1. Policy Statement

At ADME (CY) LTD incorporated in Cyprus under registration number HE347617, with an address at 62 Agiou Athanasiou Avenue, BG WAYWIN PLAZA, office 101, 4102 Limassol, Cyprusand/or its affiliates, (collectively referred to as«we», «us», «our») the protection of your personal data is a top priority. Keeping your data secure and private is part of our philosophy to apply the highest professional standards within our company. 

We are committed to process your personal data as follows:

  • Fairly and lawfully;
  • In an appropriate manner;
  • For limited purposes and not longer than necessary;
  • For the purpose required and not in an excessive way;
  • Keep them up-to-date and accurate;
  • Processed in line with your individual rights and in accordance with applicable Law;
  • In a secure way avoiding unauthorised or unlawful processing;
  • Protected against breach, accidental loss, destruction or damage by using appropriate technical and organisational measures;
  • Not transferred to third parties or organisations without adequate protection;

This privacy notice explains how we will process your personal data in accordance with the EU Regulation 2016/679 («GDPR») and Cyprus’ Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018), as amended, within the scope of providing our products and services offered on our website (the «Website»), such as the sale of hobby and craft boxes, and other related products and services (the «Services»).

As stated in our Terms of Use, in order to effect a purchase on the Website, you need to be at least 18 years old or at the minimum legal age where you are eligible to enter a contract. We reserve our right to use your personal data for the purposes of verifying your age. If we find out that you are below 18 years of age, your personal data will be deleted. 

If you reside or are located in the Russian Federation, your personal data will be processed in compliance with the Federal Law of Russia No. 152-ФЗ as of 27.07.2006 “On Personal Data”. You will enjoy all rights provided to you by the said law. Any reference to GDPR also includes the reference to the above Federal Law of Russia No. 152-ФЗ.

If you live in a country outside the EEA, collection and processing of your personal data shall be governed in accordance with the privacy laws of the state of California and where applicable Brazilian related General Data Protection Law. 

Any terms or keywords contained in this notice shall have the same meaning as defined in GDPR. 

It is important that you read this privacy notice, together with any other notice which might be communicated to you, so that you are fully aware of how and why we are using such information. 

2. Identity and contact details 

ADME (CY) LTD is a Cyprus private limited liability company with registration number HE347617 and is the «Data Controller» pursuant to the GDPR, and related Cyprus Laws, and determines how your personal data is kept and processed. 

The main establishment and the central administration of the Data Controller is situated at 62 Agiou Athanasiou, BG WAYWIN PLAZA, 1st Floor, Office 101, 4102, Limassol, Cyprus.  

Official requests may be made by post at 62 Agiou Athanasiou, BG WAYWIN PLAZA, 1st Floor, Office 101, 4102, Limassol, Cyprus, or electronically at privacy@thesoul-publishing.com.

3. Legal basis for processing

Your personal data will be collected and processed on the basis of our contractual relationship with you for the provision of the Services, on the basis of your express consent (as applicable), as well as our legal obligation to comply with the rules and regulations related to the provided Services.

4. The kind of information we hold about you

In order to provide the Services to you, we will collect, store, use and overall process the following categories of personal data about you:

  • Information you have provided for the purposes of effecting a purchase, including your name/surname, email, home address, date of birth, telephone contact details, details of your credit or debit card, including expiration date and CVV, as well as your PayPal account information (as appliable). We will process your credit cards or PayPal account information in accordance with internationally recognised and accepted business practices and standards for this kind of transaction.
  • Data related to frequency of your use, your preferences to the Services, and your IP address for verification purposes. 
  • Information via other platforms, e.g., registering through your social media account (as applicable). 
  • Any other information which might be statutory required to be requested, depending on the nature of the Services. 
  • Information required for business processes, such as to participate in market research surveys, user testing research, competitions, promotions or events, or to provide testimonials in regards the Services.

No special categories of personal data will be requested unless we are obliged by law to do so.

5. How we will use your personal information

The purposes for which our company will process your personal data include but are not limited to:

  • Create, activate and manage your registration as a customer on the Website.
  • Effect the purchases, and generally give you access to the Services, for the purposes of executing the agreement for the provision of the same.
  • Effect payments to us for the provision of the Services. 
  • Contacting you via the provided email address or other means concerning updates of our Services and for marketing. 
  • Keep records related to any Services provided to you.
  • Comply with legal or regulatory obligations, where applicable.

(Some of the above grounds for processing overlap and there may be several grounds which justify our use of your personal data).

If you fail to provide information when requested, which is necessary for us to provide the Services, or if fraud is detected, then we will not be able to process your request. 

We reserve the right to make backup data files and hold secure multiple copies of personal data (including any electronic copies), in order to protect our company’s interests in the event of data loss.  

Should there be a need to further process your personal data, for a purpose other than that for which they were initially collected, you will be informed accordingly.

With your express consent, we or third-party collaborators, may make available to you, personalised ads related to our Services. You will have the opportunity to manage your preferences about such personalised or profiling information via the Website. 

We will also use the personal data we collect to understand, improve and enhance our existing Services, your experiences with them, and our business operations, and to develop new ones. 

6. Recipients and Users of personal data

We will only use your personal data for legitimate purposes and for the purposes mentioned above. Your data may be processed through our secure computer network systems and accessed only by authorised users within our company.

Your personal data may also be processed by any specified and contracted third party processor, acting under written and express authorisation on behalf of our company, used to process such personal data, providing secure processing facilities and data access.

When we are statutory obliged to do so or pursuant to a court order, your personal data may be also processed by any governmental and/or other official authority and/or any other third party.   

7. Third party processing

Data processing may be carried out on behalf of us by third party data processors which may be located in the European Economic Area (EEA) or in other third countries, pursuant to written and express authorisation for specific purposes contained in the relevant authorisation. We have taken all necessary steps, including the implementation of appropriate legal, technical, and organisational measures, to ensure that the data processing meets all applicable statutory requirements, thus safeguarding your rights.  

8. Transfer of personal data to third countries or international organisations

We may operate within the European Union (EU), the European Economic Area (EEA) and other third countries, and therefore your personal data or part of them may have to be transferred overseas.

We have taken all reasonable steps to ensure that your personal data are provided with adequate protection based on international protection frameworks and that all transfers of data are conducted pursuant to our written agreements and the supervisory authorities’ guidelines (if required) and/or other legal and/or regulatory requirements. 

9. Automated decision making including profiling

You will not be subject to decisions that will produce legal effects or have a significant impact on you, based solely on automated decision – making. 

10. Data Retention policy

We will retain your personal data for as long as we have an ongoing contractual relationship, and after that for a period determined by any obligations arising from the processing of the personal data or as established by applicable laws.

11. Security

Security of your personal data is taken very seriously. For any type of data processing we have data management systems which are periodically updated in accordance with technological development and a framework of multilevel security policies to hold data confidential and secure. Security measures have also been taken to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. 

Moreover, we have procedures to deal with suspected data security breaches or threats and should a breach ever materialise, you will be notified accordingly, along with the supervisory authority, if we are required to do so. 

More information on our security framework is available upon request. 

12. Your rights in connection with personal data

You enjoy a number of rights relating to the processing of your data. Any personal data related requests shall be processed within reasonable time and in any case within 1 (one) month from the signed written request. This period of time may be extended under certain circumstances by further 2 (two) months.

You will not have to bear any cost to exercise any of your rights. We may though charge a reasonable fee should your requests be clearly unfounded or excessive, due to their repetitive character, or refuse to comply with such requests.  

We may request specific information to assist us confirm your identity and ensure your capacity to enforce your rights. This is part of our security measures to certify that personal information is not disclosed to any person who has no right to receive it. 

Save for any statutory provisions to the contrary, the rights available to you by law are the following:

13. Right of Access 

You have the right to enquire and obtain information from us, as to whether or not your personal data is being processed, including information on the purposes and legal standing of the processing, the categories of data, the recipients or group of recipients and where possible, the envisaged period for which the personal data will be stored.

Where applicable, you may also inquire in respect of any transfer of personal data to a third country or international organisation as well as to obtain more information about our existing security measures / safeguards governing such transfer.   

14. Rectification / Amendment 

We aim to have up-to-date personal data kept in our records. Any inaccurate or incomplete personal data may be updated or rectified pursuant to a formal request.   

15. Right of erasure («right to be forgotten») 

Save for any limitations provided by express legal or regulatory provisions, including our policies for data retention, you have the right to request your personal data to be erased from our database, should any of the following occur:

  • The personal data is no longer necessary in relation to the purposes for which it was initially collected;
  • There is an objection to the further processing;
  • The personal data has been unlawfully processed;
  • The personal data should be erased in compliance with a legal obligation.   

16. Restriction of data processing 

Provided that no statutory exceptions apply, should any of the following apply, you have the right to request from us to restrict the further processing of your personal data:

  • There is a dispute as to the accuracy of the personal data;
  • The processing is unlawful, and the erasure right was not requested;
  • The personal data will be used to establish, exercise, or defend legal claims.

17. Right of portability 

You have the right to receive your personal data in a structured, commonly used and a machine-readable form. In addition, and where it is technically feasible, you have the right to request the personal data to be transmitted directly from one data controller to another; thus, from one organisation to another. 

Subject to any statutory requirement, the right of portability will not extend to personal data which is inferred or derived by us, such as activity registry, business performance appraisals or other results of algorithmic analysis.  

18. Withdraw consent

Where the personal data processing is based exclusively on consent, you have the right to request from us to withdraw such consent at any given time. Nevertheless, such withdrawal will not affect the lawfulness of any data processing based on that ground prior to your withdrawal. 

Upon receiving your request, we will no longer process your information for the purposes you originally agreed to, unless another legal basis exists, or for the establishment, exercise or defence of legal claims.

19. Cookies policy

We use cookies, to enable a better user experience when navigating or using the Website, or when providing our Services. Please, read our Cookies Policy available here to learn more about the cookies we use, their purpose, and other related and useful information.

20. Changes to the Privacy Notice

We keep our privacy notice under regular review, and we reserve the right to update this privacy notice at any time. If we make changes to this policy during the provision of the Services or your registration to the Website that, in our sole discretion, has a material impact on your rights with respect to how we process your personal data, we will notify you via email to the email address you provided us. By continuing to make use of the Website and the Services after those changes become effective, you agree to be bound by the revised Privacy Notice.

21. Complaints

Complaints relating to the processing of any personal data may be communicated electronically at privacy@thesoul-publishing.com.

Complaints may also be lodged before the supervisory authority responsible for the protection of personal data, in the country of your habitual residence, place of work, or place of the alleged infringement of your personal data. More information about how to contact the supervisory authorities across the EEA, can be found in the European Data Protection Board’s website here (https://edpb.europa.eu/about-edpb/about-edpb/members_en). If you reside or are located in the Russian Federation, you may submit your complaint to the Federal Service For Supervision Of Communications, Information Technology, And Mass Media (https://rkn.gov.ru/).