Privacy Policy

What personal data are we collecting?

• We may collect the following information about you:
  your name, age/date of birth, gender and other relevant demographic information;
  your contact details: mailing address, including billing and shipping addresses, telephone number (including mobile number) and email address;
• information about the device you use to browse our website, including IP address and device type;
  your communication and marketing preferences;
• your interests, preferences, feedback, competition and survey responses;
• your social media handling;
  your purchases and orders;
  your online browsing activity on our website, including items stored in your shopping cart;
  your location;
  your correspondence and correspondence with us;

Legal basis for using data
We need to develop a legal basis for our processing of your personal data.
We collect and use our customers' personal data:
1. Necessary for the performance of our contract with you:
To perform our duties and to exercise our rights under contracts for the sale of goods or services to customers;
or
2. Necessary to pursue our legitimate interests, including:

•  sell and provide goods and services to our customers;
  promote, market and advertise our products and services;
• send promotional messages relevant and tailored to individual customers (including administering loyalty programs);
  identify and contact contest winners;
•  Understand the behaviour, activities, preferences and needs of our customers;
  improve existing products and services and develop new ones;
  protect customers, employees and other individuals and maintain their safety, health and welfare;
•  good governance, accounting and management and auditing of our operations and compliance with our legal and regulatory obligations;
  Prevent, investigate and detect criminal, fraudulent or anti-social behaviour and prosecute perpetrators, including cooperating with law enforcement agencies;
  Handling customer contacts, enquiries, complaints or disputes;
  protect our company, its employees and customers by taking appropriate legal action against third parties who commit criminal acts or violate legal obligations to us;
  handle any legal claims or regulatory enforcement actions against us; and
• Fulfill our responsibilities to customers, colleagues, shareholders and other stakeholders;
  3. Necessary to comply with our legal obligations, including:
  where you exercise your rights under data protection law
  Comply with legal and regulatory requirements;
  establish or defend legal rights;
  4. Based on your consent, such as sending direct marketing communications via email or text message.
  You have the right to withdraw consent at any time. If consent is the only legal basis for processing, we will stop processing the data upon withdrawal of consent.

How we protect your data
our control
BURGA is committed to protecting the security of your personal data.
Our security measures include:-

• data encryption;
• conduct regular cybersecurity assessments of all service providers that may process your personal data;
• Regular planning to ensure we are prepared to respond to cybersecurity attacks and data security incidents;
• Daily penetration testing of the system;
•  Security controls to protect our IT system infrastructure and our premises from external attacks and unauthorized access;
• An internal policy for establishing data security rules for our personnel; and
• Regular training of our staff.

How long we keep your data

•  We will not keep your data longer than necessary for the purposes stated in this notice. Different retention periods apply to different types of information, and our Data Retention Policy sets out how long we typically retain personal data and where these default periods may change.
•  In summary, various legal, accounting and regulatory requirements that apply to us require us to retain certain records for a specific period of time. With regard to your personal data, we will only retain that personal data as necessary for legal or regulatory reasons or legitimate organisational purposes. We will not keep your data longer than necessary for the purpose for which we collected it.

International transfers of your data

• In order to provide you with products and services, it is sometimes necessary to share your personal information outside the European Economic Area (EEA). This usually happens when the service provider is outside the EEA or you are outside the EEA. These transfers are subject to special rules under data protection law.
• If we transfer your personal information outside the EEA, we will ensure that the transfer complies with data protection laws and that all personal data is secure. It is our standard practice to assess the laws and practices of the destination country and relevant service providers, and the security measures to be in place for data from overseas locations; alternatively, we use standard data protection clauses.

Your rights

• You have the following rights:
•  the right to know about our processing or your personal data, which is the purpose of this notice;
• the right to request access to the personal data we hold about you at any time;
• the right to request that we update and correct any outdated or incorrect personal data we hold about you;
• the right to object to the processing of your personal data and/or to withdraw any consent you have given us and to opt out of any marketing communications we may send you;
• the right to prevent processing that may cause harm or distress to you or any other person;
• certain rights in relation to automated decision-making, including profiling;
• the right to ask us to delete your personal data in certain circumstances (right to be forgotten), such as when the data is no longer necessary for the purpose for which we collected them;
• The right to have us provide you with your personal data in a structured, commonly used and machine-readable format and to transfer it to another data controller. This is called the right to data portability.