1. WHAT PERSONAL INFORMATION DO WE COLLECT FROM YOU?
Personal data is any information relating to an identified or identifiable natural person given to us by you or that arises or is collected by us. This can include:
Registration data: When you order goods through our online shop, you can register and open a customer account. When you register, you must enter your name and contact information (e.g. your address, telephone number, e-mail address) and set a password.
Login data: You can also log in via your Facebook or Google account.
Order data in the online shop: If you order goods through our online shop (using a customer, Facebook, google account or as a guest), we process the data entered by you, the data about your person (in particular delivery addresses and payment data) as well as the information provided to you by us. We also collect information about the time, scope and, if necessary, the location of your order.
Other content data: If you use other services on our website, e.g., fill out contact forms, sign up for newsletters, participate in contests or post a comment on our blog, we process the content data you provide and the information we make available to you.
Server log data: When you use our websites, data (such as your IP address, browser type and version, device type and operating system, the date and time of your visit as well as the pages you accessed and the files you requested) are temporarily stored in a log file on our servers.
2. WHAT IS THE PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA AND HOW LONG IS IT STORED?
2.1 YOUR CUSTOMER ACCOUNT: PRIVATE, FACEBOOK OR GOOGLE ACCOUNT
When you register for a personal customer account, or use your Facebook or Google account, we process the registration data to set up and manage your customer account and process future orders. As a registered customer, you have access to your personal customer account (using your email address and password created by you), in which you can view your order history and save and change your personal settings (e.g. password settings, newsletter settings, invoice and delivery settings).
The legal basis for processing is our legitimate interest according to Art. 6 (1) (f) GDPR to provide you with the service of a “customer account” as described above respectively for the purpose of performance of the user contract with you (Art. 6 (1) (b) GDPR). This data will be stored for a period of 10 years after the registration on our website or the customer account is deactivated. You may object to the processing of your data on the basis of Art. 6 (1) (f) GDPR unless we can prove compelling reasons for the processing to continue. However, we will not do this for a customer account. In this case, the following applies: The customer account must then be deleted and is no longer available to you. Please note that we may store the data concerning the orders that are visible in your customer account for a longer period of time (see 2.2).
2.2 YOUR ORDERS
We use your order data (such as your name, address, e-mail address, delivery preferences and other information pertaining to your order) to process the order and to deliver the goods you ordered. In addition, depending on the payment method you have selected, either we or payment service providers commissioned by us (see Section 3.2.1) process the payment information required by the respective payment method. For example, payment service providers store your credit card number, Paypal account details, etc.).
The legal basis for processing is the conclusion and performance of the sales contract for the purchased goods, Art. 6 (1) (b) GDPR. This data will be deleted when it is no longer required for contract management (including customer service and warranty), unless we are legally obliged to store it, e.g. due to the legal obligation to retain data for commercial or tax-based reasons.
2.3 COMMENTS FEATURE
If you add comments to the comment section of our website, we process your name and e-mail address (both of which you must provide before using the comment feature), the comment itself, any URL provided (e.g. for your own blog), the date and time of the comment, data about the device you’re using and your IP address. We do this for protection against liability claims in the event that illegal content is published and in order to contact you if a third party should object to your comment.
The legal basis for processing is our legitimate interest described above (Art. 6 (1) (f) GDPR). You can object to the processing of your data on the basis of Art. 6 (1) (f) GDPR. If there are compelling reasons, we can allow the processing to continue; however, for your comments in the context of our website, the following applies: Your comment will then be deleted. In addition, this data will be deleted when it is no longer required for the above-mentioned purpose.
2.4 YOUR ENQUIRIES
If you send us enquiries using a contact form, via e-mail or by phone, we will process the information you provide in order to answer your query as well as your IP address and the date/time of the enquiry to prevent misuse of the contact form.
The legal basis for processing is our legitimate interest (Art. 6 (1) (f) GDPR) to provide you with the “enquiries” service described above. If your enquiry concerns the initiation or performance (including customer service or warranty) of a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. You can object to the processing of your data on the basis of Art. 6 (1) (f) GDPR. We can then continue processing if there are compelling reasons for processing. This may be necessary in order to provide evidence for enquiries from you and past communication with you. If there are no such compelling reasons, we will stop communicating with you and delete the data that has been collected. This data will be deleted when our communication with you has been terminated, i.e. when the relevant facts have been clarified and no further legitimate interests exist for storage or no further legal obligations exist for storage.
If you take part in one of our contests, we use your data (e.g. name, e-mail address) to carry out the contest, for information purposes and to send you a prize, if applicable.
The legal basis for the processing is the consent you have given when participating in the contest (Art. 6 (1) (a) GDPR). Your data will be deleted when the contest is over and the prizes have been distributed. Your data will be used for other purposes, e.g. advertising, only if you have explicitly given your consent.
2.6 ADVERTISING AND PRODUCT DEVELOPMENT, RIGHT TO OBJECT
We would also like to use the data you have entered or accrued when using the websites to inform you about our products and services (advertising) or to improve our offerings and services (product development). The data collected during registration will be processed (the data displayed as mandatory fields are absolutely necessary for receipt of advertifings, while voluntary data fields are only used for a more personal form of address and selecting the information displayed). We will contact you via e-mail with information, special sales and offers for VEMO 99 LTD services tailored to you and your interests on the basis of either your explicit consent or – if you purchase similar goods or services from us and store your e-mail address here – even without your extra consent. We process data about your usage behaviour after we have sent you e-mails (e.g. click behaviour). You can object to the use of your personal data for purposes of advertising and product development as well as the establishment of contact for this purpose in whole or in part at any time or withdraw any consent you have given. Please use the corresponding options provided for you (e.g. the unsubscribe link in your personal customer account) or contact us via e-mail or in writing (keyword: data protection) using the contact information specified under section 8.
The legal basis for processing is your consent (Art. 6 (1) (a) GDPR) and our legitimate interests (Art. 6 (1) (f) GDPR). This data will be deleted or stored only in aggregated, anonymous form after your objection or withdrawal of any consents you have given or after cessation of use by us at the very latest. If necessary, we will store the data of your objection in order to prevent further contact with you.
2.7 PROVIDING THE WEBSITE AND SERVICES
The processing of server log data is necessary for technical reasons in order to provide the websites and services and in order to ensure system security thereafter.
The legal basis for processing is our legitimate interest in providing the website and our services (Art. 6 (1) (f) GDPR). The processing is absolutely necessary for the use of our website, and there is no right to object. The server log data may then be analysed anonymously for statistical purposes and to improve the quality of our website. The server log data is not linked to your personal data, nor will it be merged with other personal data sources.
3. DATA TRANSFER
3.1 DATA TRANSFER TO PROCESSORS
In some cases, we employ service providers in compliance with legal requirements for order processing, i.e. on our behalf, in accordance with our instructions and under our control. Processors are:
• technical service providers we use to provide the website, e.g. service providers for software maintenance, data centre operation and hosting
• technical service providers we use to provide functionalities, e.g. essential cookies for technical purposes.
• service providers for the practical implementation of advertising and marketing, e.g. service providers for e-mail and analytics cookies.
In these cases, we remain responsible for data processing; the transfer and processing of personal data to or by our processors rests on the legal basis that allows us to process the data in each case. A separate legal basis is not required.
3.2 DATA TRANSFER TO THIRD PARTIES
In some cases, we also transfer your data to third parties, i.e. to partners with whom we cooperate outside of commissioned processing. Such partners provide their services and are as such the responsible parties. For the processing of your data by partners, only their data protection policy applies.
3.2.1 PAYMENT SERVICE PROVIDERS
To process your orders, we send payment information to payment service providers who then process the payment transactions associated with the orders. These include PayPal and your financial institution. The legal basis for the transmission is the performance of the contract with you, Art. 6 (1) (b) GDPR.
3.2.2 LOGISTICS COMPANIES
For the transport of goods, we transfer your address and contact data, when necessary, to parcel delivery companies. The legal basis for the transmission is the performance of the contract with you, Art. 6 (1) (b) GDPR.
3.2.3 SOCIAL NETWORKS
If you wish to share one of our websites on a social network (e.g. Facebook or Twitter) by clicking on one of our “Share” buttons, this information will be transferred to the social network. This assumes that you are logged in to the social network. The legal basis for the transmission is our legitimate interest in offering you the possibility of “sharing”, Art. 6 (1) GDPR.
4. COOKIES AND WEB ANALYSIS TOOLS
4.1 WHAT ARE COOKIES?
4.2 WHICH COOKIES DO WE USE, WHAT IS THE LEGAL BASIS OF THEIR USE AND HOW LONG ARE THEY STORED?
We use three categories of cookies on our websites: (1) Essential cookies, without which the functionality of our websites would be limited, (2) optional performance cookies and (3) optional targeting or advertising cookies:
4.2.1 ESSENTIAL COOKIES
These cookies are essential for you to move around our websites and use the functions. For example, they save the products you have placed in your basket as well as the progress of the ordering process. These cookies do not collect any information about you for marketing purposes, nor do they store where you have been on the internet. Disabling this category of cookies would limit the functionality of all or part of the websites. The legal basis for processing is our legitimate interests (Art. 6 (1) (f) GDPR). These cookies are session-specific and expire after your visit to the website (session).
4.2.2 PERFORMANCE COOKIES / GOOGLE ANALYTICS AND GOOGLE WEBMASTERS TOOLS
Performance cookies collect information about how visitors use a website in general, such as which pages they visit most frequently and whether they receive error messages from websites. These cookies do not collect any data that can be used to identify visitors. All of the information collected with the help of these cookies serves exclusively to understand and improve the functionality of the website and the service it provides.
(1) We use Google Analytics and Google Webmasters tools, web analytics services provided by Google Inc. The information generated by the use of Google Analytics and Google Webmasters tools about your use of this website is transmitted to and stored by Google. However, by activating the IP anonymisation on this website, Google will shorten your IP address beforehand within the area of the member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. The IP address transmitted by the user’s browser will not be merged with other Google data. Google will use this information on our behalf to analyse your use of the website, to compile reports on website activities and provide additional services relating to website use and internet use to the website operator. Pseudonymous user profiles can be created from the processed data. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent Google’s collection of the data generated by the cookie and related to their use of the online offer and Google’s processing of such data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. The legal basis for processing is our legitimate interests because we only use pseudonymised or anonymised data (Art. 6 (1) (f) GDPR). The data collected on the basis of these cookies is made anonymous before analysis. You can deactivate or delete cookies and information stored therein at any time (see 4.2.4).
4.2.3 TARGETING AND ADVERTISING COOKIES
Targeting and advertising cookies are used to tailor advertising more specifically to you and your interests. They also serve to limit how often you see the same advert, to measure the effectiveness of an advertising campaign and understand people’s behaviour after viewing an advert. These cookies are usually placed on the pages of advertising networks with the consent of the website operator (i.e. in this case us). They detect that a user has visited a website and pass this information on to other companies, e.g. advertising companies, or adjust the adverts accordingly. They are often linked to the functions of the website provided by this company. We use these cookies to connect with social networks that may then use the information about your visit to tailor adverts on other websites to you and to provide the advertising networks we use with information about your visit so that you can later be presented with precisely the adverts that could interest you based on your browsing behaviour. If a product is purchased later, this fact may be transmitted to such an advertising network. We also include cookies on our website that are set by service providers on our behalf and enable us to track which products of ours you have already viewed so that we can recommend similar products to you. The legal basis for the processing is the consent you have given in the context of the cookie banner displayed when our website is visited (Art. 6 (1) (a) GDPR). You can deactivate or delete cookies and the information stored therein at any time (see the following information).
4.2.4 DEACTIVATION OF WEBMASTER, ANALYTICS, TARGETING AND ADVERTISING COOKIES
4.3 HOW DO I DISABLE COOKIES?
You can prevent the use of any cookies by adjusting the cookie settings in your browser. However, we would like to point out that the functionality of our websites will be limited if you do so, since essential cookies will also be blocked. If you go to the website www.youronlinechoices.com, you can read more information about cookies and the individual providers. There, you also have the opportunity to object to use-based online advertising by means of individual tools or all tools. To go directly to the preference manager, please click here: http://www.youronlinechoices.com/uk/your-ad-choices
We use links to our other web presences on websites and third-party services, e.g. on social media channels like Facebook, Twitter or Youtube. The data processing of these other service providers on their websites is the sole responsibility of these third parties and their data protection policy applies.
We and our service providers employ technical and organisational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our data processing and security measures are continually being improved with technological developments. Our employees and our service providers are, of course, bound to a confidentiality agreement.
7. YOUR RIGHTS TO INFORMATION, CORRECTION, BLOCKING AND DELETION
Every natural person whose personal data we process has the following rights (i.e. depending on the respective conditions):
• If you have any questions regarding the processing of your personal data by us, we would be happy to provide you with information about your stored personal data at any time free of charge (Art. 15 GDPR).
• You have the right to correct inaccurate data and complete incomplete data (Art. 16 GDPR).
• You have a right to block/restrict the processing or delete your personal data that is no longer required or stored on the basis of legal obligations (Art. 17, 18 GDPR).
• You have the right to transfer the data in a structured, commonly used and machine-readable format, provided that you have provided us with the data on the basis of an agreement or a contract between us and you (Art. 20 GDPR).
• You have the right to object to the processing of your data for direct marketing purposes at any time (Art. 21 (2 and 3) GDPR).
• You have a right to object to processing of personal data on the basis of a legitimate interest, unless we can explain our compelling legitimate grounds (Art. 21 (1) GDPR). We have pointed out above in what cases such a right is available.
• If you have given your consent to data processing, you can withdraw this with effect for the future at any time, i.e. the legality of the data processing carried out up to the time of the revocation remains unaffected by your withdrawal of consent. After withdrawing your consent, you may no longer use our services.
Please contact us with your request in writing (keyword: data protection) or via e-mail using the contact information under section 8. We reserve the right to check your identity to ensure that your personal data is not disclosed to unauthorised persons. You also have the right to file a complaint with a data protection authority.
8. DATA PROTECTION ADMINISTRATOR
VEMO 99 LTD, 88 Rozhen Blvd., 1271 Sofia, Bulgaria
Phone: +359 2 931 66 21
VAT number: 130092621
From time to time, it is necessary to change the content of this Privacy and Data Protection Policy. We therefore reserve the right to change it at any time. We will publish the amended version of the Privacy and Data Protection Policy here as well. If you visit us again, we kindly ask you to read the Privacy and Data Protection Policy again.
Last changed: May 2018