GDPR Compliance Policy

At African Roots, we are committed to ensuring the privacy and security of your personal data in accordance with the General Data Protection Regulation (GDPR). This policy outlines how we comply with GDPR requirements and safeguard your rights.

Data Controller

  •  Company Name: Elvio Nicolau Correia da Silva (African Roots)
  • Address: ER223, 9370-237 – Estreito da Calheta, Madeira, Portugal
  • Contact Email: info@africanrootsmarketonline.com

Principles of GDPR Compliance

We process personal data in accordance with the following principles:

  • Lawfulness, Fairness, and Transparency: We ensure data is processed legally, fairly, and transparently.
  • Purpose Limitation: Data is collected for specific, legitimate purposes and not processed further in ways incompatible with those purposes.
  • Data Minimisation: Only data necessary for the specified purposes is collected.
  • Accuracy: Personal data is kept accurate and up to date.
  • Storage Limitation: Data is retained only as long as necessary for legal or business purposes.
  • Integrity and Confidentiality: Data is processed securely to prevent unauthorised access or breaches.

Personal Data We Collect

We collect and process:

  • Contact Details: Name, email, phone number, and address for order fulfilment and communication.
  • Payment Information: Securely processed through authorised third parties.
  • Device and Browsing Data: IP address, cookies, and analytics data for website optimisation.

Legal Basis for Processing

We process personal data based on:

  • Contractual Necessity: To fulfil your orders and provide requested services.
  • Consent: For marketing communications and personalised advertising.
  • Legal Obligations: To comply with tax, accounting, or regulatory requirements.
  • Legitimate Interests: To prevent fraud and enhance our services.

Your GDPR Rights

Under GDPR, you have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure (Right to be Forgotten): Request deletion of your data, subject to legal or contractual obligations.
  • Data Portability: Receive your data in a structured, machine-readable format.
  • Restriction: Limit processing under specific conditions.
  • Objection: Opt out of data processing for marketing or legitimate interests.
  • Withdraw Consent: Revoke consent for data processing at any time.
  • To exercise your rights, contact us at info@africanrootsmarketonline.com

Data Security

We implement robust security measures, including encryption, firewalls, and regular audits, to protect your data from unauthorised access, loss, or breaches.

Data Sharing and Transfers

We only share personal data with trusted third parties for operational purposes, such as payment processors or shipping providers, and ensure they comply with GDPR standards. Data transfers outside the European Economic Area (EEA) are conducted under strict safeguards, such as EU Standard Contractual Clauses.

Data Retention

Personal data is retained only as long as necessary to fulfil the purposes for which it was collected or as required by law.

Breach Notification

In the unlikely event of a data breach that poses a risk to your rights, we will notify affected individuals and the relevant supervisory authority within 72 hours.

Contact and Complaints

If you have any concerns or complaints about how we handle your personal data, please contact us at info@africanrootsmarketonline.com. You also have the right to lodge a complaint with your local data protection authority. (Link in the footer.)

Updates to This Policy

This GDPR Compliance Policy may be updated periodically. The most recent update date will always be displayed on this page.

Last Updated:

In the 3rd of December 2024.

Shopping Cart

Select a Pickup Point