This Privacy Policy sets out how PTDJA* LIMITED processes personal data about clients/users/visitors using the Website.
1. DATA CONTROLLER
The data controller is: PTDJA* LIMITED (the Data Controller). Address: Northgate House, Devizes, Wiltshire SN10 1JX, England.
2. DATA PROTECTION OFFICER
The Data Protection Officer (DPO) can be contacted via email at info@petetong-djacademy.com
3. THE TYPES OF PERSONAL DATA WE PROCESS
We process the personal data that you disclose to us or that the Data Controller legitimately obtains. This is how the various types of data are processed via the Website:
1. Website use data. The data-transmission and information systems and the software procedures deployed to operate the Website gather some personal-data items during normal usage. These items are sent to us as an inevitable result of communicating via the internet. Website use data includes: IP addresses; the access date and time; the pages visited (URIs/URLs); the method of sending the request to the server; the server response status (numeric code); the names of the devices used to access the Website; and other parameters about your operating system and computing environment.
2. Data you provide voluntarily. Some sections of the Website require items of personal information, e.g. your forename, surname, contact details, town and/or country of residence, username and password.
3. Location data. The Website may collect the approximate location data provided by your IP address.
4. Data on content sharing on social media. The Website may include plugins and/or buttons for you to share the content on your social networks (Facebook, YouTube, Instagram, Reddit, TikTok and others).
5. Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The third parties we may share personal information with are as follows:
Advertising, Direct Marketing, and Lead Generation: ActiveCampaign
Retargeting Platforms: Google Analytics Remarketing
Web and Mobile Analytics: Google Analytics
We also may need to share your personal information in the following situations:
Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
When we use Google Maps Platform APIs. We may share your information with certain Google Maps Platform APIs (e.g., Google Maps API, Places API). To find out more about Google’s Privacy Policy, please refer to this link. We obtain and store on your device ('cache') your location. You may revoke your consent anytime by contacting us at the contact details provided at the end of this document.
Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.
4. PROVIDING YOUR DATA
Further to the Website use data section above, you are not obliged to provide your data for any other purposes. But if you choose not to, you may be unable to use the Website for the other purposes described below.
5. LAWFUL BASIS – WHY WE PROCESS YOUR DATA AND HOW LONG WE KEEP IT
The Data Controller processes your personal data for specific purposes and only when a specific lawful basis applies, as laid down in current data protection and privacy law. The list below covers all the processing that Pete Tong DJ Academy LIMITED performs to enable you to use our digital channels and to allow the Data Controller to keep those channels operating correctly and ensure that data is lawfully processed.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose.
You can withdraw your consent at any time.
Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.
For example, we may process your personal information for some of the purposes described in order to:
Send users information about special offers and discounts on our products and services
Develop and display personalized and relevant advertising content for our users
Analyze how our services are used so we can improve them to engage and retain users
Support our marketing activities
Understand how our users use our products and services so we can improve user experience
Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
In legal terms, we are generally the “data controller” under European data protection laws of the personal information described in this privacy notice, since we determine the means and/or purposes of the data processing we perform.
This privacy notice does not apply to the personal information we process as a “data processor” on behalf of our customers. In those situations, the customer that we provide services to and with whom we have entered into a data processing agreement is the “data controller” responsible for your personal information, and we merely process your information on their behalf in accordance with your instructions.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
For investigations and fraud detection and prevention
For business transactions provided certain conditions are met
If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
For identifying injured, ill, or deceased persons and communicating with next of kin
If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.
If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
If the collection is solely for journalistic, artistic, or literary purposes
If the information is publicly available and is specified by the regulations
The Data Controller processes your personal data for the following purposes, with the lawful bases and retention times stated:
To operate the Website, to supply the associated services (e.g. replying to messages received via the Website contact form), to sell products and services and to monitor Website operation:
lawful basis: fulfilling a contract to which you are a party;
retention: personal data is kept for as long as is necessary to provide the digital services and is then deleted or anonymised; data transmitted during goods or service purchases will be kept for a further 10 years after the purchase is completed, as permitted by law;
To send sales information:
lawful basis: your consent, which is optional and freely given and you may withdraw at any time;
retention: personal data is kept until you withdraw consent;
For profiling and profiled advertising:
lawful basis: your consent, which is optional and freely given and you may withdraw at any time. Please see the Website Cookie Policy;
retention: as stated in the above policy;
To prevent and stamp out any fraudulent use or abuse of the Website:
lawful basis: the Data Controller’s legitimate interest;
retention: personal data is kept for a period determined by the Data Controller and then deleted or anonymised;
To establish, exercise or defend one of the Data Controller’s rights in a court of law:
lawful basis: the Data Controller’s legitimate interest;
retention: the personal data is kept throughout the complaint process and/or the out-of-court or judicial proceedings until the legal safeguards and/or remedies have been exhausted.
6. PARTIES AUTHORIZED TO PROCESS THE DATA
Your personal data is processed by the Data Controller’s employees and contract workers who have been expressly authorized to do so and who have been suitably trained as required under articles 29 of the GDPR and 2-quaterdecies of Legislative Decree 196/2003, as amended in line with the GDPR under Legislative Decree 101/2018.
7. WHO PROCESSES THE DATA
Your personal data may be processed by third parties operating as data controllers – such as authorities and supervisory bodies, including private ones – and in general by parties, including private individuals, entitled to request the data under current national and European law.
Your personal data may also be processed on the Data Controller’s behalf by suitably trained third parties appointed as data processors.
8. TRANSFERRING PERSONAL DATA OUTSIDE THE EU
Your data may be sent to third parties outside the EU that are part of Ferretti Group. The data may also be transferred to countries for which an adequacy decision has not been issued under GDPR article 45.3 or adequate safeguards under GDPR article 46 have not been adopted; therefore your consent is requested under GDPR article 49.
For a copy of the safeguards under GDPR article 46, please write to info@petetong-djacademy.com
9. YOUR RIGHTS
You may exercise your rights under articles 15–22 of the GDPR by emailing the Data Controller at info@petetong-djacademy.com. In particular, you may ask to access any data we hold about you, to have it deleted, to have it corrected if inaccurate, to add to it if incomplete, to obtain a portable extract of it, to restrict processing of it under GDPR article 18, and to object to processing in the Data Controller’s legitimate interest.
LAST UPDATE ON 09 April 2022
COOKIE POLICY
Personal Data
The following information applies to the processing of personal data. Personal data are defined as any information related to an identified or identifiable natural person. Such data may be any information provided, such as name, address, email address, including payment information or online identifiers, as well as browsing behavior.
Collecting Data from Webpage Visitors
a) Usage Data
Each time you visit to our webpages, even if it is for informational purposes only, i.e., whenever you visit our webpages without logging in or registering an account, or knowingly transmit information to us (for example, when registering for a newsletter), we collect the following data, which are transmitted by your browser to enable you to visit our webpages (usage data):
IP address
date and time of request
duration of website visit
time difference to Greenwich Mean Time (GMT)
content of the request (exact website)
access status/http status code
data volume transferred in each case
website where the request comes from
browser, language of browser, browser
software version
operating system
Devices (mobile or desktop)
The legal basis for processing such data is our legitimate interest in the security of our webpages (Art. 6 para. 1 lit. f) GDPR).
b) Cookies
When you visit our webpages or our online shop, cookies are stored on the device you use to access our website. Such cookies enable the systems of PTDJA* to recognize your browser and offer various personalized services.
Cookies are small text files (alphanumeric identifiers) that are stored on your terminal when you visit a webpage. The information stored is sent back to the respective servers during a repeat visit. We use first-party cookies and third-party cookies, which may either be session cookies or temporary cookies.
Once the browser session has ended, session cookies are automatically deleted from your hard drive. These cookies store a so-called session ID to assign various requests from your browser to a common session. We use this type of cookie for the shopping cart feature as well as for the user and license data. Using such cookies is a technical prerequisite for assigning all activities during multiple webpage visits to your account.
Temporary cookies are automatically deleted after a specified period of time(one week), or after 36 months maximum. The feedback given by cookies to the servers concerned in various browser sessions enables us to recognize repeat visitors to our website or to maintain the language settings selected for multiple website visits. A connection to customer accounts (if any) and thus possible identification is only made if the "Remember Me" feature is selected during log-in so we may provide a personalized shopping experience.
The processing of data associated with the setting of the cookies required is based on our legitimate interest in providing the respective service requested (Art. 6 para. 1 lit. f) GDPR).
Third-party cookies are set by servers other than our servers, i.e., the website you visit. However, browsers do not render first-party cookies accessible across domains. When visiting our webpages or online shop, third-party cookies are used by some third party companies. A list of such third party companies and the third-party cookies they use is available further in this page. Further details are provided below in this Privacy Policy. By using such cookies, also known as "tracking cookies", visits to various webpages can be assigned to a specific person. It is thus possible to get a good idea of the interests of this particular person and adapt the webpages accordingly (personalization, e.g., by providing customized advertisements).
We only set such third-party tracking cookies, provided you have given us your consent via our cookie settings (Art. 6 para. 1 lit. a) GDPR). You may change or revoke your consent in the cookie settings provided in the footer of each webpage under “Manage cookies” at any time with future effect.
Furthermore, you may also configure your browser in the browser settings in such a way to object to the use of specific types of cookies or to block them from the outset. You may visit our webpages if you have blocked the setting of cookies or have not consented to them. However, we would like to point out that in this case you may not use our webpages to the full extent and may in particular not do any shopping by virtual shopping cart for technical reasons (see above).
Third-Party Web Analytics
Google Analytics
We use Google Analytics on our website. This is a web analysis tool provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics sets the aforementioned cookies to analyze how webpages are used. The information generated by cookies on the use of our web pages, including the shortened IP address, is transmitted to a Google server, which may be located in the US, and is stored there. We have mutually agreed with Google Ireland Limited on so-called standard contractual clauses for the transfer of data to the US, a copy of which is available on request. Google exclusively analyzes anonymized data by using the code extension "anonymizeIp" provided by Google to partially change and thus anonymize IP addresses for the processing of data as described hereunder.
If you register an account with us, we use an additional so-called "User ID" for this particular service. It is made up of a unique, permanent, and non-personalized string of characters, which is assigned by us when you first log into your account. When you log into your account during future visits to our website, all website activities are assigned to your user ID. This user ID is not assigned to a specific terminal (smartphone, laptop, etc.), but to you. With regard to Google Universal Analytics, your user ID is transmitted to Google and used by us as a pseudonym vis-à-vis Google.
The cookies, identifiers (e.g., user ID), or data linked to advertising IDs transmitted by us are automatically deleted after 36 months maximum.
The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You may revoke your consent at any time with future effect by deleting the cookies in your browser or in the cookie settings.
You may generally block the use of Google Analytics in your web browser. To this end, you merely need to install the browser add-on to disable Google Analytics. It is available for download here.
Further information on the terms of use and its privacy policy is provided by Google in its Terms of Service | Google Analytics – Google and/or in its privacy policy.
Trengo
We use Trengo on our website. This is a web analysis tool provided by Trengo B.V. Burgemeester Reigerstraat 89, 3581 KP Utrecht. Chamber of Commerce: 72043687.
The cookies, identifiers (e.g., user ID), or data linked to advertising IDs transmitted by us are automatically deleted after 36 months maximum.
You may revoke your consent at any time with future effect by deleting the cookies in your browser or in the cookie settings.
Further information on the terms of use and its privacy policy is provided in its privacy policy.
Active campaign
We use Active Campaign on our website. This is a email marketing, marketing automation tool provided by ActiveCampaign, LLC, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602.
Further information on the terms of use and its privacy policy is provided in its privacy policy.
Third-Party Retargeting Providers
Retargeting is a particular kind of online targeting enabling providers to mark users accessing an online offer by means of the retargeting feature. This feature is used to present interest-based advertisements on websites that are part of the advertising network concerned. To this effect, your browser stores so-called cookies (see above) enabling providers to recognize visitors to websites belonging to the same advertising network. This means that based on your browsing history, you are shown ads for products that you were interested in when visiting other websites before which use the remarketing feature of the provider concerned.
We only set such third-party retargeting cookies if you have given your consent in our cookie settings (Art. 6 para. 1 lit. a) GDPR). You may change or revoke your consent in the cookie settings provided in the footer of each webpage under “Manage cookies'' at any time with future effect.
We mainly use the retargeting features of the following providers on our webpages:
Facebook Custom Audiences (Pixel)
We use Facebook Pixel provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") on our webpages. Of the several features offered we use the Custom Audiences (Pixel) one. This allows for our advertising to be shown in a targeted manner on Facebook to people visiting our webpages who also have a Facebook account. To this effect, Facebook Pixel provides a direct connection to Facebook servers whilst the usage data are transmitted to Facebook for analysis and marketing purposes. If you have a Facebook account, such data can be assigned to you. Your activities may be tracked by Facebook over several pages. The processing of personal data is the sole responsibility of Facebook and beyond our control. Facebook provides further information on the collection and use of data here.
The legal basis for using Facebook Custom Audiences is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You may revoke your consent at any time with future effect by deleting cookies in your browser or in the cookie settings.
You may object to the use of Facebook Pixel at any time in the settings of your Facebook-account. Pursuant to data protection law, Facebook and we are jointly responsible for targeted advertising on Facebook. Further information can be found here and here.
Google Remarketing
On our website, we use the remarketing or "Similar Target Groups" feature of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This feature analyzes the browsing behavior and interests of all website visitors.
Google uses cookies for analyzing webpage usage which interest-based advertisements are based on. The cookies serve to record visits to our webpages and anonymized data on the usage of our webpages. No personal data are stored. If another website that is part of the Google display network is subsequently visited, advertisements are shown which are very likely to reflect previously visited product and information pages. In such cases, data may also be transmitted to the US. We have mutually agreed with Google on so-called standard contractual clauses, a copy of which is available on request.
The legal basis for the use of Google Remarketing is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You may revoke your consent at any time with future effect by deleting the cookies in your browser or in the cookie settings.
Further information on Google Remarketing and the relevant privacy policy is available here.
The remarketing feature of Google can generally be blocked. The relevant settings can be made here.
Marketing
Facebook Custom Audiences (List Method)
We use the Facebook Custom Audiences list method provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). This method provides for users who have an account with Facebook to be shown our targeted advertising on Facebook.
To this effect, we transmit pseudonymized email addresses to Facebook. The email addresses are encrypted before they are sent to Facebook, i.e., a hash value is created from email addresses (a combination of various letters and numbers). Facebook can match these hash values with the corresponding hash values of the email addresses of Facebook users.
If you have a Facebook account, such data can be assigned to you. The processing of personal data is the sole responsibility of Facebook and thus beyond our control. Facebook provides more information on the collection and use of data here.
We use the Facebook Custom Audiences list method in view of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in optimizing our advertising campaigns, which may be objected to at any time with future effect by notifying our data protection officer accordingly.
You may object to the use of Facebook Custom Audiences at any time in the settings of your Facebook account. Pursuant to data protection law, Facebook and we are jointly responsible for targeted advertising on Facebook. Further information can be found here and here.
Google Ads
We use the Google Ads service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google uses cookies to present relevant advertisements. To this end, Google assigns a pseudonymous identification number (ID) to your browser. This number is used to check which advertisements were presented on your browser and which ads you called up. The Google Ads cookies enable Google and its partner websites to present advertisements based on your previous visits to our webpages or those of others. No personal data are stored in the cookies. The cookies set may occasionally contain an additional anonymized identifier to track your interaction with a specific campaign. The information generated by the cookies is transmitted by Google to a server in the US and stored there. The data collected and stored are anonymized and merely evaluated for statistical purposes. We have mutually agreed with Google on so-called standard contractual clauses for the transfer of data to the US, a copy of which is available on request.
The legal basis for the use of Google Ads is your consent pursuant to Art. 6 para. 1 lit a) GDPR. You may revoke your consent at any time with future effect by deleting the cookies in your browser or in the cookie settings.
The data transmitted by us, which are linked to cookies, customer IDs (e.g., user ID) or advertising IDs, are automatically deleted after 26 months.
You may block the collection of data generated by cookies that are related to your use of our webpages as well as the processing of such data by Google at any time. The required settings can be made here.
Further information is available here.
ShareASale
We use the ShareASale advertising network provided by ShareASale.com Inc, 15 W. Hubbard St. STE 500, Chicago IL 60654, USA ("ShareASale"). ShareASale is a so-called affiliate network, which processes information on pages visited and purchases made so this information may be used for interest-based advertising on the websites of affiliated publishers, i.e., the websites on which the advertisements are placed. We have mutually agreed with ShareASale on so-called standard contractual clauses governing third-country transfers, a copy of which is available on request.
The legal basis for the use of ShareASale is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You may revoke your consent at any time with future effect by deleting the cookies in your browser or in the cookie settings.
For further information on ShareASale’s privacy policy refer to here and here.
Other Third Parties
YouTube
We embed YouTube videos on our webpages. Youtube.com is a video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube"). When you watch a YouTube video embedded on our webpages, a connection to youtube.com is established. This connection is required to display the respective video on our webpages in your browser. Google is responsible for the processing of data and the setting of cookies by YouTube. Such processing is beyond our control.
It should be noted that YouTube records and processes at least the IP address of your terminal, the date and time at which you watched the video, and the webpage you visited. Furthermore, a connection to Google's DoubleClick advertising network is established. Google provides further information on Google Ads as well as on opt-out options here. as well as here.
If you are logged into YouTube when accessing our website, YouTube assigns the connection information to your YouTube account. If you wish to prevent this, you have to either log out of YouTube before visiting our webpages or make the relevant settings in your YouTube account.
We use this service in view of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in the user-friendly design of our website.
For further information on the collection and use of data as well as on your rights and protection options, refer to Google’ privacy policy.
h) Links to Third-Party Providers
We also provide links to third-party providers and to our website on Facebook, Twitter, Instagram, YouTube, and Soundcloud. When clicking on the relevant icon (such as the Facebook button) at the bottom of our website you will be redirected accordingly. PTDJA* is not responsible for the ensuing processing of data by third-party providers. The companies responsible provide information on data processing in their respective privacy policies.
Additional Data Processing Regarding Newsletter and Surveys,
a) Newsletter Registration
We regularly inform you about offers, promotions, and other news in our newsletters. You may register for our newsletter on our webpages by providing a valid email address.
We use the so-called double opt-in process for newsletter registrations. This means that we will send an email to the email address you provided when registering for our newsletter and request you to confirm the correctness of the registered email address and that you wish to receive our newsletter.
The legal basis for the above is your consent (Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 para. 2 no. 3 UWG [German Unfair Competition Act]). You may revoke your consent at any time with future effect at info@petetong-djacademy.com and via the unsubscribe link contained in every email.
Surveys and Questionnaires
Once you have bought a PTDJA* product, we may conduct an email survey. The legal basis for doing so is your consent (Art. 6 para. 1 lit. a) GDPR), which you may revoke at any time. With the help of such questionnaires, we would like to use your feedback to continuously improve our products.
Contact and Customer Support
a) Email
If you contact us by email, we will use your email address and your name so we may attend to /respond to your request.
b) Customer Support
Registered users may also contact our customer support via a so-called help center. We use the email address and name of the person contacting us to attend to the respective request. Furthermore, we use and store the hardware and software data entered in the input mask. We can thus ensure that our customers are provided with the best support possible at a later date and in the long term.
We process requests made by email or via our help center so we may respond to them, which is also in line with our legitimate interest in data processing (Art. 6 para. 1 lit. f) GDPR).
Additional Data Processing Regarding User Accounts
A user account is needed to view the data of current and past orders, and to check the status of current orders at any time.
The mandatory information to be provided includes your name, email address, and a password of your choice. All other information may be given voluntarily and is marked accordingly.
If you buy products, it is mandatory to provide your address and payment information so we may process your order. Mandatory information is specifically marked. All other information may be provided voluntarily.
We place all personal data provided in this context - both those that are required for fulfilling the contract and those provided voluntarily – in revocable storage. You may adjust your user account settings at any time in the customer portal.
The legal basis for the processing of data pertaining to user accounts is pursuant to Art. 6 para. 1 lit. b) GDPR.
Ordering, Activating, and Registering Products
a) Ordering Products
You may place orders in our online shop via your user account by providing the personal data required for processing orders.
The data collected and stored by us for processing your orders are: your name, address, email address, and payment information. All other information may be given voluntarily and is marked accordingly.
We store order data to record the order history. The order data are sent to you by email. When confirming an order by email, we do not reveal payment details, but only the selected payment method. Our general terms and conditions are available here.
Information on payment methods are available here.
The legal basis for processing order data is Art. 6 para 1 lit. b) GDPR.
Disclosure of Personal Data
We use the personal data entrusted to us for processing orders or sending newsletters. As a matter of principle, we only pass data on to third parties for such purposes.
However, PTDJA* may be obligated by law to disclose information to third parties (Art. 6 para. 1 lit. c) GDPR). This is in particular the case if there is suspicion of a criminal offense, in which case PTDJA* may be obligated to disclose data to law enforcement authorities.
We also enlist the services of external service providers if we cannot or cannot reasonably perform such services ourselves. Apart from the third-party providers mentioned in clauses 2. c) - f), such external service providers are mainly IT service providers, such as our hoster, email provider, telecommunications provider, or our IT maintenance service provider.
When processing orders, we provide the commissioned shipping company with your name and address, and may pass on the relevant payment data to banks or payment service providers.
Processing Time
Unless a certain storage period is explicitly stated elsewhere in this privacy policy, we only process data until such time that they are no longer required for the purpose they were initially collected for. Furthermore, we may store customer data to assert, exercise or defend legal claims or to comply with statutory retention periods, and delete data once they are no longer required for such purposes.
Obligation to Provide Data and Automated Decision Making (Including Profiling)
There are no contractual or legal obligations for you to provide us with your personal data. However, we may not be able to offer our services without such data.
You are not subject to automated decision-making, including profiling, with legal effects pursuant to Art. 22 para. 1 and para 4 GDPR.
Rights of People Affected
a) Right to Information
You have the right to request confirmation as to whether your personal data are processed, and if so, which specific data are processed and for what purpose(s) (Art. 15 GDPR).
b) Rectification
You have the right to demand that inaccurate personal data be rectified without undue delay. Furthermore, in consideration of the processing purpose(s), you have the right to demand that incomplete personal data be completed (Art. 16 GDPR).
c) Right to Erasure
Once your user relationship has been terminated and the legal retention periods pursuant to tax and commercial law have expired, all personal data will be erased, unless you have expressly consented to the further use of such data with regard to your customer account.
You may demand the erasure of your data at any time pursuant to Art. 17 GDPR if the statutory retention periods are not affected thereby and if the data are no longer required for performing contracts.
d) Right to Restriction of Processing
You have the right to demand that the processing of your personal data be restricted if one of the criteria pursuant to Art. 18 GDPR is met.
e) Right of Data Portability
You have the right to receive the personal data you have provided in a structured, commonly used, and machine-readable format, and you have the right to transmit such data to another responsible party without hindrance from us, provided the requirements pursuant to Art. 20 GDPR are met.
f) Right to Object
Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data pursuant to Art. 6 para 1 lit. e) or lit. f) GDPR at any time on grounds relating to your particular situation.
g) Revocation
You may informally revoke your consent to the use of your data at any time with future effect (Art. 7 para. 3 GDPR). As the case may be, you may no longer use our services / may no longer use our services to the full extent.
h) Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority – without prejudice to any other administrative or judicial remedy – and may in particular do so in the country where you habitually reside or the place of the alleged infringement if you are of the opinion that our processing of your personal data constitutes a violation of data privacy laws (Art. 77 GDPR).