Identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Personal data means any information relating to a data subject
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law
EU regulation 2016/679 EU General Data Protection Regulation
Act num. 480/2004 Coll., on certain information society services
Website of the e-shop located at sequentworld.com
1. THE CONTROLLER
We are the company SEQUENT AG and we operate the e-shop at sequentworld.com. According to the relevant legislation the company SEQUENT AG is the controller of the processing of personal data related to operating the e-shop at sequentworld.com. In the following text the company SEQUENT AG is referred to as “We”. For full identification details of the controller refer to the heading of this Policy.
2. WHAT DATA WE COLLECT AND HOW WE USE IT?
In order to fulfil your orders, to operate the Website or to enhance the customer experience we process certain personal data of the visitors of the Website and our customers as described in detail below.
2.1 Visiting and using the Website
During your visit to the Website we might collect and process various personal and non-personally identifiable data in order to ensure the functionality and security of the Website, to analyse your interactions with the website or to ensure the functionality of our marketing tools. The data collected might include:
- Anonymised IP address (not full IP address, just a part of it that is not specific for your machine),
- User ID (pseudonymised or random unique visitor ID),
- Date and time,
- Title of page being viewed,
- URL of the page being viewed (Page URL),
- URL of the page that was viewed prior to the current page (Referrer URL),
- Screen resolution being used,
- Time in local user’s timezone,
- Files that were clicked and downloaded,
- Links to an outside domain that were clicked (Outlink),
- Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user: Page speed),
- Location of the user: country, region, city, approximate latitude and longitude (Geolocation),
- Main Language of the browser being used (Accept-Language header),
- User Agent of the browser being used (browser, operating system, device used, brand and model),
- Time of the first visit for a user,
- Time of the previous visit for a user,
- Number of visits for a user.
2.1.1 Website functionality and security
To ensure the Website, and especially the e-shop, functions properly, the Website needs to access, store and process some of the above mentioned data and in addition to that data like authentication information, content of your shopping cart and information you fill in various forms used by the Website.
This personal data is processed in order to deliver you the services offered by our Website and are collected as you use the Website (article 6 (b) GDPR). Some of the features of the Website might need to set up a cookie in your browser. As these cookies are necessary to provide you the services on your request your consent with setting up the cookies is expressed by requesting the services of the Website.
2.1.2 Website Analytics
The Website uses website analytical services for gathering aggregated statistical data about usage of the Website and about user interactions. We use this data to improve the Website and your user experience and to help us improve our services and products. We might use third-party services for website analysis; see section 3 for more details.
We process some of the above-mentioned data in order to measure the success of our marketing campaigns, calculate advertisement costs and to customize your customer experience. We might use third-party services for marketing purposes; see section 3 for more details.
2.1.4 More information
Detailed information about the tools used on the Website are listed in section 4 of the Policy.
In order to fulfil your orders we need to process your identification details (name, surname, address of residence), delivery information (recipient, delivery address), contact details (phone, e-mail) and details of your order (ordered items, customization details etc.) which you enter into the checkout form. Other information will be created and collected as the contract is performed (invoice, payment history, communication, warranty claims etc.).
The above-mentioned personal data is necessary to fulfil your orders under contracts concluded between us (article 6 (b) GDPR) or we are obliged by the law to keep it e.g. for accounting (article 6 (c) GDPR) or it is necessary for safeguarding your and our rights in case of complaint, warranty claims or dispute (article 6 (f) GDPR).
The personal data is archived for 2 years or longer if the law requires it. The personal data archived under a legal obligation are deleted as soon as the statutory archiving period has expired.
2.3 Customer relationship management
If you enter into a contract with us (by submitting an order) we will keep your contact details and information about your orders in our system. We might use this information in the future to get back to you with customer satisfaction feedback requests or with information about our company, products or special offers in order to develop our business relationship (article 6 (f) GDPR in conjunction with the exemption introduced in AISS).
You can refuse this kind of communication before you submit your order or later using a provided link or by contacting us in this matter. The personal data are kept in our systems for 2 years.
2.4 Customer account
When you purchase goods from us or order our services you are required to set up the customer account before you submit your order. In order to register your customer account, you have to fill in your log in details (e-mail address and password). In your customer account you can review your orders, downloads, contact and account details.
The customer account is an integral part of our delivery process and as such we require you to set up or log into a customer before you make your order. The processing of personal data related to the customer account is necessary to fulfil your orders under a contract concluded between us (article 6 (b) GDPR).
The personal data related to your customer account are stored as long as you maintain your customer account. The customer account can be deleted on your request after the delivery.
You can register your e-mail address in order to receive our newsletter with news about our company, our products and special offers. By registering your e-mail address, you express your consent with receiving the newsletter (article 6 (a) GDPR). We will ask you to confirm your e-mail address by sending you a confirmation e-mail on the address provided. We use third party provider for handling the mas e-mailing. See section 3 for more details.
You can unsubscribe from the newsletter any time from by using the link provided in the newsletter e-mail.
The e-mail address will be used for the marketing communication as long as you maintain your customer account or until you unsubscribe from the newsletter. If you registered to our newsletter without registering an account we will ask you once every three years if you want to stay in touch with us and if you do not renew your consent we will stop sending you the newsletter.
2.6 Contact form
You can contact us with your queries, notes or suggestions through our contact form provided by the Website. In order to get back to you and handle your requests we are collecting your name, e-mail address and the communication between you and our staff.
By submitting the contact form, you give us your consent to be contacted in the matter (article 6 (a) GDPR). The communication might be archived for 2 years in case of further communication or to safeguard our rights in case of a dispute (article 6 (f) GDPR).
The communication might be handled by our external staff based on a data processing contract. In such a case your personal data will stay with us and the contractors will only have access to our system. See section 3 for details.
2.7 Connecting with our partners
During the registration of your customer account either before making a purchase or during the checkout you can apply for our partners’ marketing campaigns. In this case we will share your e-mail and possibly a social media profile with our partners and they might contact you and inform you about their business, products, special offers or membership options.
If you apply to be part of our partners’ marketing campaigns you give us your consent to share your contact and social media profile with our partners listed in section 3.2 of this Policy and you express your consent to be contacted by them (article 6 (a) GDPR).
The contact details and social media profile will be shared with our partners for no more than a month.
3. WHO IS INVOLVED IN THE PROCESSING?
3.1 Service providers
Our services rely on outsourcing from our service providers that help us deliver better services to you. We choose our service providers with care and with security and confidentiality of your personal data in mind. Our service providers are bound by contractual obligations to keep your data secure and private. We do not share more data than necessary with our service providers. Below we describe how are our service providers involved in the processing.
3.1.1 Parcel services
In order to deliver the ordered products to you we use parcel service providers. We must share your delivery details and contact information with them to enable them to make the delivery. The parcel services are provided under contracts including data protection obligations of the parties.
3.1.2 Payment Services
To collect payments, we might use a third-party payment service provider depending on your choice of payment method. In order to process the payment, we must share certain details about the order and your identification details with the provider. The payment provider might ask you for more information during the payment process including your payment details (bank account, card number, security codes etc.). They do not generally share payment details information with us. The payment services are provided under contracts including data protection obligations of the parties.
3.1.3 Hosting Services
We use Google hosting services for operating the Website. Professional hosting services provided by Google offer highest grade security that is regularly audited by independent experts to ensure that your data are stored securely.
Google LLC is a company established in the USA. We have a data processing contract according to the GDPR in place with Google LLC and they have acquired a Privacy Shield certification for international transfers.
3.1.4 Mass e-mailing
We use the Mailchimp app for handling mass e-mail communication including communication related to our customer relationship management and the newsletter (as described above in sections 2.3 and 2.5 of this Policy).
Mailchimp services are provided by The Rocket Science Group LLC a company established in the USA. We have a data processing contract according to the GDPR in place with The Rocket Science Group LLC and they have acquired a Privacy Shield certification for international transfers.
3.1.5 Website Analytics
We use various website analytics services including Google Analytics, Google Tag Manager and Google Ads (see section 4 of this Policy for more details).
Google LLC is a company established in the USA. We have a data processing contract according to the GDPR in place with Google LLC and they have acquired a Privacy Shield certification for international transfers..
3.1.6 Cloud hosted tools
We use various business and productivity tools that are hosted in the cloud by the provider. These tools allow us to provide you with better services and storing the data in the cloud with high-end security is more secure than handling the data on our premises. We have data processing contracts with the providers and if the data is stored outside the EU our partners are either Privacy Shield certified, or we use the Standard Contractual Clauses adopted by the EU Commission.
We use the services of various external consultants for specialized matters such as accounting, tax consultancy, audit, legal services, etc. with whom we might need to share some of the data we process depending on the matter. The security of the data that is shared with our consultants is secured under contracts and their professional duty of confidentiality.
Part of our staff are self-employed persons and they might be involved in various tasks during processing of personal data. In such cases, we have a data processing contract with these individuals. They process personal data stored in our systems and may not store the data themselves.
3.2 Your specific consent
If you give us your specific consent to share your personal data with another subject, we will do so. The consent should specify the subject with whom we shall share the data and other specifics like conditions of international transfer.
Particular case of your specific consent to share your personal data with a third party is when you apply for our partners’ marketing campaigns (as described in section 2.7 of this Policy). In such case we will share your personal data with our following business partners:
- to be added (company, country),
- to be added (company, country).
Our business partners are established in various countries including the EU Member States, USA and other countries around the world as listed above. In case the personal data is shared with a partner not established in the EU we use the Standard Contractual Clauses adopted by the European Commission to safeguard your rights.
3.3 Lawful obligations
Under certain circumstances we might be obliged by the law or under public authority request or court order to disclose some of the personal data we are processing to the authorised body including courts, governmental bodies or law enforcement.
3.4 Privacy Shield information
As mentioned above some transfers of personal data rely on the Privacy Shield framework which is a compliance mechanism negotiated by the U.S. government and the European Commission to ensure privacy and personal data security for data transfers from the EU to the United States. It is compliant with the GDPR to transfer data to entities certified in the Privacy Shield under standard contractual terms. The rights of the EU citizens are enforced by the U. S. Department of Commerce. More on the Privacy Shield framework can be found on the Privacy Shield website.
4. COOKIES AND OTHER TOOLS USED BY THE WEBSITE
Cookies are small text files that are stored in your browser. They are used by web developers to help users navigate their websites efficiently and perform certain functions. Due to their core role of enhancing/enabling usability or site processes, disabling cookies may prevent users from using certain functionality of the Website. To find more about cookies you can visit the allaboutcookies.org or related wikipedia page.
4.1 List of cookies and other tools
Shopify : https://www.shopify.co.uk/legal/cookies
Google : https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
4.2 More information
4.2.1 Shopify e-shop suite
We use Shopify for our e-shop. The above listed Shopify cookies are essential for proper operation of the Website and the e-shop. The cookies help the system handle tasks like managing the shopping cart and other e-shop functionality. Without these cookies the e-shop will not work properly.
4.2.2 Google Analytics
We use Google analytics to collect useful information about how users interact with the Website and to create aggregated statistics. This helps us to maintain and further develop the Website. Google Analytics collects first-party cookies, data related to the device/browser, IP address (anonymised) and on-site activities to measure and report statistics about user interactions on the Website. Google analytics should not collect any personally identifiable information.
4.2.3 Google Tag Manager
We use Google Tag Manager tag management system to help us make the most out of our Google Analytics and Google Ads tools on the Website. The Google Tag Manager is used to correctly deploy and manage data collecting tags (website code segments) for the Google Analytics and Google Ads on our Website.
For more detailed information you can review the Google Tag Manager overview website.
4.2.4 Google Ads
We use Google ads advertisement to draw attention to the Website and our products. The Google Ads tools are used to measure the success of the advertisement campaigns, generate aggregated statistics about the advertisement campaigns, personalize the advertisements and help prevent misuse of the advertisement.
For more detailed information about how Google uses data in advertising you can review Google Ads website.
4.3 Your choices
4.3.1 In general
You can set your browser to reject all cookies or just the ones you select. Your setting might be interpreted as your consent with storing and using cookies. You can learn how to set your browser preference in the Help section of your browser. Should you decide to reject all cookies, please remember that the Website might not function properly.
4.3.2 Google Analytics Opt-out
You can opt-out of the Google Analytics by using the Google Analytics Opt-out Browser Add-on.
4.3.3 Google Ads Settings
You can manage your Google Ads choices using the Google Ads settings.
4.3.4 Other Advertisement Settings
4.3.5 Technical and security cookies
Cookies used by our e-shop (Shopify cookies) are necessary to ensure proper functionality of the Website. Therefore these cookies are necessary to provide the services to you. If you want to use our services, we need to set up these cookies. If you forbid to set up these cookies, then the Website might not work for you or the functionality might be severely hindered.
5. ADVICE ON RIGHTS
If you are located in the EU, you have the following rights in connection with processing of your personal data: (1) the right of access to personal data, (2) the right to rectification of inaccurate personal data, (3) the right to restriction of processing, (4) the right to erasure of personal data, (5) he right to object to processing of personal data, (6) the right to revoke your consent, (7) the right to data portability and (8) the right to lodge a complaint with a supervisory authority.
We need to verify your identity when you make a request to exercise any of the rights mentioned above. Please submit the request with the e-mail address you have provided us.
5.1 Right of access
In relation to processing of personal data, you have the right to obtain, upon your request, information about the processing and the copy of your processed data.
5.2 Right to rectification
When you regard your personal data as inaccurate, outdated or incorrect in any other way, you have the right to contact us and we will ensure due rectification.
5.3 Right to restrict the processing
In cases presumed in Article 18 of GDPR, e.g. where the personal data under processing are inaccurate or you have objected to processing, you have the right to restriction of the processing.
For the period of the restriction, personal data shall only be stored with us and may not be subject to any other operation without your consent. The restriction of processing lasts for the duration of any of the above described situations. You shall be informed of the termination of such restriction.
5.4 Right to erasure (right to be forgotten)
In cases presumed in Article 17 of GDPR, e.g. when you withdraw your consent or the personal data are no longer necessary, you have the right to their erasure.
Nevertheless, in some cases the right to erasure is limited. For example, personal data processed for compliance with legal obligations imposed on us must not be erased before the expiry of the retention period specified in law.
5.5 Right to object
In case of the processing based on legitimate interests and/or for the purposes of direct marketing, you may raise a reasoned objection to the processing. The grounds for the objection will be assessed and you will be notified of the decision.
5.6 Right to withdraw consent
In case of processing of personal data based on consent, this consent may be withdrawn at any time.
5.7 Right to data portability
Where the processing of personal data provided by you is based on consent or on a contract and is carried out completely by automated means and the personal data are stored in a structured, machine-readable format, you have the right to receive these personal data in a structured, machine-readable format.
6. CONTACT DETAILS
If you have any questions or inquiries do not hesitate to contact us via e-mail:
7. FINAL PROVISIONS
This Policy come into force and effect on 01.01.2020, repealing the previous versions.
We reserve the right to change this Policy at any time. You will always be notified about substantial changes.