Who we are

Effective Date: November 26th, 2024

1. Introduction

This Privacy Policy outlines how SMMA and Aranea Corp (“we,” “our,” or “us”) collects, uses, shares, and protects your personal information when you use our services. We are committed to ensuring your privacy and protecting your data in compliance with GDPR and other applicable laws.

2. Data We Collect

We may collect the following personal information from you:

  • Name
  • Email address
  • IP address
  • Request type
  • User agent
  • Referrer
  • Country (via Google Analytics)
  • Address (via WooCommerce)
  • Date of birth
  • Credit card information (via Stripe)

We also collect non-personal data such as cookies for session management and site features.

2.1 Data Collected By reCAPTCHA

Google recaptcha is used to mitigate spam and automatic abuse of the site; which in turn provides a better user experience. This information is shared with google to provide proper usage of recaptcha. Please refer to google’s privacy policy for more information about how they may use this data.

To allow recaptcha to function, Google may require the following:

  • IP address
  • Resources loaded, including styles or images
  • User Google account identification
  • User Behaviors such as mouse movements, page scrolling, links clicked, forms completed and typing frequency
  • Browser History
  • Browser plugins
  • Cookies
  • Source code of www.haniaskincare.com

3. How We Use Your Data

The data we collect is used for the following purposes:

  • Account creation and management
  • Email marketing (first-party only)
  • Demographic analysis and insights
  • Security controls (e.g., blocking suspicious actors based on IP Address)
  • Server analytics to monitor traffic and service abuse
  • Payment processing via Stripe
  • Email Hash for possible Avatar image recognition

4. Data Sharing

We may share your data as follows:

  • Google Analytics: For demographic and site traffic analysis.
  • Google Recaptcha: For providing genuine users with a good experience while preventing malicious systems from attempting to misuse the site.
  • PBC Biomed, SMMA and Aranea Corp: Shared data includes all collected information for operational purposes.
  • Wordfence: Server request information is shared for security monitoring on the local server. Your data has not been permitted to be shared with Wordfence analytics
  • Stripe: For payment processing.
  • Gravatar: Hash of email to locate avatar if user has an active session (Is logged in)
  • Yourself: If you request a password reset, your IP may be in the email of the reset request

We do not sell or rent your personal data to third parties.

5. Data Protection

Your data is encrypted during transmission and storage. Only authorized personnel (administration or editors of the site) have access to your personal information. We conduct daily software security checks and external tests three times a week to ensure data safety.

6. Data Retention

We retain your data indefinitely to support our operational needs. However, we continuously evaluate retention periods every 3 months in compliance with GDPR requirements. Personal data for identifying orders will be retained for as long as necessary to provide support. Server log information will be retained as long as required in order to provide security to changes in network and application usage.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

7. User Rights

As an EU-based service, we comply with GDPR, granting you the following rights:

  • Access to your personal data
  • Rectification of inaccurate or incomplete data
  • Erasure of data (“Right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to processing
  • Lodging a complaint with a supervisory authority

To exercise your rights, please contact us at [email protected].

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

8. Cookies and Tracking

We use cookies to manage sessions, enhance user experience, and provide site features such as popups, and abandoned cart metrics. You can control cookie preferences through your browser settings.

Other cookies such as the Recaptcha cookie _GRECAPTCHA, or otherwise changed by google, is used on this site to help mitigate spam and abuse of the site. The cookie is used to track user interactions and prevent automated abuse.

9. Marketing Emails

We may use your email address for marketing communications. You can opt out at any time by clicking the “Unsubscribe” link in our emails.

10. Data Storage

All data is stored securely in AWS (Ireland, EU-west). We ensure compliance with GDPR and EU data protection standards.

11. Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting on this page, and we encourage you to review it regularly.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:
[email protected]

Gravatar

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.