“human beings are human beings, just treat everyone like that.”
― Hayley Williams
We understands that your privacy is important to you and that you care about how your personal data is used and shared online. In Mashu Mashu Box we comply with international privacy standards regardless of whether the customer is a business or a individual consumer, and/or country. We do all possible and reasonable actions to ensure that all personal data of data subjects that being processed and held remains protected regardless of the country’s location.
This page is to inform our customers that we are committed to holding our client’s personal information with the strictest respect for their rights to comply with GDPR.
We recommend you familiarise yourself with GDPR regulations by visiting their website to verify how Mashu Mashu Box complies with the rules and regulations.
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
We hereby disclose how each individual right is implemented within our business processes and systems in place.
1. The right to be informed
We set up several ways by which we inform our visitors and customers of the data we collect::
– by cookie consent dialog shown on our web site
– by specifying data collection, management and sharing practices in our Terms and conditions and Data Processing Agreement
– by providing a special page with description of every cookie available at Cookie declaration
– by providing a special page with description of our Data retention policy
We collect and store several data types:
In order to process your Subscription renewal payment, we use secure algorithm called “Tokenized Payments.”
We would like to emphasize that UNDER NO CIRCUMSTANCES does Mashu Mashu Box collect, process, or store your payment details (Card details or PayPal login). All processing is done through a secure channel directly between your computer and a payment gateway provider.
When you pay for your subscription plan first time, a payment clearing partner issues a secure token (identifier) that can be used for any recurring purchases in the future. Should this token even stolen, it will prevent any access to information regarding your Card or PayPal account or any order details that we hold. Only Mashu Mashu Box will be able to issue a payment request and even then – the payment parameters remain intact and unchangeable. The payment will be supported fully by payment clearing partner’s system. The token us time sensitive and will cease to exist if and when you stop or halt your subscription plan.
We share some of our customers data:
2. The right of access
All personal data entered and/or generated on our website is available under your account (“My Account” page). Should you have any concern, please notify us be using either a contact form or by emailing us at GDPR@mashumashubox.com
3. The right to rectification
4. The right to erasure
We understand if you simply change your mind. If that’s the case, we respect your decision. Regardless, our mission remains the same – we are here to ensure your order processed in a fast and secure manner.
As you may already know – you can cancel your subscription and orders (according to the cancellation policy). If you wish, we can do this on your behalf, but it’ll require you to send us a note using a form here or by emailing us at firstname.lastname@example.org, with the subject line “ CANCELLATION OF ACCOUNT.”
We must warn you, that even if your account is deleted from our system, some of your personal data will remain in our system or systems of our partners.
What will remain with us?
According to regulations enforced by the State of Israel, we are required to keep your invoices for 7 years after the date of issuing. This information will remain accessible by our financial team. As such, even when your orders are deleted from our system and are not accessible directly, there is a possibility to indirectly restore your order history based on invoices kept.
We take business continuity and customer service very seriously. Therefore, regular backups of various systems we manage is an absolute must.
Depending on a system in which your data are located, it may take up to 1 (one) month to delete all of the data that could be erased without breaking any law or regulation.
Mashu Mashu Box does not store or process your payment information (card details, PayPal login etc.) and does not have any power over it. If you wish to know how your payment information is being processed by our payment providers, feel free to contact them directly.
The only data related to payments that we do store is a secure token in case you opted for one of ours subscription plan. Having said that, we will remove that token and notify the clearing partner as soon as you issue an account cancellation request.
5. The right to restrict processing
Due to the nature of business processes employed, we are only able to restrict your data processing through several systems. We can revoke your data from our email marketing system. All other data in our possession should remain accessible by us or our partners. If you wish to restrict your data access, the only solution would be to cancel your account with us.
6. The right to data portability
We comply with the right of data portability by establishing a special workflow. In case you submit a request using either a form or by sending an email at email@example.com, we export your data in XML format and make it available under Downloads section of your account (“My Account” page > Downloads).
Your invoices are accessible under your account (“My Account” page > Orders or Subscriptions) in PDF format at any time.
7. The right to object
We currently do not have or plan on having any algorithm allowing you to view all marketing campaigns you have opted-in under your account (“My Account” page). However, we provide an unsubscribe link in each and every marketing email we send.
8. Rights in relation to automated decision making and profiling
We currently do not use any automated decision making technology, so Mashu Mashu Box is excluded from the scope of Article 22.