Policy on personal data processing based on REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (GDPR)
The following Terms and Conditions of Sale regulate the sale on this website “www.appybags.com.mt” (Website). The seller is Theia Moira Ltd, with registered office in Malta, Triq il Kullegg Sliema SLM1379 Malta VAT number MT 2168-2832, (Company)
Purchasing through the Website
The Company shall acquire and process your personal data to process your request to purchase through the Website.
The Company shall process the personal data provided by you to enable you to register with the Website and make use of the services restricted to registered users.
If you provide your explicit consent, the Company shall process your personal data to send you promotional communications and/or newsletter regarding products offered for sale by the Company or by third parties.
The Company is entitled to sale its products using the email that you communicated during your first purchase on the Website, if this product is similar of the first sale (soft spamming). You may at any time notify the Company of your refusal to receive this type of communication.
Article 1. Purpose of the processing. Legal basis. Mandatory or optional nature of data provision and consequences of any refusal.
The Company shall process the personal data provided by you for the following purposes:
a. to enable you to register with the Website and make use of the services restricted to registered users and for administrative/accounting purposes. The legal basis for the processing is Company’s commitment to be compliance with a legal obligation or to take steps at the request of the data subject prior to entering into a contract, as the case may be;
b. in the case of the execution of an online purchase order, to allow the conclusion of the purchase contract and the proper execution of transactions related to the same (and, where necessary, to fulfill tax obligations). The legal basis for the processing is Company’s commitment to be compliance with a legal obligation or to perform a contract to which the data subject is party;
c. limited to the email address provided by you when purchasing products offered on the Website, to enable the direct sale of similar products (soft spamming), without requiring your express and prior consent and provided that you do not exercise your right to object. The legal basis for the processing is the Company's legitimate interest to perform these activities. This legitimate interest is equal to the user's interest to riceve "soft-spam" communication;
d. if you provide your explicit consent, for the Company to send you newsletter and for market research purposes also aimed at evaluating the level of customer satisfaction and to send you promotional communications in relation to the products of the Company and / or third-parties, by email (marketing purposes); The legal basis for the processing is your consent;
e. if the chat service is operational, for the Website to allow the activation of the service, through which you may contact the Company. The legal basis for the processing is the Company's legitimate interest to perform these activities. This legitimate interest is equal to the user's interest to use the chat service of the Website;
f. to respond to your requests through the customer care service. The provision of data is purely optional. However, as the said processing is necessary in order to respond to your request, your refusal to provide the relevant data will prevent you from obtaining answer from the customer care of the Company. The legal basis for the processing is the Company's legitimate interest to perform these activities. This legitimate interest is equal to the user's interest to use the customer care service of the Website;
g. in order to answer to your requests by email, by telephone. The provision of data is purely optional. However, as the said processing is necessary in order to respond to your request, your refusal to provide the relevant data will prevent you from obtaining answer from the customer care of the Company. The legal basis for the processing is the Company's legitimate interest to perform these activities. This legitimate interest is equal to the user's interest to receive answer by the Company.
The provision of data for the purposes set out in at Point a) and b) is purely optional. However, as the said processing is necessary in order to provide the online purchasing your refusal to provide the relevant data will prevent you from completing an online purchase.
Consent to marketing purposes is purely optional. Failure to consent will have the following consequences.
Failure to consent to the processing of personal data for marketing purposes will prevent you to receive promotional communication and newsletter regarding products of the Company and/or third-parties and will prevent the Company to carry out market research purposes aimed at evaluating the level of customer satisfaction.
It is understood that the Company may use your personal data to comply with legal obligations and to perform the purchase contract.
You may revoke your consent using the relevant link indicated in any promotional email sent by the Company.
Payment Card Data
In order to make a payment through one of the payment cards offered on the Website, you shall enter the data of the payment card directly on a page that will communicate through secure encryption protocol with the payment service provider (which will act as an independent data controller). These data will not pass through the server of the Company which, therefore, will not process such data in any way.
In execution of the legal obligations provided for by Directive 2015/2366/ (EU) on payment services in the internal market (PSD2), You are informed that, with reference to purchases made on the Web Site by credit card, data necessary for the conclusion of the purchase process may include the phone number communicated by You, or a different personal data necessary to complete the purchase process. In order to allow you to complete the purchase, the payment institution in charge of managing the transaction will send you an authentication code, which must be reported by You during the purchase process to meet the authentication criteria provided by PSD2 (Strong Customer Authentication). The processing of your personal data for these purposes has as its legal basis the fulfillment of legal obligations and does not require your consent.
To provide the above-indicated data is necessary to make purchases on the Website.
You may make purchases using PayPal. In this event, you will be directed to a page outside the Website, where you must indicate the personal data requested by PayPal to complete the purchase process (PayPal will act as a data controller). These data will not pass through the server of the Company which, therefore, will not process such data in any way. To provide the above-indicated data is necessary to make purchases on the Website.
Special Categories of Personal Data. Judicial Data.
The Company does not process special categories of personal data nor judicial data.
You may receive a notification on your device (fixed and/or mobile) which will allow the identification of the device itself (Geolocation). You may allow or refuse such setting. Your choice will not affect the functionality of the Site. The data relating to the position of the device will not be collected and or stored by the Company. The legal basis for the processing is the legitimate interest of the Company in providing services appropriate to the position of the User. This legitimate interest is equal to the User's interest in receiving services as relevant as possible to his or her position.
Article 2. Methods of Processing Personal Data
The processing of your personal data will be carried out by electronic or automated means, in the manner and with the appropriate tools to ensure the security and confidentiality in accordance with the GDPR.
The information and methods of processing will be relevant and not excessive in relation to the type of services provided. Data will be managed and protected in environments where access is under constant control.
Article 3. Data Disclosure
- 1.to all those parties (including Public Authorities) that have access to the data by virtue of regulatory or administrative measures
- 2.to third parties in charge of printing, enveloping, shipping (e.g., suppliers, even with reference to drop shipping activity) and/or delivery and/or collection of products purchased through the Website
- 3.to forwarding agents and to parties responsible for the delivery and/or collection of the products purchased
- 4.to parties who process online payment transactions
- 5.to companies, consultants or professionals in charge of the installation, maintenance, updating and the management of the Company's hardware and software or which the Company uses for the provision of its services
- 6.to the companies that send the newsletters and/or other informative communications transmitted on behalf of the Company
- 7.to the employees and/or collaborators of the Company
- 8.to the company in charge of the customer care service
- 9.companies managing online payment transactions
- 10.third parties in charge of for repairing damaged products or products subject to the legal guarantee of conformity
- 11.to all those public and/or private parties, natural and/or legal persons (legal, administrative and tax consultancy firms), where the communication is necessary or of practical use for the correct fulfilment of contractual obligations undertaken in relation to the services provided through the Website, and of legal obligations.
Your data may be disclosed only in anonymous and aggregated form for statistical or research purposes.
Article 4. Data Controller
You can contact the Company, as Data Controller, at the following addresses:
by email, writing to: email@example.com;
by selecting the website Contact Form;
by writing to: Theia Moira Ltd, mailbox no. 2, Triq Il Kullegg SLM1379 Sliema.
You may address requests relating to the processing of your personal data to both the Data Controller and the Data Protection Officer.
Article 5. Data Storage
Personal data will be stored according to the following: (i) for marketing purposes, until consent is revoked. For inactive users, personal data will be deleted after one year from the sending of the last email that may have been viewed; (ii) for the purpose of executing the sales contract, for 10 years from the date of receipt of the purchase order; (iii) for the purpose of legal defence, until the judgement becomes final; (iv) for the purpose of complying with the law, for the time necessary for this purpose; (v) for the purpose of executing any service requested through the Website, for the time necessary to execute the request.
Article 6. Rights of the Data Subject
Pursuant to GDPR (Article 13), you have the right to:
- 1.request access to and rectification or erasure of personal data or restriction of processing or object to their processing, in addition to the right to data portability;
- 2.withdraw consent at any time without prejudice to the lawfulness of processing based on consent given prior to the withdrawal;
- 3.lodge a complaint before a supervisory authority (e.g. the OIDPC, Office of the Information and Data Protection Commissioner).
The above-mentioned rights may be exercised by making a request to at the contacts indicated above.
Article 7. Amendments