel, we are required to partner with an accredited\certified bookkeeping party that will be responsible for managing our invoices. The following information about your order will be thus shared with such party: customer full name, billing and delivery address, products purchased, transaction amount and transaction currency, date and time of transaction. We will ensure that all of the above mentioned comply with our obligations for privacy protection and GDPR guidelines.
If you give consent to receive our newsletter (email marketing), we have to share your name and email address with our email marketing partner. The sole purpose is to generate an email and to track down its delivery to an addressee. We will ensure that all of the above mentioned comply with our obligations for privacy protection and GDPR guidelines. 
The data you enter in your account and order details (name, address and phone) are shared with delivery service provider to ensure the Mashu Mashu Box reaches you and your loved ones as intended. This is the only time your personal data is exposed and we cannot in any way to control it the moment your box leaves our facility. 

 

2. The right of access

All personal data entered and/or generated on our website is available under your account (“My Account” page). Should you have any concern, please notify us be using either a contact form or by emailing us at GDPR@mashumashubox.com

 

3. The right to rectification

You can always verify and correct any data using either your account (“My Account” page) or by contacting us at hello@mashumashubox.com. We will do our best to assist with any related matter.

 

4. The right to erasure

We understand if you simply change your mind. If that’s the case, we respect your decision. Regardless, our mission remains the same – we are here to ensure your order processed in a fast and secure manner.

As you may already know – you can cancel your subscription and orders (according to the cancellation policy). If you wish, we can do this on your behalf, but it’ll require you to send us a note using a form here or by emailing us at pay@mashumashubox.com, with the subject line “ CANCELLATION OF ACCOUNT.”

We must warn you, that even if your account is deleted from our system, some of your personal data will remain in our system or systems of our partners.

What will remain with us?

Invoices and Order history

According to regulations enforced by the State of Israel, we are required to keep your invoices for 7 years after the date of issuing. This information will remain accessible by our financial team. As such, even when your orders are deleted from our system and are not accessible directly, there is a possibility to indirectly restore your order history based on invoices kept.

Data stored in system backup

We take business continuity and customer service very seriously. Therefore, regular backups of various systems we manage is an absolute must.
Depending on a system in which your data are located, it may take up to 1 (one) month to delete all of the data that could be erased without breaking any law or regulation.

Payment data

Mashu Mashu Box does not store or process your payment information (card details, PayPal login etc.) and does not have any power over it. If you wish to know how your payment information is being processed by our payment providers, feel free to contact them directly.

The only data related to payments that we do store is a secure token in case you opted for one of ours subscription plan. Having said that, we will remove that token and notify the clearing partner as soon as you issue an account cancellation request.

 

5. The right to restrict processing

Due to the nature of business processes employed, we are only able to restrict your data processing through several systems. We can revoke your data from our email marketing system. All other data in our possession should remain accessible by us or our partners. If you wish to restrict your data access, the only solution would be to cancel your account with us.

 

6. The right to data portability

We comply with the right of data portability by establishing a special workflow. In case you submit a request using either a form or by sending an email at hello@mashumashubox.com, we export your data in XML format and make it available under Downloads section of your account (“My Account” page > Downloads).

Your invoices are accessible under your account (“My Account” page > Orders or Subscriptions) in PDF format at any time.

 

7. The right to object

We currently do not have or plan on having any algorithm allowing you to view all marketing campaigns you have opted-in under your account (“My Account” page). However, we provide an unsubscribe link in each and every marketing email we send.

Alternatively, you can contact us using either a form or by emailing us at hello@mashumashubox.com and we will remove the address provided

 

8. Rights in relation to automated decision making and profiling

We currently do not use any automated decision making technology, so Mashu Mashu Box is excluded from the scope of Article 22.