Privacy Policy

OUR PRIVACY POLICY - GDPR

 

a

Preamble

The protection of your privacy and data is very important to us and is always observed in all business transactions.


By using this website, you consent to the use of your personal data (hereinafter "data") as described in this privacy policy.

You can always use our website without providing personal information. However, different provisions may apply to individual services, to which we refer you separately below.

a

General

Your personal data (hereinafter referred to as "data") is processed on this website for the purpose of providing of information regarding singing bowls, as well as to present and offer products and services related to this topic. In this privacy policy, we inform you regarding e.g.

  • the name and contact details of the data controller
  • all purposes for which your data is processed
  • the legal basis on which processing activities are based, potentially including our legitimate interest in doing so
  • all recipients of your data
  • the possible transfer of your data to a third country and an explanation of the associated legal basis
  • the storage duration of your data or the criteria for determining the duration
  • the categories of your data which are processed
  • where your data originates
  • the rights of data subjects
a

The data controller is

Changing World Imports Ltd, 9 Roman Lane, Sutton Coldfield, United Kingdom, B74 3AD, Phone: 0044-792-1925411, Email: privacy@changingworldimports.com.


No data protection officer has been appointed since this is not required by law.


In light of the judgment of the European Court of Justice C-210/16 of June 5th 2018 („the Facebook-Fan-Pages-Judgment“) we state as follows:

Contrary to Shopifiy’s claim of being a data processor, Shopify actually also is a data controller in regards to the GDPR. 


If you visit our website and shop on our website you hereby understand that Shopify is a data controller who collects and processes your data and who is responsible for handling your data, independently of our own responsibility as a data controller. 


Therefore, if you wish to exercise any of your rights in regards to Shopify’s processing of your data, please contact Shopify directly.


If you have any questions you may contact Shopify by email at privacy@shopify.com, or by using the contact details below:


Residents outside of the European Economic Area:


Shopify Inc.

Attn: Chief Privacy Officer

150 Elgin St., 8th Fl

Ottawa, ON K2P 1L4

Canada


Residents of the European Economic Area:


Shopify International Limited

Attn: Data Protection Officer

c/o Intertrust Ireland

2nd Floor 1-2 Victoria Buildings

Haddington Road

Dublin 4, D04 XN32

Ireland


Please also see:

https://www.shopify.com/legal/privacy?utm_source=blog&utm_medium=blog&utm_term=923140105&utm_content=gdpr

a

Your rights

You have the following rights with respect to personal data concerning you:


  • the right of access
  • the right to rectification or erasure
  • the right to restrict processing
  • the right to object to processing
  • the right to data portability
  • the right to withdraw your consent 


You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us.


You can contact us at any time for further information on this and other questions regarding personal data.


Right of access


You have the right to obtain from us free information about your personal data stored at any time and a copy of this information. Furthermore, you have the right to access the following information:


  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from you, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.


Furthermore, you have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, you have the right to be informed of the appropriate safeguards relating to the transfer.


Right to rectification 


You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.


Right to erasure 


You have the right to obtain from us the erasure of personal data concerning you without undue delay, and we have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary: 


  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You withdraw consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR. 
  • The personal data have been unlawfully processed.
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.


Right to be forgotten 


Where we have made personal data public and are obliged pursuant to Article 17(1) to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. 


Right of restriction of processing


You have the right to obtain from us restriction of processing where one of the following applies:


  • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data. 
  • The processing is unlawful and you oppose the erasure of the personal data and request instead the restriction of their use.
  • We no longer need the personal data for the purposes of the processing, but we are required by you for the establishment, exercise or defence of legal claims.
  • You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of us override those of you.


Right to data portability


You have the right to receive the personal data concerning you, which was provided to us, in a structured, commonly used and machine-readable format. 


You have the right to transmit those data to another controller without hindrance from us to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.


Furthermore, in exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.


Right to object


You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.


We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.


If we process personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This applies to profiling to the extent that it is related to such direct marketing. 


If you object to us to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.


In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.


Automated individual decision-making, including profiling


You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between you and us, or (2) is not authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.

.

Right to withdraw data protection consent 


You have the right to withdraw your consent to processing of your personal data at any time. Your withdrawal does not affect the legality of the data processing until withdrawal.

a

Minors

Our website and services are not intended for use by minors and we expressly do not wish to collect information from minors. If a parent or legal guardian of a minor believes that his or her child may have provided personal information to us, please write to us at the contact address indicated below and we will delete the associated personal information, subject to applicable law and this policy.

a

Data security

We employ reasonable technical and organizational measures and safety precautions (TOMs) to prevent unauthorized access to, unlawful processing of, and unauthorized or accidental loss of your information.


This includes e.g. encrypting your communication with us via this website based on the Secure Socket Layer (SSL) encryption protocol.


You can verify the quality of our encryption here: https://www.ssllabs.com/ssltest

We expressly point out that data transfer over the internet can be subject to security vulnerabilities and cannot be protected completely from access by third parties.

a

Web host

The server hosting this website is operated by Shopify International Limited, Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify"), with whom we have entered into a data processing agreement.


For more details, please refer to 

https://www.shopify.com/legal/privacy?utm_source=blog&utm_medium=blog&utm_term=923140105&utm_content=gdpr.

a

Server log files

Each time you access our website, an automated system captures a series of general data and information.


This general data and information is stored in the log files of our server from Shopify.


Data and information recorded include


  • the browser types and versions used
  • the operating system used by the accessing system
  • the website from which an accessing system reaches our website (“referrers”)
  • the sub-website controlled on our website via an accessing system
  • the date and time of access to the website
  • an Internet Protocol address (IP address)
  • the Internet Service Provider of the accessing system
  • other similar data and information used to avert danger in the event of attacks on our information technology systems

We draw no conclusions regarding your person when using this general data and information.

 

This information is required in order to


  • deliver the contents of our website correctly
  • optimize the content of our website and advertising for it
  • ensure the continued functioning of our information technology systems and the technology on our website
  • provide law enforcement with the information necessary to process offenses in the event of a cyberattack

We statistically evaluate this anonymously collected data and information as well as use it to improve data protection and data security within our company in order to ultimately ensure the best possible level of protection for you. In all cases, we are permitted to process this data on the basis of our legitimate interest under Art. 6 (1) f GDPR.

The logs are stored separately from all personal data provided by you, and are also deleted after a maximum of 2 months.


a

Cookies

This website uses cookies. Cookies are small text files which are stored on the local computer.


Transient cookies are automatically deleted when you close your browser. These include in particular session cookies. These store what is known as a session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.


Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.


You can configure your browser setting according to your preferences and e.g. refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all the features of this site if you do so.

For further information please see https://www.shopify.ca/legal/cookies.


Error: The domain WWW.ETOILEWEBDESIGN.COM is not authorized to show the cookie declaration. Please add it in the cookie manager to authorize the domain.

a

How do we collect your data?

Currently, you can enter data on our website and send us an email.


Contact form on the website


When we receive a message from you, our data processor Shopify will log and save the registration date and time and the IP address from which the registration was received. This is for evidentiary purposes only in the event that an email address is used by an unauthorized person.


Email


Please note that unencrypted emails sent via the Internet are not adequately protected against unauthorized access by third parties. 


Newsletter


Once you have given your consent, you can subscribe to our newsletter. The newsletter contains information about our current offerings of interest.


Our company’s newsletter can only be received by you if (1) you have a valid email address and (2) you have signed up to have the newsletter sent to you.


As part of the double opt-in process, a confirmation email will be sent to the email address you initially entered to receive the newsletter at and in which we ask you to confirm that you wish to receive the newsletter.


This confirmation email is used to verify that you, as the owner of the email address, have authorized the receipt of the newsletter.

The purpose of this procedure is to verify your registration and, if necessary, to inform you regarding the potential misuse of your personal data.

a

Why do we process your data?

When you contact us, e.g. just to obtain information from us, we process your data for this purpose.


If you contact us, e.g. to conclude a contract, we process your data for this purpose.


Processing your order, including customer service


If you enter your order data on our website or via email, the data you provide, including your personal data, will be processed by us and the recipients mentioned below in order to (pre)process your order as part our business relationship with you, to process and manage your order, as well as to provide you with customer service.


Newsletter


We use a newsletter to inform our customers and business partners at regular intervals of offerings by the company. The advertised goods or services are designated in the declaration of consent.


The data collected in the course of your subscription to the newsletter will be used exclusively to send our newsletter.

Subscribers to the newsletter may also be informed by email should this be necessary to offer the newsletter service or the associated registration, e.g. in the event of changes to the newsletter or changes in technical conditions.

a

Why are we permitted to process your data?

When you contact us, e.g. just to obtain information from us, we may process your data on the basis of your consent pursuant to Art. 6 (1) a GDPR and Art. 6 (1) f GDPR.


If you contact us to e.g. conclude a contract, we may process your data on the basis of Art. 6 (1) b GDPR and may save it on the basis of Art. 6 (1) c GDPR.


Processing your order


Your data, including the personal data provided by you, as well as any unsolicited and voluntarily furnished special categories of personal data, is processed by us and the recipients listed below on the legal basis set forth in Art. 6 (1) b and Art. 9 (2) a GDPR in order to be able to identify you as a customer, in order to be able to appropriately process the relevant order, as well as for correspondence with you. The data processing takes place at your request and is necessary to appropriately process your order for the cited purposes.


Marketing (general)


“Legitimate interest” pursuant to Art. 6 (1) f GDPR. The legitimate interest is our interest in initiating a business transaction and developing the business relationship with existing and potential customers.


Newsletter


The legal basis is your consent pursuant to Art. 6 (1) a GDPR.

For more information please visit: https://www.aweber.com/privacy.htm and https://www.aweber.com/dpst.htm

a

What data do we process?

Information


If you contact us solely to obtain information from us, we will process the data provided by you.


You provide information on a purely voluntary basis. However, we expressly ask that you not disclose any information that is likely to be of little or no relevance to your intended purpose. This applies in particular to specific categories of personal ("sensitive") data.


Order


Depending on the information you voluntarily provide us with, your data processed by us may include:


  • your contact details (name, address, telephone number, email address, etc.)
  • the content of the order
  • unsolicited and voluntarily provided special categories of personal data which you provide us with


You provide information on a purely voluntary basis. However, we expressly ask that you not disclose any information that is likely to be of little or no relevance to your intended purpose. This applies in particular to specific categories of personal ("sensitive") data.


Newsletter


Which personal data is transmitted to us when ordering the newsletter depends on the input screen that is used for this purpose.


The only information that must be entered in order for the newsletter to be sent is your email address.


Entering additional, separately provided data is voluntary and will be used to let us address you personally.


When registering for the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP), the computer system you used at the time of registration, and the date and time of registration.

The collection of this data is necessary in order to be able to track the (possible) misuse of your email address at a later date, and therefore serves as legal protection for us.

a

Who is your data transferred to?

Your data may be passed on in whole or in part, but only to the extent necessary and, if necessary, to the following controllers:


  • Shopify International Limited (Processing of orders)
  • PayPal (payment transactions)
  • Credit Card Processing Companies (payment transactions)
  • Banks (payment transactions)
  • Tax consultants (accounting)
  • Collection agencies (debt collection)
  • Law enforcement representatives (law enforcement)
  • Courts (law enforcement)
  • Administrative authorities 


In addition, your data may be transferred to the following recipients acting as processors. We have concluded a data processing agreement with all of them and have verified the appropriate technical and organizational measures (TOMs):


  • Shopify International Limited (Webhosting – Ireland)
  • Asana Inc. (Project Management – USA – Privacy Shield)
  • Zoom Video Communications, Inc. (Communication – USA – Privacy Shield)
  • Gmail (Email Forwarding – USA – Privacy Shield)
  • GrooveHQ (Help Desk – USA – Privacy Shield)
  • Loom Opentest, Inc. (Communication – USA – Privacy Shield)
Newsletter


With the exception of the recipients mentioned in this policy, the personal data collected about you in the context of the newsletter service will not be transferred to third parties.


In addition, your data which appears in the newsletter form will be forwarded to the following recipients:

  • Aweber (Newsletter-Service – USA – Privacy Shield)
a

How long do we process your data?

Your data will be stored in a form that will permit your identification only for as long as necessary for the purpose for which it is processed.


Information


By providing us with your data via this website or via email, you expressly agree that your data will be processed by us and the aforementioned recipients for the duration of the processing of this information, including the personal data provided by you and any unsolicited and voluntarily provided special categories of personal data.


Consequently, in the event that you contact us solely to obtain information from us, your information will either be deleted immediately or deleted after the appropriate period which corresponds to the content of the communication has elapsed.


Upon revocation of your consent, we will erase (or instruct the erasure of) all your data from all databases, including accumulated data.


Order


Due to commercial and tax regulations, we are obliged to save your address, payment and order data for a period of 7 years. In the event that you contact us to conclude a contract, your data will be deleted at the end of the 7th year after the last document has been recorded. 


However, we limit such processing after 2 years, i.e. your data will only be used to comply with statutory obligations.


You data may continue to be stored due to statutory/legal retention obligations or contractual obligations, e.g. in regards to customers in relation to warranty or compensation or in regards to contractual partners (Art. 6 (1) c GDPR, Art. 17 (3) e GDPR).


Marketing (general)


Marketing data is stored for up to 3 years following the last contact.


Newsletter


The consent to process your personal data which you have given us in connection with the newsletter can be revoked at any time. Consequently, you can unsubscribe from the newsletter at any time.

You can notify us of your revocation by clicking on the link provided in each newsletter email, via the form on the website or by sending a message to the contact point provided in the site legal notice.

a

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). 


Google Analytics uses cookies that are stored on your computer and that allow an analysis of the use of the website. 


The purpose is to count and measure the traffic to and from our website. On our behalf, Google uses the information collected to evaluate your use of our website, to compile reports on website activity, and to provide us with other services related to website activity and internet usage.  


As a legal basis for the use of Google Analytics, we use our legitimate interest in accordance with Art. 6 (1) f GDPR on the improvement of our information and service offer and our website, range measurement and access metering for the marketing of advertisements. In this regard, you have a right to object at any time.


On this website, Google Analytics has been extended to include the code "anonymize_IP" to ensure the anonymized collection of IP addresses (so-called IP masking). 


Your IP address will therefore be shortened by Google for the last three digits and pseudonymized recorded. Only in exceptional cases will the full IP address be sent to a Google server in the US, where it will be shortened and pseudonymized.  


Due to the shortened recording of the IP address and its pseudonymization, only a rough localization is possible from where our website was accessed. 


The shortened IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.  


The information generated by the cookie about your use of this website (abbreviated pseudonymous IP address, website title, browser-specific information, website usage information) is usually transmitted to a Google server in the USA and stored there. The relationship with Google and the transmission of the information to Google is based on a European Commission adequacy decision: EU-US Privacy Shield Agreement ("Privacy Shield").


In addition, you can prevent the storage of cookies by a corresponding setting of your browser software; However, please be aware that if you do this you may not be able to use the full functionality of this website.  You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by using the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.  

Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/en.html, Privacy Policy: http://www.google.com/intl/de/analytics/learn/privacy.html, and the Privacy Policy: http://www.google.com/intl/en/policies/privacy