Data Protection Information

This Data Protection Information provides information on the processing of your personal data whenever you visit the website of Allccessory (hereinafter “Allccessory”, “we” or “us”) and when purchasing goods from said website.

1. Scope, data controller, data protection officer and definitions

1.1 Scope of this Data Protection Information

This Data Protection Information applies to the use of the websites of Allccessory, includ-ing the online shop and any measures connected for the execution and rescission of an online pur-chase, the creation of a customer account, the newsletter dispatch, further informative emails and customer services, and for our marketing activities on third-party websites.

1.2 The Controller for the processing of your personal data

Unless otherwise specified in this Data Protection Information, the Controller for the processing of your personal data is:

www.allccessory.com Represented by: Iuliana Crudu
P.O. Box 10 02 14
70827 Gerlingen
Germany
Email: contact@allccessory.com

1.3 Definitions

This Data Protection Information is based on the following terms under data protection law, which we have defined to facilitate understanding.

GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Recipient means a natural person or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by the public authorities shall be in compli-ance with the applicable data protection rules according to the purposes of the pro-cessing;

Examples of possible recipients: Banks / payment providers, logistic firms and ship-ping service providers and IT services providers; for more information please refer to Section 4)

Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Examples of personal data: Name, contact details, bank or credit card details.

Controller means the natural person or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

For the data processing activities described in this Data Protection Information, the Controller is Allccessory, unless otherwise specified (Section 1.2.).

Processing means any operation or set of operations which is on personal data or on sets of personal data, whether or not by automated means such as collection, record-ing, organisation, structuring, storage, adaptation or alteration, retrieval, consulta-tion, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Purposes and legal bases of our processing of your personal data

2.1 Processing of your data when you visit our websites

If you visit our websites in order to find out about products and services without registering for a customer account, purchasing products in our online shop or otherwise actively transferring infor-mation to us (purely for informational purposes), we process your personal data for the following purposes and by virtue of the following legal bases:

2.1.1 Provision of websites and IT security

We process your personal data that are technically necessary to allow us to provide our websites to you and to guarantee stability and security when you visit our websites. This includes the following personal data:

IP address
type and version of browser
operating system and platform
the complete Uniform Resource Locator (URL)

These personal data will be stored for security purposes in server log files, which will automatically be deleted after 7 days.

This data processing is necessary for the purpose of enabling you to use our websites (Legal basis: Art. 6 (1) sentence 1, lit. b GDPR) as well as for the purposes of our legitimate interest to guarantee IT security (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).

2.1.2 Provision of localised websites

We also process your personal data that are technically necessary to allow us to provide you with a localised version of the websites, in particular with regard to the language.

This data processing is necessary for the purpose of our legitimate interest to adapt our website to your needs (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).

2.1.3. Website Analytics

2.1.3.1. Google Analytics

We use Google Analytics on our websites, a web analysis service of Google Inc. (“Google”). Google Analytics uses cookies (for more information on cookies please refer to Section 2.1.9 and our Cookie Information) that allow an analysis to be made on the usage of our websites. The information generated by the cookie on the use of our websites is, as a rule, transferred to a server of Google , where it is stored. However, as we use Google Analytics with the extension “anonym IP()”, Google will reduce the IP address of the website visitor within Member States of the European Union or in other states party to the Agreement on the European Economic Area before-hand, which excludes any direct association to you. Only in exceptional cases, is the full IP address transferred to a server of Google and shortened there. On behalf of Allccessory, Google will use this information in order to evaluate the use of the websites, to prepare reports on the web-site activities, to analyze the impact and improve the customization of our digital advertisements, and to provide further services to Allccessory connected with the use of the websites and of the Internet. The IP address transferred from the user’s browser with regard to Google Analytics is not merged with other data by Google. Further information on terms of use and data protection can be found under:

https://policies.google.com/terms

https://policies.google.com/privacy

This data processing is necessary for the purpose of our legitimate interest to carry out analyses in order to improve our website and our products, and to advertise our products on the Internet in a customized and efficient way (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).

Google Analytics Opt-out:

You can prevent the processing of your usage data (including your IP address) by Google Analytics generally, by downloading and installing the browser add-on available at the following link:

https://tools.google.com/dlpage/gaoptout

In addition, you can also prevent Google Analytics from collecting your usage data on our websites by clicking on the following link:

Click here to opt-out of Google Analytics

In this case a persistent opt-out cookie is set in your current used browser, that prevents your data from being recorded in the future when you visit our websites with this specific browser. If you use another browser, Google Analytics will be in principle enabled, unless the opt-out cookie is also set in this browser. Please note, that Google Analytics will be enabled again, if you delete the abovementioned opt-out cookie in your browser.

2.1.4 Individual recommendations on our websites

When you visit our web pages, we use Google AdWords to process data on your user behaviour like watched products, content of shopping cart ect. in order to show you individual recommendations on our websites based on this data. For further details on the processing of data by Google Adwords please refer to Google’s privacy policy under the following link:

https://policies.google.com/privacy

This data processing is necessary for the purpose of our legitimate interest to create a better user experience by tailored recommendations (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).

Individual recommendations Opt-out:

You can object to this data processing by clicking on the following opt-out link:

Google AdWords: https://adssettings.google.com

2.1.5 Display advertising/retargeting on third-party websites

When you visit our websites, tags and cookies are set by our retargeting provider(s) to track which products you have viewed or purchased on our websites. With the help of this information we can then show you individual offers of our products on third-party websites via our retargeting provider(s), and analyze the results to further improve our advertising. For further details on the processing of data by our retargeting provider(s) listed below, please refer to the corresponding privacy policy / policies:

Google AdWords: https://policies.google.com/privacy
Facebook Ads: https://www.facebook.com/about/privacy

This data processing is necessary for the purpose of our legitimate interest to advertise our products on the Internet in a customized and efficient way (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).
Retargeting Opt-out:

You can object to this data processing by clicking on the following opt-out link(s) of the respective retargeting provider(s).

Google AdWords: https://adssettings.google.com
Facebook Ads: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

2.1.6 Use of cookies

On our website we use cookies. Cookies are small text files that are stored in the browsers of your end devices whenever you visit our websites. Through cookies, your actions and settings on our websites can be tracked, stored and recognized for the duration of the browser session or even after this. In addition to this, cookies and their respective cookie IDs allow your browser to be recognised. For example, after leaving the website, you can reconstruct the content of your shopping card or be shown the last seen products.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.

2.1.7 Customer care

Depending on the subject matter of your request, we will rely on your personal data that has been stored within the scope of other data processing activities in our systems (e.g. data that you have provided during a purchase, or your score value that we have received from the credit agency as part of the credit assessment process. If and to the extent that this is necessary to answer your query, we will also collect data from external sources (e.g. query with a shipping service provider as part of shipment tracking or an investigation request).

In context of requests concerning a (pre)contractual relationship with you, this data processing is necessary for the performance of a contract (provision of a customer service) with you (Legal basis: Art. 6 (1) sentence 1, lit. b GDPR). If you wish to exercise your rights with respect to us, the correspondent this data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 (1) sentence 1, lit. c GDPR). If you would like to receive information or complain about our products and services, the respective data processing is necessary for the purpose of our legitimate interest to respond to your information request / complaint (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).

2.2 Email marketing

2.2.1 Email newsletter dispatch to subscribers

If you have subscribed to our email newsletter via “double opt-in” procedure we will send you from time to time newsletters to inform you about our products, services and promotions.

This data processing is based on your consent (Legal basis: Art. 6 (1) sentence 1, lit. a GDPR).

Withdrawal of consent:

You can withdraw your consent and unsubscribe from our newsletter at any time by sending an email with your unsubscribe request to our customer (contact@allccessory.com) .

2.2.2 Direct marketing emails to existing customers

After the purchase of goods we may – regardless of whether you have subscribed to our newsletter (see Section 2.2.1) – send you marketing emails for similar products and services.

This data processing is based on our legitimate interest to advertise our products and services (Le-gal basis: Art. 6 (1) sentence 1, lit. f GDPR).

Objection to direct marketing emails:

You can object to this processing of personal data and unsubscribe from our direct marketing emails at any time by sending an email with your unsubscribe request (contact@allccessory.com) .

2.2.3 Personalization of direct marketing emails to existing customers

If you are a customer, we may personalize our direct marketing mails send to you based on your preference/interest profile derived from data of your previous purchase(s) from the last two years.
This data processing is necessary for the purpose of our legitimate interest to tailor our direct marketing emails to your preferences and interests and thus make our email marketing efforts more efficient (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).

Objection to our newsletter/direct marketing targeting

You can object to this processing of your purchase data for targeting of our newsletter/direct marketing emails to custom audiences at any time by sending an email with your unsubscribe request to contact@allccessory.com.

2.3 Product ratings and reviews

We offer you the chance to review any (purchased) products on our websites. Your feedback helps other customers to make the right purchasing decision and enables us to continuously improve our products. If you would like to submit a review for one of our products, we will process your email address, your nickname and also the content of your review (e.g. reviewed product, star rating, title and text of review, recommendation). Your email address will be processed in order to verify and establish your identity. It may also be used by our customer service in order to reply to your feedback by email. If, before submitting your review, you have given your consent, we will send you an email notification when your review is published. Since your (star) rating and the content of your review will be published alongside your nickname on our websites, please ensure that you do not give any personal information in this.

This data processing is necessary for the purpose of our legitimate interest, namely customer ser-vice and recommendation marketing (Art. 6 (1) sentence 1, lit. f GDPR). Email notifications about the publication of the review are based on your prior consent (Art. 6 (1) sentence 1, lit. a GDPR).

2.4 Registration and setting up a customer account

When you visit our websites, you can create a customer account. The registration for a customer account requires you to provide personal data. Mandatory fields are marked accordingly in the in-put form.

This data processing is necessary for the performance of a contract (provision of a customer ac-count) with you (Legal basis: Art. 6 (1) sentence 1, lit. b GDPR).

2.5 Data processing in the case of orders in the online shop

In addition, we process your personal data in connection with the purchase of goods in our online shop.

2.5.1 Purchase and payment of goods in the online shop

We process your personal data (i.a. contact details, shipping and payment information) if you purchase goods in the online shop. If you purchase goods for another person (third party), we process the personal data of the third party provided by you (name and any contact details) for the dispatch of the goods to the third party. Please ensure that the third party has been sufficiently informed by you about the processing of their data at Allccessory, and that you are authorised to provide such data.

This data processing is necessary for the performance of a contract with you (Legal basis: Art. 6 (1) sentence 1, lit. b GDPR).

2.5.2 Shopping cart abandonment emails

If you have started an ordering process using your customer account, but have not concluded it, we will send you a reminder email to the email address stored in the customer account, regarding the purchasing process initiated by you.

This data processing is necessary for the purpose of our legitimate interest to remind you of any purchasing processes that you have not yet completed (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).

Objection to shopping cart abandonment emails:

You can object to this processing of personal data and unsubscribe from our shopping cart abandonment emails at any time by sending an email with your unsubscribe request to contact@allccessory.com

2.5.3 Cancellation of purchase

In any case of cancellation of the purchase (e.g. withdrawal of contract) we will process your personal data for returning the goods and refunding the purchase price.

This data processing is necessary for the performance of a contract with you (Legal basis: Art. 6 (1) sentence 1, lit. b GDPR) and/or for compliance with a legal obligation (Legal basis: Art. 6 (1) sentence 1, lit. b GDPR lit. c GDPR).

2.5.4 Dunning process, collection and enforcement and/or defence of legal claims

In the case of outstanding amounts owed to us, we will advise you accordingly by email, SMS, letter or by phone, and under certain circumstances, will send you a dunning letter. If and to the extent that you still fail to make the payment, we will initiate a credit collection procedure.

The credit collection procedure will be carried out by a credit collection agency engaged by us. If necessary to carry out the credit collection procedure, the credit collection agency will carry out address enquiries, thereby availing itself of public registers in order to locate you as a debtor.

In the case of a legal dispute with you, we will process your personal data to enforce and/or defend our rights. If and to the extent necessary for the legal dispute, we will thereby rely also on data from other sources (e.g. public registers).

This data processing is necessary for the performance of a contract with you (Legal basis: Art. 6 (1) sentence 1, lit. b GDPR) as well as for the purpose of our legitimate interest in preventing the abuse of our services and in establishment and exercise of legal claims (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).

3. Retention and erasure of your personal data

We keep your personal data for as long and to the extent required for the purposes named in this Data Protection Information (Section 2).

As soon as the data for the purposes named in Section 2 is no longer required, we keep your per-sonal data for the length of time, during which you can assert claims against us or we can assert claims against you (the statutory period of limitations is generally three years, starting with the end of the year in which the claim arises, e.g. the end of the year of purchase).

In addition to this, we store your personal data for as long and to the extent we are obliged to do so by law. Corresponding obligations of proof and retention can be found, inter alia, in the German Commercial Code, the Tax Code and the Money Laundering Act. The retention periods may accordingly last up to ten years.

4. Transfer of personal data and the categories of recipients

Your personal data may be transferred / disclosed to the following categories of recipients:

IT Service providers who prepare the platforms, databases and tools for our products and services (e.g. our website, the sale of goods, the dispatch of newsletters and in-formative emails), issue analyses on user habits on our websites, carry out marketing campaigns, and process your personal data during the purchasing process on our be-half.
In connection with the use of Google Analytics and Google Adwords, including tags and cookies, your personal data may be transferred to the USA. In the case of the USA, the EU Commission has not decided that there is a suitable level of data protection within the meaning of the GDPR; such an adequacy decision (Art. 45 GDPR) has not been taken. Google LLC is, however, subject to the EU-U.S. Privacy Shield. This means that adequate protection of your personal data is guaranteed. You can retrieve the full text of the US Privacy Shield Framework at the following link:

https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg

In order to carry out the credit and fraud check, we transfer your personal data to specialised service providers, generally to informa Solutions GmbH. In certain circum-stances, data may be transferred to outside the EU / EEA. In order to guarantee adequate protection of your personal data, EU standard contractual clauses within the meaning of Art. 46 (5) sentence 2 GDPR are used. You can find information on EU standard contract clauses at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF.
If you purchase products on our websites, we offer you various payment methods. In order to process a payment and, if necessary, a refund of the purchase price, we transfer your personal data, depending on the chosen payment method, to banks, payment service providers, financial service providers and credit card companies. The respective data transfers to such recipients are based on the performance of a con-tract with you (Legal basis: Art. 6 (1) sentence 1, lit. b GDPR). In certain circumstances, data may be transferred to the USA. In the case of the USA, the EU Commission has not decided that there is a suitable level of data protection within the meaning of the GDPR; such an adequacy decision (Art. 45 GDPR) has not been taken. In order to guarantee adequate protection of your personal data, EU standard contractual clauses within the meaning of Art. 46 (5) sentence 2 GDPR are used. You can find information on EU standard contract clauses at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF.
Should you be unable to meet your payment obligations, we transfer your personal data to collection agencies that carry out the collection procedure on our behalf. This transfer of personal data is necessary for the performance of a contract with you (Legal basis: Art. 6 (1) sentence 1, lit. b GDPR) and for the purpose of our legitimate interest in an efficient accounts receivable management.
For the delivery of your purchased products on our website (including notifications about the delivery status of the orders) we transfer your personal data to the fulfilment and shipping service providers (e.g. DHL, UPS, Hermes etc.) engaged by us. The transfer of your personal data is based on the performances of a contract with you (Legal basis: Art. 6 (1) sentence 1, lit. b GDPR).
In the case of legal disputes, we transfer your data to the competent court and, if you have engaged a lawyer, to the latter, in order to conduct the legal dispute. This transfer of personal data is necessary for compliance with a legal obligation (Legal basis: Art. 6 (1) sentence 1, lit. c GDPR) and/or for the purpose of our legitimate interest in the establishment and exercise of legal claims (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).
In addition to this, we only transfer your personal data if we are legally obliged to forward such data (e.g. to the police authorities within the scope of criminal investigations or to the data protection supervisory authorities). This transfer of personal data is necessary for compliance with a legal obligation (Legal basis: Art. 6 (1) sentence 1, lit. c GDPR).

5. Right to object to data processing based on legitimate interests

We process your personal data within the meaning of Section 2, based on our legitimate interest, in particular to guarantee IT security on our websites, to adapt our website to your needs, to carry out analyses and marketing activities, to inform you about our products and services, to remind you of any purchasing processes that have not yet been completed, to increase the coverage of our products and marketing activities, to prevent fraud and abuse, to avoid payment defaults, to care for our customers, to safeguard, enforce and defend our legal interests (also before the courts, as necessary), and to carry out our internal management efficiently and collaboratively. For information about the balancing of interests carried out by Allccessory, please contact @allccessory.com.

Notwithstanding the specific possibilities to object to data processing described in Section 2 (e.g. provided opt-out or unsubscribe links), you have the right to object at any time to the processing of your personal data on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1, lit. f GDPR on grounds relating to your particular situation by sending an email to contact@allccessory.com. We will then no longer process your data for this/these purpose(s) unless our legitimate interests in processing overweight or the processing serves to establish, exercise or defend legal claims.

If you object to the processing of your data, we will process any collected personal data in this con-text in order to respond to your request. This data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 (1) sentence 1, lit. c GDPR).

6. Right to withdraw consent

If you have given us your consent for the processing of your personal data, you can withdraw this consent at any time. The withdrawal of your consent is effective for the future and shall not affect the lawfulness of processing based on consent before its withdrawal.
Unless specifically regulated in Section 2, please send your withdrawal of consent contact@allccessory.com.

If you withdraw your consent, we process your personal data collected in this connection to answer your inquiry. This data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 (1) sentence 1, lit. c GDPR).

7. Your other data protection rights

In accordance with the GDPR, you may demand at any time that we:

provide you with information on your personal data that we process (Art. 15 GDPR),
rectify (Art. 16 GDPR),
erase (Art. 17 GDPR),
restrict (Art. 18 GDPR) and/or
export (Art. 20 GDPR)
your personal data stored on our systems.

Please send your request, stating at least your first and last name, by email to contact@allccessory.com or to Allccessory Online Shop contact form.

If you exercise these rights against us, we will process your personal data in order to respond to your request. This data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 (1) sentence 1, lit. c GDPR).

Irrespective of your abovementioned rights, you can lodge a complaint with a data protection supervisory authority, if you are of the opinion that the processing of your personal data by Allccessory violates the GDPR (Art. 77 GDPR).

8. Changes to this Data Protection Information

The provisions of this Data Protection Information, including the referenced Cookie Information, shall apply in the version in force at the time the online shop is used.

We reserve the right to supplement and modify the content of this Data Protection Information. The updated Data Protection Information applies from the time, in which it was published on our websites. In case of substantive or material changes to the Data Protection Information, especially changes that affect the processing of your personal data already collected by us, we will inform you in advance (e.g. by email).