Privacy Policy


Iron Hive is a furniture brand by IRON HIVE UG (the “Company”). The Company’s goal is the production, trade, import and export of furniture and home accessories. Brand’s designs and products are presented online through the Website, https://ironhive.de (hereinafter the “Website”). The Website also sells furniture in the online store. Both, the Website and the online store, are operated by IRON HIVE UG, Karl-Marx str. 17, 12043 Berlin, the “data controller” for the purposes of this Privacy Policy.

This Privacy Policy describes the types of personal data we collect and how we use such data, when you visit our Website, interact with us, and/or buy our furniture online. The Website is not intended for children and we do not knowingly collect data relating to children. This Privacy Policy does not apply to any third-party websites, services or applications, even if they may be accessible through the Website.

Last revised: June 2019

 

1. What personal data we collect and how we collect it?

The term “personal data” is defined by the Federal Data Protection Act (BDSG) and the European General Data Protection Regulation (GDPR). You can think of your personal data as any data that allow you to be identified or that can be correlated to you.

We receive and store any information you knowingly provide to us. Typically, our customers provide us with:

  • Identity data, such as first and last name, information about preferred honorifics (Mr. or Mrs.), company name, similar identifier information.
  • Contact data, such as billing address, delivery address, email address, telephone number, country of delivery and/or residence.
  • Financial and transaction data, such as payment details, card and account numbers, payments processed, purchases made and other details relating to products our customers purchase from us.

When you visit or are redirected to the Website, some information may be collected and stored by us automatically. Typically, such data will include:

  • Technical data, like browser type and version, language, time zone setting and location, internet protocol (IP) address, log files, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website.
  • Usage data, including information about how you interact with the Website, online shop and our products, including your click stream.

We may also receive information about you from third parties. Typically, this includes tracking data, which we collect from cookies and similar tracking technologies, such as web beacons, pixels, and mobile identifiers.

 

2. How do we use your personal information (purpose of processing)?

We use the Identity, Contact, Financial and Transaction data that we collect generally to fulfill any orders placed through the Website or the online store. Additionally, we use your personal data to communicate with you and screen our orders for potential risk or fraud. Also, when in line with the preferences you have shared with us, we provide you with information or advertising relating to our products or services through our newsletter.

We use the Technical and Usage data collected to help us screen for potential risk or fraud and more generally to improve and optimize our Website and the online store.

 

3. What are our legal bases for processing of your data?

We will collect, process, and use your personal data and other data to support the delivery of Iron Hive products. We process your personal data based on the Article 6 of the GDPR relying on the following legal bases:

  1. to fulfill orders, deliver our products and perform our services, Art. 6(1)b
  2. legitimate interest relating to our products and services, Art. 6(1)f
  3. if you have given us your consent to process your data, Art. 6(1)a
  4. if it is necessary for us to comply with a legal obligations, Art. 6(1)c.

We may also process personal data if it is necessary to protect vital interests of our customers and/or other people, or for the performance of an obligation to carry out in the public interest pursuant to Art. 6(1) (d) and (e).

 

4. Sharing your personal information and data transfers.

We share your personal information with third parties to help us provide the best services and deliver the best products we possibly can. Your personal data will be transferred to third parties only if we have a legal obligation to do so, if the data transfer is necessary for performance of the contract, or if you have consented to the transfer of your data.

Third-party service providers and partner companies will receive your data only if and to the extent necessary for performance of the contract or with your consent. In such cases, the extent to which data are transferred will however be kept to the absolute minimum. To the extent that our service providers come into contact with your personal data, we will make sure that they too will comply with all applicable data protection laws. Please also read the data privacy policies of such third-party providers.

We use cloud services. This means we will transfer your data to a third party – the cloud services provider – and store data on the servers of that provider. In some cases, your data may also be stored on servers outside the European Union (EU) or European Economic Area (EEA). We either ensure through appropriate contracts that such service providers guarantee the same level of data privacy to which you are also entitled in the European Union or we use only providers that are EU-US Privacy Shield certified (https://www.privacyshield.gov/welcome). Both alternatives ensure an appropriate level data privacy.

 

5. Who do we share your data with?

To be able to offer you the best customer experience possible and to be able to continuously improve our products and services, we rely on third-party vendors and partners. We also use the assistance of third parties to improve our Website. Finally, we use certain tools for our marketing.

Below is the description of the third-party vendors and services we use and for what purposes:

 

5.1. WordPress

Our Website is built with the help of WordPress platform and our online store is supported by an open source e-commerce plug-in WooCommerce. Both, WordPress and WooCommerce are services owned by Automattic (Automattic Inc., 60 29th Street #343, San Francisco, CA 94110).

Automatic collects information of visitors to our Website automatically and uses it to help us with keeping the Website functional, convenient and useful. You can find out more about data collected by these third party services by checking out Automattic’s privacy notice: https://automattic.com/privacy-notice/.

 

5.2. Google Analytics

Our Website uses Google Analytics, a web analysis program of Google (Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043, U.S.A. – hereinafter “Google”). Google Analytics uses cookies that are stored on your terminal device and allows an analysis of your use. On our behalf Google uses such information to analyze your use of our Website and provides us with insight reports. The IP address transmitted from your terminal device to Google Analytics will not be merged with any other data of Google. Google will transfer your data to third parties only if permitted by applicable law or in accordance with outsourced data processing agreements.

You can prevent the collection and processing of information generated by the Google cookie by placing an opt-out cookie or deactivating Google Analytics in the menu of your terminal device. In the alternative, you can also install a browser plug-in, which you will find here: https://tools.google.com/dlpage/gaoptout/.

 

5.3. Contact Form 7

We use a WordPress plug-in Contact Form 7 created by Rock Lobster, LLC. to build our contact form. The plug-in collects non-personally identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. The purpose in collecting non-personally identifying information is to better understand how visitors use the contact form. To learn more about the plug-in and its privacy policy, please visit: https://wordpress.org/plugins/contact-form-7/.

 

5.4. Mailchimp

In cases, where you explicitly consent to receiving our updates and special offers in a newsletter, we will use Mailchimp operated by The Rocket Science Group LLC (675 Ponce de Leon Ave NE Suite 5000. Atlanta, GA 30308 USA). We rely on Mailchimp to automate the process in relation to collecting subscriptions to, operation and distribution of the newsletter. To learn more about the data processing through Mailchimp, read their Privacy Policy here: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts

 

5.5. Payment processing

Iron Hive uses third party payment processors to process payments made for products via the Website. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy.

All online payments will be conducted in accordance with Payment Card Industry (PCI) data security standards and your billing information (which is only used by these payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them. Subject to the below exceptions, your credit card details are communicated directly from your browser to these payment processors. Iron Hive does not see your full Permanent Account Number (PAN). This means that the payment form is either off-site or displayed in a frame on the payment page.

We currently process payments using PayPal API operations. In this case, we only store the tokens required to identify the transaction with PayPal, issue refunds and identify transactions made using PayPal.

 

5.6. Social plug-ins

To help you share our products and keep you up to date with what is happening at the Iron Hive, we use social plug-ins on our Website. You will find following social plug-in buttons on our Website:

  • Facebook (operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, U.S.A.)
  • Twitter (operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, U.S.A.)
  • Instagram (operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland)
  • Youtube (operator: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, U.S.A.)
  • Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA 94301, U.S.A.).

These plug-ins routinely collect data from you and transfer such data to servers of the provider. Once activated, such plug-ins may also record your IP address. In addition, activated social plug-ins will place a cookie with a clear ID when the relevant Website is accessed. This also allows providers to create profiles of your user behavior. Such a cookie is placed whether or not you are a member of the social network. If you are a member of a social network and are logged in when you visit our Website, data and information about your visit to our Website may be linked to your profile on the social network. Please note that we have no control over the exact extent to which your data will be collected by social network providers. For more information about the extent, type, and purpose of data processing and about rights and settings to protect your privacy, please refer to the data privacy policies of the relevant social network provider. These are available at the following addresses:

 

6. Cookies

We collect information about visitors to our Website in order to improve our products and services through cookies and tracking pixels (a.k.a. web beacons).

A cookie allows a web server to place a text file (e.g., a clear ID) on your computer or smart phone/tablet. Cookies are used, for example, to automatically recognize you the next time you visit our Website. The cookie is sent either by the web server to your browser or is generated by client-side scripting (e.g., JavaScript). Cookie data will be stored locally on your terminal device and in most cases will be effective only for a limited time period.

Websites that include flash media write user-specific data to your computer and later read such data. Such files are called flash cookies or local shared objects (LSO). Such files are not managed by your browser, but rather by the flash player plug-in. Flash cookies are subject to the same rules as conventional cookies. Flash cookies, too, can only be read by the Website

Cookies help us to work better and provide lots of assistance in the background to make the process of being our customer a lot easier for you.

In the meantime, your browser offers extensive setting options to manage cookies. For example, you can deactivate cookies in your browser or limit cookies to certain Websites. You can also program your browser to first notify you before a cookie is placed. You can also choose these settings on your mobile terminal devices. You can at any time manage cookies by changing the settings of your devices, delete cookies, or block cookies altogether.

You can also visit our Website even if you block cookies on your terminal device. If you block cookies, the display of our Website may however be impaired and not all functions may be available to you.

Tracking pixels are small graphics in HTML e-mails or on Websites. When you access such a Website, your access to the tracking pixel will be recorded in a log file. This allows statistical analysis, which, in turn, can be used to improve our Services. You can set your e-mail program or your browser so that HTML e-mails will be displayed as text only, thereby preventing the use of some tracking pixels.

Here is the list of all cookies and tracking pixels we use on our Website, including the purpose of processing and duration of storage:

Name Duration of storage Purpose of processing
pll_language session Helps users to keep language preferences
woocommerce_cart_hash session Helps WooCommerce to keep track of the changes of the data relating to cart contents
Woocommerce_items_in_cart session Helps WooCommerce to keep track of the changes of the data relating to cart contents
wp_woocommerce_session_ 2 days Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.
cookieconsent_status 1 year Dismiss/hide the popup message that inform user about cookies used on site
_ga (google analytics) 2 years Collection of data for google analytics
_gid (google analytics) 1 day Collection of data for google analytics

 

How long we store your data?

Your personal data will be stored for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we may have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for up to ten years after they stop being customers to comply with legal requirements.

 

8. Rights of the Data Subjects under GDPR

If you qualify as the “data subject” under the terms of the European General Data Protection Regulation (GDPR), you have the right to:

  • request information on personal data processed by us about you as provided by Art. 15 GDPR.
  • in accordance with Art. 16 GDPR, to immediately demand the correction of incorrect data or completion of incomplete personal data stored with us;
  • pursuant to Art. 17 GDPR, to request deletion of your personal data stored by us, unless the processing of the data is required for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data as far as the accuracy of the data is disputed by you or the processing is unlawful;
  • in accordance with Art. 20 GDPR, to receive your personal data provided to us in a structured, standard and machine-readable format or to request transmission to another controller;
  • in accordance with Art. 7 (3) GDPR, to revoke at any time your consent previously granted to us. As a result, we will be no longer able to continue the data processing based on this consent for the future;
  • in accordance with Art. 77 GDPR, users have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters for this purpose.
  • also, if your personal data is processed based on a legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons based on your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which shall be implemented by us without you specifying any particular situation.

If you would like to exercise these rights, please contact us via email at info@ironhive.de. Please include any information that would help us identify you in our database, such as your full name and email address.

 

9. Security

We put great effort and will continue to attempt to establish internal procedures to ensure that your personal information is both accurate and protected from accidental loss, unauthorized access, use, alteration or disclosure.

We limit access to your personal data to those employees, team members, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We also have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Our Website is monitored for security.

Nevertheless, you understand and agree that “perfect” security does not exist anywhere, including on the Internet. Information you send through our Website, including e-mail messages, will not be encrypted unless stated otherwise.

 

10. Changes to this Privacy Policy

We may need to make changes to this Privacy Policy. GDPR is still a relatively new piece of legislation and governmental authorities issue updates and guidance for businesses on a regular basis. We may want to change our Privacy Policy to make sure that we comply with such recommendations or if we change the way we sell our products or provide our services. We will notify you of any changes and ask that you read and accept such changes before they are implemented by us.

 

11. Contact

If you wish to receive more information about this Privacy Policy, exercise your rights and/or learn more about the cookies we use on our Websites, please contact us via email at info@ironhive.de.

This privacy policy is effective starting from 24 June 2019