SECTION 1 – THE PURPOSE AND ABOUT US
SECTION 2 – THE INFORMATION WE COLLECT AND THE LEGAL BASIS
When you access the website via any means, subscribe for a newsletter, become a member by signing-in, or make a purchase through the website, we may collect, store and use certain of your personal information in line with this policy.
A) Personal data you give to us
To register or make a purchase on the Site, we ask for your name and email address. When you purchase something from our online store, to deliver your order, we also ask an address. When you make a purchase, depending on the payment option you choose, our payment service provider, will also collect and process your credit card or other payment details.
Credit Card Information: If you choose a direct payment gateway to complete your purchase, then ePay stores your credit card data. All transactions are secure and encrypted. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
As provided by Article 13 of Directive 2002/58/CE, when you make a purchase from our Site, we have the legitimate interest to send you marketing e-mails concerning products and services similar to the purchased one. In any case, in each moment you may object from receiving further emails by selecting the opt-out link present at the bottom of each e-mail.
Registration for our e-mail newsletter: If you subscribe to our e-mail newsletter, we may send you send you emails about our store, new products and other updates. Mandatory information for sending the newsletter is your e-mail address alone. By subscribing to our newsletter, you give us your consent to the use of your personal data. In any case, in each moment you may choose to delete your subscription to the newsletter by selecting the opt-out link present at the bottom of each e-mail.
If you need to get in touch with our customer service team,or reach out to us through other means (such as through social media) we will collect information from you there too. We will collect information from you included in your reviews, including your display name and avatar if you choose one, only for the purpose to provide the customer care service.
B) Personal data we collect automatically
Even if you don’t end up placing an order, when you visit our websites we automatically collect certain information. From such data we cannot identify you but enable us to tailor our services. This includes your IP address, the date and time you accessed our services, the hardware, software or internet browser you use and information about your computer’s operating system. We can only see the gathered data in a statistical way but we don't know to whom it belongs to. The main goal here is to optimize and customize our online platform to your needs, making our site easier and more enjoyable to use. We strive to only use pseudonymized data for these analytical purposes.
C) Legal Basis
The legal basis for the processing is, depending on the circumstances:
(i) Article 6(a) of EU Regulation 679/2016, i.e. the data subject has given free and informed consent to the processing and has not subsequently withdrawn it; and/or
(ii) by Article 6(c) of that Regulation, i.e. the processing is necessary for compliance with a legal obligation to which the Data Controller is subject; and/or
(iii) by Article 6(f) of the said Regulation, i.e. the processing is necessary for the purposes of pursuing a legitimate interest of the Data Controller or a third party overriding the interests or fundamental rights and freedoms of the data subject.
In particular, pursuant to Article 13(1)(d) of the Regulation, the legitimate interest of the Data Controller is that of: i) being able to process the data in order to effectively and efficiently manage the relationship with its customers and to organise the related internal organisational and management processes (including the relationships with any of its sub-contractors); and ii), in the case of processing for profiling, direct marketing and loyalty purposes, that of promoting its products and/or services to its target customers through off-line and on-line methods.
SECTION 3 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, subscribe, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How can I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent at any time by unsubscribing and/or deleting your profile. If you think there is continued collection, use or disclosure of your information, please contact us at firstname.lastname@example.org
[Re: Privacy Compliance Officer]
Corantijnstraat 5 Amsterdam NL 1058DA
By registering to our newsletter, we will use the data strictly necessary and instrumental for this purpose or the data you have communicated separately, to send you our newsletter via e-mail regularly on the basis of your consent.
You can unsubscribe from the newsletter at any time, either by sending a message to email@example.com or through the link present in each newsletter.
[Re: Privacy Compliance Officer]
Corantijnstraat 5 Amsterdam NL 1058DA
After the cancellation, we will delete your e-mail address, unless you have expressly consented to further use of your data and without prejudice to our reserve for subsequent use of the data, use of which you have been correctly informed in this declaration in compliance with the provisions of the law.
SECTION 4 – DISCLOSURE
Disclosure to Competent Authorities
We may disclose your personal information to competent authorities if we are required by law to do so or when there is need to protect and defend our rights.
Disclosure To Third Parties
- SHOPIFY: Our store is hosted on Shopify Inc, a Canadian company. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. They built GDPR-compliant features into their platform, including features to enable you transparency into and control over your personal data, and technical measures to ensure that your personal data is protected as it crosses borders. Here you can find more information https://help.shopify.com/manual/your-account/GDPR
- Hubspot: HubSpot is a customer relationship platform that enables us, among other things, to manage existing and potential customers and customer contacts, to communicate with you and to plan and execute marketing activities in line with your interests. Hubspot enables us to capture, sort and analyze customer interactions across multiple channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or marketing measures (e.g., newsletter mailings). Hubspot CRM also enables us to collect and analyze the user behavior of our contacts on our Site. Here you can find more information https://legal.hubspot.com/privacy-policy
- DHL: If the goods are delivered by the DHL transport service provider (Deutsche Post AG, Charles-de-Gaulle-Strasse 20, 53113 Bonn), we provide for the purpose of service only the name of the recipient and the delivery address to DHL. Passing on is only to the extent necessary for the delivery of goods. Here you can find more information https://www.dhl.com/content/dam/dhl/local/global/core/documents/pdf/MO-core-lela-local-pdp-policy.pdf
- UPS: If the delivery of the goods by the transport service UPS (United Parcel Service Germany Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we will provide for the purpose of service the name of the recipient and the delivery address to UPS. Passing on is only to the extent necessary for the delivery of goods. Here you can find more information https://www.ups.com/us/en/support/shipping-support/legal-terms-conditions/privacy-notice.page
SECTION 5 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 6 – DURATION OF STORAGE OF PERSONAL DATA
SECTION 7 - COOKIES
In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has accessD.
Please note that you can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or can exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browser under the following links:
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/en/kb/cookies- allow-and-reject
- Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
- Safari: https://support.apple.com/kb/ph21411?locale=en_US
- Opera: http : //help.opera.com/Windows/10.20/de/cookies.html
Please note that if you do not accept cookies, the functionality of our website may be limited.
SECTION 8 – MANAGING YOUR INFORMATION
We want you to be in control of how your personal data is used by us. You can do this in the following ways:
- you can ask us for a copy of the personal data we hold about you;
- you can inform us of any changes to your personal data, or you can ask us to correct any of the personal data we hold about you but, as explained below, you may be able to make such changes yourself;
- in certain situations, you can ask us to erase, or block or restrict the processing of, the personal data we hold about you, or object to particular ways in which we are using your personal data; and
- in certain situations, you can also ask us to send the personal data you have given us to a third party.
Where we are using your personal data on the basis of your consent, you are entitled to withdraw that consent at any time subject to applicable law. Moreover, where we process your personal data based on legitimate interest, you have the right to object at any time to that use of your personal data subject to applicable law.
We rely on you to ensure that your personal data is complete, accurate and current. Please do inform us promptly of any changes to or inaccuracies of to your personal data by contacting us.
If you have an online user account, you can access a significant amount of your personal data through our website. Our website generally present you with the option to add, update or remove information we have about you.
If you wish to object to the processing of your personal data on the basis of legitimate interest and no opt-out mechanism is available to you directly, please contact us at firstname.lastname@example.org
SECTION 9 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
Sad yet necessary: If you disagree with this Privacy Statement, you should discontinue using our services. If you agree with our Privacy Statement, then you’re all good to place your new order or continue to check our website to discover our products!
SECTION 11 - RIGHTS
As a data subject, you have the following rights:
- According to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
- Pursuant to Art. 16 GDPR, you have the right to immediately request the correction of incorrect or incomplete personal data stored by us
- According to Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation;
- or for reasons of public interest
- to assert, exercise or defend legal claims is required;
- According to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, insofar as
- the accuracy of the data is contested by you;
- the processing is unlawful, but you refuse to delete it;
- we no longer need the data, but you need it to assert, exercise or defend legal claims or
- you have objected to processing in accordance with Art. 21 GDPR;
- Pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible;
- According to Art. 77 GDPR the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters