Data Protection Declaration
I. Name and address of the responsible
Responsible within the meaning of the General Data Protection Regulation (GDPR), other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:
Gisela Maria Vöcking-Mc Conney
Handelnd unter der geschäftlichen Bezeichnung: SHALIMA International Trading
Pappelweg 67
53177 Bonn
Germany
Telephone: +49 (0) 228-2079228
Fax: +49 (0) 228-20792288
Web: www.shalima-shop.com
E-Mail: info@shalima-shop.com
III. General information for data processing
1. Scope of processing personal data
In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar we obtain the consent of the data subject for processing of personal data, article ( 1) (a) EU General Data Protection Regulation (GDPR) serves us as legal basis for the processing.
For processing of personal data required for the fulfillment of a contract the processing is based on article 6 (I) (b) GDPR. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company article 6 (1) (a) GDPR serves us as legal basis.
Provided that the processing of personal data gets required to protect essential interests of the person concerned or another individual person the processing would be based on article 6 I lit. d GDPR.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, article 6 (1) (f) GDPR as legal basis for processing.
3. Data deletion and storage period
The personal data of the corresponding person will be deleted or blocked as soon as the purpose of their storage is achieved. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
IV. Providing the website and creating logfiles
1. Description and scope of data processing
On each access of our website our system automatically collects data and information from the computer system of the calling party.
The following data are collected:
- (1) Information about Browser type and version used
- (2) Internet service provider of the user
- (3) Den Internet-Service-Provider des Nutzers
- (4) Anonymized IP-address by 1 Byte (e.g. 192.168.1.0)
- (5) Date and time of access
- (6) The Internet page from which an accessing system reaches our Internet page (so-called referrer)
- (7) The internet page which is called on our site
The data is stored in log files of our system. The IP addresses of the user are stored anonymously, so that the assignment of the data to a user is not possible. A storage of this data together with other personal data of the user does not take place.
V. Contact form and E-Mail
1. Description and scope of data processing
The contact form of our website can be used for electronic contact. If a user contacts us through this form, the data entered in the input mask will be transmitted to us and saved. These data are:
- (1) Name
- (2) E-Mail Adresse
- (3) Phone Number
- (4) Text provided by user
At the time of sending the message, the following data is also stored:
- (1) Date and time of transmission
For the processing of the data in the context of the sending process your consent is obtained and referred to this privacy statement.
Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the request.
2. Legal basis for data processing
Legal basis for the processing of the data is in the presence of the consent of the user article 6 (1) (a) GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is article 6 (1) (f) GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is article (6) (1) (b) GDPR.
3. Purpose of data processing
The processing of the personal data from the input form serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data collected by contact form and those sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is finished when it can be inferred from the circumstances that the relevant facts have been finally clarified.
5. Opposite possibility and remedy
The user can revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can revoke the storage of his personal data at any time. In such a case, the conversation cannot continue.
In this case all personal data stored in the course of contacting will be deleted.
VI. Orders through our website
1. Description and scope of data processing
You can either place orders as a guest without registering or register on our website as a customer for future orders. In case of a registration you can log in to our website directly with your e-mail address and password and place orders, without having to enter your contact information again.
Your personal information will be entered in an input mask and sent to us and stored on our servers. If you place an order via our website, we will collect the following data in the case of a guest order as well as in the case of a registration in the shop:
- (1) Gender, first name, last name,
- (2) valid e-mail adress,
- (3) address,
- (4) phone number (landline and / or mobile)
The collection of these data takes place
- (1) to identify you as our customer;
- (2) to process, fulfill and handle your order;
- (3) for correspondence with you;
- (4) for billing;
- (5) to settle possible liability claims, as well as the assertion of any claims against you;
- (6) to ensure the technical administration of our website;
- (7) to manage our customer data.
As part of the ordering process, you will obtain consent to process this information.
The data processing is based on your order and / or registration and is in accordance with article 6 (1) p. 1 lit. b GDPR for the stated purposes for the proper processing of your order and for the mutual fulfillment of obligations under the purchase agreement.
4. Duration of storage
The collected personal data for processing of your order will be stored until the expiration of the statutory retention obligation and then deleted, unless we are under article 6 (1) sentence 1 lit. c GDPR are obliged to store for a longer period of time due to tax and commercial requirements for storage and documentation (German HGB, StGB or AO) or you are obliged to make further storage in accordance with article 6 (1) sentence 1 lit. a GDPR have consented.
5. Right to revocation and right deletion
The user has the opportunity to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. For this purpose, the personal date of the user will be deleted if, in accordance with article 6 (1) sentence 1 lit. c GDPR are obliged to store for a longer period of time due to tax and commercial storage and documentation obligations (from German HGB, StGB or AO).
VII. Newsletter function
1. Description and scope of data processing
You can subscribe to our e-mail newsletter for information on current offers. The only mandatory information is the specification of your e-mail address. All other information is voluntary and will be provided by us e.g. used for a personal salutation. We use the so-called double opt-in procedure for sending the newsletter. You will only receive e-mails from us if you have explicitly confirmed to us that you agree to the newsletter. You will receive a confirmation email from us upon your registration. In this mail is a confirmation link, which you must click on, so that you will receive our e-mail newsletter in the future. By clicking on the confirmation link, you give us your consent to the use of your personal data in accordance with article 6 para. 1 lit. a GDPR.
When registering for the newsletter, we store your IP address entered by the Internet service provider and the date and time of registration. We do this in order to understand any possible misuse of your e-mail address at a later date. The data collected by us when registering for the newsletter will only be used for promotional purposes by means of the newsletter.
4. Duration of storage
Registration for the newsletter will be stored until you unsubscribe from the newsletter.
5. Objection to the receipt of the newsletter
Of course, you can unsubscribe from the newsletter at any time with effect for the future via the provided link in the newsletter, in your user account or through a corresponding message to the aforementioned person responsible for data processing. Further information on the possibility of canceling can be found in the newsletter E-Mail.
I On cancelation we delete your e-mail address from our newsletter distributor, as far as you have not expressly consented to a further use of your data or we reserve the right to further data usage, which is permitted by law and about which we in this statement inform.
VIII. Cookies
We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not damage your device, do not contain viruses, Trojans or other malicious software.
Information stored in the cookie are connected with the specific device used. This does not mean that we are immediately aware of your identity or identity connected to the device used.
We use of cookies to improve the usage of our offers. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website.
In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to use our services, it automatically recognizes that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them.
We also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer (see Section IV). These cookies allow us to automatically recognize when you visit our site again that you have already been with us. These cookies are automatically deleted after a defined time.
The data processed by cookies are for the purposes mentioned in order to safeguard our legitimate interests as well as third parties pursuant to article 6 (1) sentence 1 lit. f GDPR required.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a note always appears before a new cookie is created. However, disabling cookies completely may mean that you can not use all features of our website.
IV. Analysis and Tracking Tools
The tracking measures listed below and used by us are based on article 6 (1) sentence 1 (f) GDPR. With the tracking measures to be used, we would like to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as justified within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
Matomo (previous PIWIK)
We use the open source analysis tool Matomo (formerly PIWIK, www.matomo.org). It is a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (hereinafter "Matomo"). Based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes, based on article 6 (1) (f) GDPR data collected and stored. The software places a cookie on your computer. If individual pages of our website are accessed, the following data is stored: two bytes of the IP address of your calling computer, the website accessed, the website from which you accessed the website accessed (referrer), the sub-pages accessed by the website are called from, the length of stay on the website, the frequency of calling the website. The software runs exclusively on the servers of our website. A storage of your personal data takes place only there. The Matomo software is set so that the IP addresses are not completely stored but 2 bytes of the IP address are masked (eg 192.168.0.0). In this way, an assignment of the shortened IP address to the calling computer is no longer possible. The collected data will be deleted as soon as they are no longer needed for our recording purposes. The deletion takes place in our case at the latest after 6 months. Cookies are stored on your computer and transmitted by it to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full. We have also set up the possibility of opting out of the analysis process on our website. For this you must follow the appropriate link. This will put another cookie on your system that signals our system not to store your data. If you delete the corresponding cookie in the meantime from your own system, you must set the opt-out cookie again. For more information on Matomo Software's privacy settings, please visit https://matomo.org/docs/privacy/.
Opt-Out of Matomo Tracking
V. Third party services
Google Web Fonts
Our website uses so-called web fonts provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google") for consistent presentation of fonts. When you open a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
This requires your browser to connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online services, which constitutes a legitimate interest on the basis of article 6 (1) (f) GDPR represents. If your browser does not support web fonts, a default font will be used by your computer. US-based Google LLC is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU. More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's Privacy Policy: https://www.google.com/policies/privacy/.
VI. Rights of the affected person
If your personal data is processed, you are a victim within the meaning of GDPR. Then you have the following rights to the person responsible:
1. Right of information
Every data subject has the right granted to request confirmation from the controller whether or not personal data relating to him/her are being processed.
Every person affected by the processing of personal data has the right, granted by the European guideline and regulation provider, to receive information regarding:
- (1) the processing purpose of personal data;
- (2) the categories of personal data;
- (3) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- (4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- (5) the existence of a right to rectify or delete personal data concerning him/her or to restrict the processing by the controller or to have a right of objection to such processing;
- (6) the existence of a right of appeal to a supervisory authority;
- (7) if the personal data are not collected from the person concerned: All available information about the origin of the data;
Remember, the data subject has a right to know whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject shall otherwise be entitled to obtain information on the appropriate guarantees based on article 46 GDPR in connection with the transmission.
2. Right of rectification
Every person affected by the processing of personal data has the right, to demand the immediate correction of inaccurate personal data concerning him/her. Furthermore, the data subject has the right to request that incomplete personal data be completed, including by means of a supplementary declaration, taking into account the purposes of processing. The responsible person must make the correction without delay.
3. Right to restrict processing
Every person affected by the processing of personal data has the right, to require the data controller to restrict the processing if one of the following conditions is met:
- (1) if the accuracy of the personal data is denied by the person concerned for a period of time that allows the person responsible to verify the accuracy of the personal data;
- (2) processing is unlawful, the person concerned refuses to delete personal data and instead demands that the use of personal data be restricted;
- (3) the controller no longer requires personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
- (4) if the data subject has lodged an objection against the processing in accordance with article 21 (1) GDPR and it is not yet clear whether the legitimate grounds of us outweigh those of the data subject.
If the processing of your personal data has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be notified by the person responsible before the restriction will be removed.
4. Right of deletion (right to be forgotten)
a) Deletion obligations
Every person affected by the processing of personal data has the right, to demand that the person responsible delete the personal data concerning him/her immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
- (1) Personal data have been collected or otherwise processed for such purposes, for which they are no longer necessary.
- (2) The data subject withdraws his or her consent, on which the processing is based pursuant to article 6 (1) (a) GDPR or article 9 (2) (a) GDPR, and there is no other legal basis for processing.
- (3) The data subject submits an objection to the processing in accordance with article 21 (1) GDPR and there are no primordial legitimate grounds for processing, or you object to the processing in accordance with article 21 (2) GDPR.
- (4) Your personal data have been processed illegally.
- (5) The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- (6) Personal data were collected in relation to the information society services offered in accordance with article 8 (1) GDPR.
b) Information to third parties
If personal data have been made public, our company is the person responsible pursuant to article 17 (1) GDPR is obliged to delete personal data, we shall take appropriate measures, taking into account the available technology and the implementation costs, including technical measures, to inform other data controllers who process the published personal data, that the data subject has requested the deletion of all links to or copies or replications of these personal data from these other data controllers, insofar as the deletion of all links to these personal data is obligatory, taking into account the available technology and implementation costs. We will make the necessary arrangements in individual cases.
c) Exceptions
You have no right of deletion if the processing is necessary:
- (1) to exercise the right to freedom of expression and information;
- (2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of public authority delegated to the controller;
- (3) for reasons of public interest in the field of public health pursuant to article 9 (2) (h) and (i) and article 9 (3) GDPR;
- (4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
- (5) to assert, exercise or defend legal claims.
5. Right to be notified
If you have the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom the personal data concerning you have been corrected or deleted or processing restricted, unless: this proves to be impossible or involves a disproportionate effort.
You have a right to the person responsible to be informed about these recipients.
6. Right to transfer data
Every person affected by the processing of personal data shall have the right, granted by the European guideline and regulatory body, to receive personal data concerning him/her in a structured, established and machine-readable format. It also has the right to transfer these data to another controller without hindrance by us to whom the personal data have been made available, provided that
- (1) the processing is based on consent in accordance with article 6 (1) (a) GDPR or article 9 (2)(a) GDPR or on a contract pursuant to 6 (1) (b) GDPR and
- (2) the processing is carried out by means of automated procedures.
In the exercise of its right to transfer the data subject has the right to obtain that the personal data be transferred directly from us to another person responsible, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to transfer data does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Right to revocation
Any person affected by the processing of personal data shall have the right to object at any time to the processing of personal data relating to him/her on the basis of article 6 (1)(e) or (f) GDPR, for reasons arising from his particular situation. This also applies to profiling based on these provisions.
We will no longer process personal data in the event of an objection, unless we can prove compelling grounds worthy of protection for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If we process personal data in order to carry out direct advertising, the person concerned has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising.
If the data subject objects to the processing of personal data by us for direct advertising purposes, we will no longer process the personal data for these purposes.
In order to exercise the right of objection, the data subject may us directly. The person concerned is also free to exercise his right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
8. Right to revoke consent under data protection law
Every person affected by the processing of personal data has the right to revoke consent to the processing of personal data at any time, granted by the European guideline and regulation provider. If the data subject wishes to exercise his or her right to revoke consent, he or she may at any time contact our data protection officer or another employee of the controller.
9. Right to complain with the supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of your personal data based on GDPR is lawfully.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to article 78 of the GDPR.