Last revised: June 2019
1. What personal data we collect and how we collect it?
The term “personal data” is defined by the Federal Data Protection Act (BDSG) and the European General Data Protection Regulation (GDPR). You can think of your personal data as any data that allow you to be identified or that can be correlated to you.
We receive and store any information you knowingly provide to us. Typically, our customers provide us with:
- Identity data, such as first and last name, information about preferred honorifics (Mr. or Mrs.), company name, similar identifier information.
- Contact data, such as billing address, delivery address, email address, telephone number, country of delivery and/or residence.
- Financial and transaction data, such as payment details, card and account numbers, payments processed, purchases made and other details relating to products our customers purchase from us.
When you visit or are redirected to the Website, some information may be collected and stored by us automatically. Typically, such data will include:
- Technical data, like browser type and version, language, time zone setting and location, internet protocol (IP) address, log files, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website.
- Usage data, including information about how you interact with the Website, online shop and our products, including your click stream.
We may also receive information about you from third parties. Typically, this includes tracking data, which we collect from cookies and similar tracking technologies, such as web beacons, pixels, and mobile identifiers.
2. How do we use your personal information (purpose of processing)?
We use the Identity, Contact, Financial and Transaction data that we collect generally to fulfill any orders placed through the Website or the online store. Additionally, we use your personal data to communicate with you and screen our orders for potential risk or fraud. Also, when in line with the preferences you have shared with us, we provide you with information or advertising relating to our products or services through our newsletter.
We use the Technical and Usage data collected to help us screen for potential risk or fraud and more generally to improve and optimize our Website and the online store.
3. What are our legal bases for processing of your data?
We will collect, process, and use your personal data and other data to support the delivery of Iron Hive products. We process your personal data based on the Article 6 of the GDPR relying on the following legal bases:
- to fulfill orders, deliver our products and perform our services, Art. 6(1)b
- legitimate interest relating to our products and services, Art. 6(1)f
- if you have given us your consent to process your data, Art. 6(1)a
- if it is necessary for us to comply with a legal obligations, Art. 6(1)c.
We may also process personal data if it is necessary to protect vital interests of our customers and/or other people, or for the performance of an obligation to carry out in the public interest pursuant to Art. 6(1) (d) and (e).
4. Sharing your personal information and data transfers.
We share your personal information with third parties to help us provide the best services and deliver the best products we possibly can. Your personal data will be transferred to third parties only if we have a legal obligation to do so, if the data transfer is necessary for performance of the contract, or if you have consented to the transfer of your data.
Third-party service providers and partner companies will receive your data only if and to the extent necessary for performance of the contract or with your consent. In such cases, the extent to which data are transferred will however be kept to the absolute minimum. To the extent that our service providers come into contact with your personal data, we will make sure that they too will comply with all applicable data protection laws. Please also read the data privacy policies of such third-party providers.
We use cloud services. This means we will transfer your data to a third party – the cloud services provider – and store data on the servers of that provider. In some cases, your data may also be stored on servers outside the European Union (EU) or European Economic Area (EEA). We either ensure through appropriate contracts that such service providers guarantee the same level of data privacy to which you are also entitled in the European Union or we use only providers that are EU-US Privacy Shield certified (https://www.privacyshield.gov/welcome). Both alternatives ensure an appropriate level data privacy.
5. Who do we share your data with?
To be able to offer you the best customer experience possible and to be able to continuously improve our products and services, we rely on third-party vendors and partners. We also use the assistance of third parties to improve our Website. Finally, we use certain tools for our marketing.
Below is the description of the third-party vendors and services we use and for what purposes:
Our Website is built with the help of WordPress platform and our online store is supported by an open source e-commerce plug-in WooCommerce. Both, WordPress and WooCommerce are services owned by Automattic (Automattic Inc., 60 29th Street #343, San Francisco, CA 94110).
Automatic collects information of visitors to our Website automatically and uses it to help us with keeping the Website functional, convenient and useful. You can find out more about data collected by these third party services by checking out Automattic’s privacy notice: https://automattic.com/privacy-notice/.
5.2. Google Analytics
You can prevent the collection and processing of information generated by the Google cookie by placing an opt-out cookie or deactivating Google Analytics in the menu of your terminal device. In the alternative, you can also install a browser plug-in, which you will find here: https://tools.google.com/dlpage/gaoptout/.
5.3. Contact Form 7
5.5. Payment processing
All online payments will be conducted in accordance with Payment Card Industry (PCI) data security standards and your billing information (which is only used by these payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them. Subject to the below exceptions, your credit card details are communicated directly from your browser to these payment processors. Iron Hive does not see your full Permanent Account Number (PAN). This means that the payment form is either off-site or displayed in a frame on the payment page.
We currently process payments using PayPal API operations. In this case, we only store the tokens required to identify the transaction with PayPal, issue refunds and identify transactions made using PayPal.
5.6. Social plug-ins
To help you share our products and keep you up to date with what is happening at the Iron Hive, we use social plug-ins on our Website. You will find following social plug-in buttons on our Website:
- Facebook (operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, U.S.A.)
- Twitter (operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, U.S.A.)
- Instagram (operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland)
- Youtube (operator: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, U.S.A.)
- Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA 94301, U.S.A.).
These plug-ins routinely collect data from you and transfer such data to servers of the provider. Once activated, such plug-ins may also record your IP address. In addition, activated social plug-ins will place a cookie with a clear ID when the relevant Website is accessed. This also allows providers to create profiles of your user behavior. Such a cookie is placed whether or not you are a member of the social network. If you are a member of a social network and are logged in when you visit our Website, data and information about your visit to our Website may be linked to your profile on the social network. Please note that we have no control over the exact extent to which your data will be collected by social network providers. For more information about the extent, type, and purpose of data processing and about rights and settings to protect your privacy, please refer to the data privacy policies of the relevant social network provider. These are available at the following addresses:
- Facebook: http://www.facebook.com/policy.php
- Twitter: http://twitter.com/privacy/
- Instagram (https://help.instagram.com/155833707900388
- Youtube (https://policies.google.com/privacy?hl=en
- Pinterest: http://de.about.pinterest.com/privacy/.
We collect information about visitors to our Website in order to improve our products and services through cookies and tracking pixels (a.k.a. web beacons).
Websites that include flash media write user-specific data to your computer and later read such data. Such files are called flash cookies or local shared objects (LSO). Such files are not managed by your browser, but rather by the flash player plug-in. Flash cookies are subject to the same rules as conventional cookies. Flash cookies, too, can only be read by the Website
Cookies help us to work better and provide lots of assistance in the background to make the process of being our customer a lot easier for you.
In the meantime, your browser offers extensive setting options to manage cookies. For example, you can deactivate cookies in your browser or limit cookies to certain Websites. You can also program your browser to first notify you before a cookie is placed. You can also choose these settings on your mobile terminal devices. You can at any time manage cookies by changing the settings of your devices, delete cookies, or block cookies altogether.
You can also visit our Website even if you block cookies on your terminal device. If you block cookies, the display of our Website may however be impaired and not all functions may be available to you.
Tracking pixels are small graphics in HTML e-mails or on Websites. When you access such a Website, your access to the tracking pixel will be recorded in a log file. This allows statistical analysis, which, in turn, can be used to improve our Services. You can set your e-mail program or your browser so that HTML e-mails will be displayed as text only, thereby preventing the use of some tracking pixels.
Here is the list of all cookies and tracking pixels we use on our Website, including the purpose of processing and duration of storage:
|Name||Duration of storage||Purpose of processing|
|pll_language||session||Helps users to keep language preferences|
|woocommerce_cart_hash||session||Helps WooCommerce to keep track of the changes of the data relating to cart contents|
|Woocommerce_items_in_cart||session||Helps WooCommerce to keep track of the changes of the data relating to cart contents|
|wp_woocommerce_session_||2 days||Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.|
|cookieconsent_status||1 year||Dismiss/hide the popup message that inform user about cookies used on site|
|_ga (google analytics)||2 years||Collection of data for google analytics|
|_gid (google analytics)||1 day||Collection of data for google analytics|
How long we store your data?
Your personal data will be stored for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we may have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for up to ten years after they stop being customers to comply with legal requirements.
8. Rights of the Data Subjects under GDPR
If you qualify as the “data subject” under the terms of the European General Data Protection Regulation (GDPR), you have the right to:
- request information on personal data processed by us about you as provided by Art. 15 GDPR.
- in accordance with Art. 16 GDPR, to immediately demand the correction of incorrect data or completion of incomplete personal data stored with us;
- pursuant to Art. 17 GDPR, to request deletion of your personal data stored by us, unless the processing of the data is required for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
- in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data as far as the accuracy of the data is disputed by you or the processing is unlawful;
- in accordance with Art. 20 GDPR, to receive your personal data provided to us in a structured, standard and machine-readable format or to request transmission to another controller;
- in accordance with Art. 7 (3) GDPR, to revoke at any time your consent previously granted to us. As a result, we will be no longer able to continue the data processing based on this consent for the future;
- in accordance with Art. 77 GDPR, users have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters for this purpose.
- also, if your personal data is processed based on a legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons based on your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which shall be implemented by us without you specifying any particular situation.
If you would like to exercise these rights, please contact us via email at firstname.lastname@example.org. Please include any information that would help us identify you in our database, such as your full name and email address.
We put great effort and will continue to attempt to establish internal procedures to ensure that your personal information is both accurate and protected from accidental loss, unauthorized access, use, alteration or disclosure.
We limit access to your personal data to those employees, team members, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We also have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Our Website is monitored for security.
Nevertheless, you understand and agree that “perfect” security does not exist anywhere, including on the Internet. Information you send through our Website, including e-mail messages, will not be encrypted unless stated otherwise.