Terms and Conditions

This privacy policy has been compiled to better serve those who are concerned with how their 'Personally Identifiable Information' (PII) is being used online. PII, as described in US privacy law, EU GDPR and in information security industry, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website and services. By accessing or using the Service, including browsing the site, you expressly consent to the collection, use, storage, processing, and disclosure of your information in accordance with our Privacy Policy.

Compliance concerning accordance with Regulation EU 2016/679 (GDPR Compliance)

General Data Protection Regulation enters into force at May 25, 2018. Vanan Online Services, located at 4444 Germanna HWY, Suite 365, Locust Grove, VA 22508, USA is dedicated to fulfill European standards of data protection and to actively support it. This GDPR compliance shall be understood as unilaterally binding upon us and become operational as an exhibit to the Privacy Policy.

Vanan Online Services as a Controller in relation to data content and Personal Data (and in some cases a data processor in relation to Personal Data) of Customers, dedicates itself to fulfill all standards necessary to ensure proper data protection. As this Compliance form is unilaterally binding upon us, it may be used by any party using Vanan Online Services as a proof for our declaration concerning GDPR compliance.

We have also entered into data processing agreements (DPAs) with all of our sub processors and we have a DPA available for customers as well. So, if you’re interested please send us a request either through our support email – [email protected] or you can contact our below listed Data Protection Officer (DPO) and we will send you the instructions to proceed.

What personal information do we collect from the people that visit our blog, website or app?

When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, credit card information or other details to help you with your experience.

When do we collect information?

We collect information from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form, Use Live Chat, Open a Support Ticket or enter information on our site or when you provide us with feedback on our products or services.

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

• To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
• To improve our website in order to better serve you.
• To allow us to accurately respond to your customer service requests.
• To administer a contest, promotion, survey or other site feature.
• To quickly process your transactions.
• To ask for ratings and reviews of services or products.
• To follow up with our customers after the initial contact (live chat, email or phone inquiries).
• To secure (establish, investigate or defend) Customer’s, as well as Company’s claims that may arise due to the Services.

Consent for processing and transferring Personal Data

The Customer agrees and warrants that the processing, including the transfer of its Personal Data has been and will continue to be carried out in accordance with the relevant provisions of the applicable Data Protection Laws (and, where applicable, has been notified to the relevant authorities of the Member State where the Company is established or has its representative) and does not violate the relevant provisions of that State.

Profiling Personal Data

Please note that by using our Services, Customer gives its consent to the profiling of its Personal Data that was given to the Company, for the purpose of proper maintenance and providing the Service and others specified in the Privacy Policy. Customer agrees that the profiling of its data shall serve, in particular, the purpose of providing Customer with content that is accurate and consistent with the scope of the Service. Customer acknowledges that it has the right not to be profiled. In such case the request can be made at any time at [email protected] Withdrawing the consent is tantamount to the termination of the Agreement.

Retention of Copies

The Company may retain Customer Personal Data to the extent required by applicable European Union law or the law of an EU Member State and only to the extent and for such period as required by such laws and always provided that the Company shall ensure the confidentiality of all such Customer Personal Data and shall ensure that such Personal Data is only processed as necessary for the purpose(s) specified in such law requiring its storage and for no other purpose.

The Customer agrees that after the termination or expiration of the Agreement its data may be stored as a backup for the time needed to secure (establish, investigate or defend) Customer’s and Company’s claims that may arise due to the performance of the Services (for the time it takes for the claims to be barred).

Right to Access, Amend or Erasure

Each data subject has the right to access, correct, amend, block or delete its Personal Data. The Company shall comply with any commercially reasonable request by Customer to correct, amend, block or delete Customer’s Personal Data, as required by Data Protection Laws, to the extent the Company is legally permitted to do so. If you wish to access, amend, or confirm that Vanan Online Services has Personal Data relating to you, or if you wish to correct or delete your Personal Information if it is inaccurate, please notify us at: [email protected] If your Personal Data changes, or if you no longer desire our Services, you may correct, update, delete inaccuracies or request deactivation of your account e-mailing us at [email protected] We will respond to your access request within 30 days. To request removal of your personal data from our testimonials or customer support forum, please contact us at [email protected] In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why.

Geo-Location data

Please be aware Vanan Online Services may have access to your geo-location data as we collect and process IP address of all devices you use to access our website or customer portal. Collecting and processing your geo-location data refers to mobile devices as well as computers. It happens regardless you are a Visitor or a Customer.

How do we protect your information?

We guarantee that we take reasonable and appropriate technical and operational measures to protect your Personal Information we collect and hold from loss, misuse and unauthorized access, disclosure, alteration, and destruction. While protecting your personal data we take into due account the risk involved in the processing and the nature of the Personal Data.

Due to the scale of data processing being part of operational process of Vanan Online Services, we conduct periodical Risk Assessments & Malware Scanning to ensure data protection.

Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.

All payment transactions are processed through a gateway provider and are not stored or processed on our servers.

Do we use 'cookies'?

The so called ‘cookies’ are used while using Services or products rendered by Vanan or browsing any of the website where our Services are installed. These are pieces of information sent by the server, stored on a user’s computer for the purpose of automatic identification of a particular user when using our Services. ‘Cookies’ enable us to quickly confirm your identity and owing to them the use of our Services becomes much easier and more widely available. ‘Cookies’ are used by Vanan solely with the purpose of personalizing a particular user. ‘Cookies’ can be used on condition that they are accepted by a browser and that they shall not be removed from the storage media. Users who removed ‘cookies’ from their storage media or have not accepted them on their browser may not have complete access to the Services rendered by Vanan. We do not link the information we store in cookies to any Personal Data you submit while on our site. The use of third party cookies is not covered by our Privacy Policy. We do not have access or control over these cookies.

We use cookies to:

• Help remember and process the services you require.
• Understand and save user's preferences for future visits.
• Keep track of advertisements.
• Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third-party links

We do not include or offer third-party products or services on our website.

Sub-processors

If we need to use a Sub-processor in order to provide and support the features of our Services, we may share your Personal Information for that purpose. All third parties with which we share this information are required to use your Personal Information in a manner that is consistent with this Policy. We will provide an individual opt-out or opt-in choice before we share data with third parties other than our Third Party Service Providers we use while providing our Services, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your Personal Information, please submit a written request by e-mailing us at [email protected]

Social media (features) and widget

Our websites includes social media features, such as the ‘Facebook Like button’ and Widgets, such as the ‘Share This button’ or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy policy of the company providing it.

Testimonials

We post Customer testimonials on our websites which may contain Personal Data. We use pre-defined java script to display our Customers’ comments on our websites. In any other scenario, we do obtain the Customer’s consent via e-mail prior to posting the testimonial to post their name along with their testimonial. To request removal of your Personal Data from our testimonials or customer support forum, please contact us at [email protected] Data correction, return or deletion requests will be answered within 30 days.

Blog Comment system

In order to post comments on our websites (i.e. our blogs) you must sign into Wordpress, Twitter, Disqus or Google, as we use ‘blog plugins’ to allow Visitors and Customers to leave comments on our blogs. No Personal Information is tied to your posts. You subscribe to our blogs by providing your e-mail address. We will only use this to send you an e-mail notification when new blogs have been posted and when users comment on a blog that you previously have commented. We will not use this information for any other purpose. You have the opportunity to opt-out from our blog e-mails by using ‘unsubscribe’ button.

Google Adwords

Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. Link

Google, as a third-party vendor, uses cookies to serve ads on our site. We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.

Opting out of Google Adwords:

Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt-Out Browser add on.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA, we agree to the following:

• Users can visit our site anonymously.
• Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website.
• Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above.

You will be notified of any Privacy Policy changes:

• On our Privacy Policy Page

You can change your personal information:

• By emailing us at [email protected]
• By calling us
• By logging in to your account
• By chatting with us or by sending us a support ticket

How does our site handle Do Not Track signals?

We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?

It's also important to note that we do not allow third-party behavioral tracking

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

• We do not specifically market to children under the age of 13 years old.
• We do not let third-parties, including ad networks or plug-ins collect PII from children under 13.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

• Send information, respond to inquiries, and/or other requests or questions.
• Process orders and to send information and updates pertaining to orders.
• Send you additional information related to your product and/or service.
• Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CANSPAM, we agree to the following:

• Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.

Data Breach & Incident response plan

Data Breach is defined as the unauthorized acquisition or access of unencrypted Confidential Information or Personal Data that compromises the confidentiality, integrity, or availability of that information. A Data Breach can occur not only virtually through computer networks but also physically through unauthorized access into Vanan Online Services locations or computers. A Data Breach can also include any breaches that affect third-party vendors that provide services or hosting to Vanan Online Services.

Vanan Online Services maintains a Security Incident Response Plan that is based on guidelines from the US privacy law & EU GDPR.

All employees & sub-processors are required to immediately notify the IT Department of any actual or suspected Data Breach – including events that affect third-party vendors. The IT department will then follow the Security Incident Response Plan.

Vanan Online Services commits to notify affected individual via email as soon as possible but no later than 72 hours after reasonable suspicion of a Data Breach.

Privacy Policy modification

We may update this privacy statement to reflect changes to our information practices. If we make any significant material changes we will notify you by e-mail (sent to the e-mail address specified in your ‘customer account/order’) or by means of a notice on the website prior to the change becoming effective. We encourage you to periodically review this website for the latest information on our privacy practices.

Refund Policy

Cancellation Policy

Cancellation after verbal/e-mail confirmation of order will incur a 20% fee on total amount.

Contacting Us

-If there are any questions regarding this privacy policy, you may contact us using the information below.

Vanan Online Services
4444 Germanna HWY
Suite 365 Locust Grove
VA 22508 USA
Email: [email protected]

-If you require any additional information or assistance relating to EU GDPR Compliance or relating to your personal data, please contact our DPO using the information below.

Data Protection Officer is Lenny Milner
Vanan Online Services
4444 Germanna HWY
Suite 365 Locust Grove
VA 22508 USA
Email: [email protected]