Table of content
- Who we are and how you can contact us
- Changes to this policy and acceptance
- How this Policy Applies
- Why do we collect data in the first place?
- What we collect and receive
- How this information is shared
- Data Retention
- Data Transfer
- Your rights
- Data protection officer
WHO WE ARE AND HOW YOU CAN CONTACT US
If you have any questions about our data policy, contact us: firstname.lastname@example.org
Our full address is:
Awesome Maps GmbH
Awesome Maps is creating and selling awesome world maps. As an e-commerce company that sells directly to consumers (b2c) via the website we are processing your data to understand user behaviour better and offer you a better experience (with tools like Google Analytics – see Section 5 for a complete breakdown of tools). We also need your data to fulfil your orders and for this we have to submit your data to our fulfilment partners and shipping companies like DHL (see again below for a complete breakdown). If you give your consent, we will also email you from time to time when we have something newsworthy to share like awesome content on our blog we think you might like, new products or tips what you can do with your awesome maps.
Changes to this Policy and Acceptance
We may update this Policy from time to time. If we do, we will inform you about any major changes, either by notifying you on the site or by sending you an email. Any chances we may do will never apply retroactively and we will let you know the exact date these will go into effect. If you purchase from our website, that means you accept this policy.
How this Policy Applies
This Policy describes the information we collect from you, how we use that information and what our legal basis is for this. We will also explain if/when/how we share this information and your rights and choices regarding any information about you that you give to us.
Please also refer to our Terms & Conditions.
An exception of this rule is if a consent isn’t possible for technical reasons and the processing of your data is allowed or legally required.
WHY DO WE COLLECT DATA IN THE FIRST PLACE?
We are collecting data in accordance with GDPR Article 6, in particular:
- Performing the contract we have with you: We need your personal data to comply with our contractual obligation to deliver our products to you. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. Signing up for our newsletter is an example of this.
- Legal compliance: Sometimes we have to collect and use your data required by law. Tax laws for example require us to retain records of purchases and payments.
- Legitimate interests: This is a technical term in data protection law which basically means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights. We sometimes require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and that does not materially impact your rights, freedom or interests. For example, we use identity, device, and location information to prevent fraud and abuse and to keep the Services secure. We also analyze how users interact with our Site so we can understand better what elements of the design are working well and which are not working so well. This allows us to improve and develop the quality of the online experience we offer all our users.
WHAT WE COLLECT AND RECEIVE
In order for you to interact with us (like contacting us, purchasing from us, signing up for our newsletter, commenting on blogposts) we need to collect and process certain information.
Depending on your interaction with us, the data we collect may include:
- Information about your device
- Information about your web browser
- IP address
- Time zone
- Some of the cookies that are installed on your device
- Information about the individual web pages or products that you view
- What websites or search terms referred you to the site
- Information about how you interact with the site
With this we create logfiles. The data from these can be attributed to a user. For example if a link that leads you to our website could include data that could be used to identify you. These data then will also be saved in our system in the logfiles. We do not safe this data and link it to other data we gather from you (for example if you order a map).
The lawful basis for data processing is Art. 1 – 1 GDPR.
A cookie is a small file of letters and numbers that we store via your browser.
We use the following categories of cookies:
- Strictly necessary cookies. These are cookies which are needed to make the website work properly. They include, for example, cookies that enable you to log in, use a shopping cart or make secure payments.
- Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). These also allow us to tell if you’ve left any products in your basket without checking out.
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website relevant to your interests and for advertising and retargeting purposes. We may also share this information with third parties for this purpose.
Third parties we work with also store cookies via your browser. For example Shopify. Here is a list of the cookies they use:
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
These are the tools/services we work with and their respective privacy policies
Google Tools (https://policies.google.com/privacy):
- Google Analytics: to understand from where users are visiting us and how they navigate our site.
- Google Optimize: to test different versions of our website (like two different button colours) to see which version works better and to improve the experience for our users.
- Captcha (reCAPTCHA): we use captchas to make sure you are not a robot
- YouTube embedded videos: we want to show you videos of our products and other things and therefore use embedded YouTube videos.
User behaviour tools:
- Hotjar (https://www.hotjar.com/legal/policies/privacy): to create heatmaps and analyse user sessions to see which elements on our website matter most to users
Social Sharing: to enable you to easily share our website with your friends and followers
- Facebook (https://www.facebook.com/about/privacy/update)
- Twitter (https://twitter.com/en/privacy)
- Pinterest (https://policy.pinterest.com/en/privacy-policy)
When you contact us:
- Via the contact form: We collect your email address so we can get back to you, we use Zendesk (https://www.zendesk.com/company/customers-partners/eu-data-protection/)
- Via Facebook messenger (https://www.facebook.com/about/privacy/update)
- We use Active Campaign to send you marketing emails after your explicit consent. To give you the best content possible we cluster our users based on the products and dates bought and will share this along your email address with Active Campaign (https://www.activecampaign.com/gdpr-updates/)
- We work with Shopify (https://help.shopify.com/assets/pdfs/gdpr-whitepaper.pdf) and Amazon Web Services (https://aws.amazon.com/en/compliance/gdpr-center/) to host your data
- WHEN YOU SIGN UP FOR OUR NEWSLETTER
we will know your email address to send you updates when we release products we think you may find interesting. We may share bigger company news with you or when we release content on our website we think you could find interesting.
- WHEN YOU SEND US A MESSAGE VIA THE CONTACT FORM
The only thing we will have to ask for here is your email address so we can get back to you.
- WHEN YOU BUY A MAP
- Know your full name, address, e-mail address and maybe phone number if you choose to provide it – the more details you provide the more ways we have to contact you regarding your order in case there are problems. We will also send you emails relating to your transactions on our website (order confirmation, tracking number).
- We will share your information with our fulfilment company/companies so they can pack your order and label the packages properly
- We will share your data with our shipping partners depending on the shipping option you choose this may be DHL, DHL Express or the National Post who then in turn will share the data with subcompanies they work with. They may use the data you provide to send you updates regarding your order status or contact you in case of any problems.
- We will also share the data necessary (Name, Address, Goods purchased and amount) with tax authorities
Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service or Privacy Statement.
HOW THIS INFORMATION IS SHARED
Your information isn’t shared publicly!
Information that’s shared with trusted third-party services
In order to deliver your goods, improve our website and promote our services we have to share your information with third-party services. Examples are payment processors, our shipping partners like DHL, our fulfilment company, email tools like Active Campaign, Google Analytics and more (see breakdown of what we collect above under section: WHAT WE COLLECT AND RECEIVE). We may also share information that’s aggregated and anonymized in a way that it doesn’t directly identify you.
Information that’s shared to protect Awesome Maps and comply with the law
We do reserve the right to disclose personal information when we believe that doing so is reasonably necessary to comply with the law or law enforcement, to prevent fraud or abuse, or to protect Awesome Map’s legal rights, property, or the safety of Awesome Maps, its employees, customers, or others.
Generally, your data will be deleted when the purpose of saving it in the first place has been accomplished unless we have to keep your data on file for legal reasons.
We will save your email address for newsletter purposes until you opt-out of our newsletter. We will keep your personal information for tax authorities (your name, address, products ordered).
We also collect and maintain aggregated, anonymized or pseudonymized information which we may retain indefinitely to protect the safety and security of our Site, improve our Services or comply with legal obligations.
Some of our third party plugins (like Google or Facebook) are US based companies so a data transfer from the EU & Switzerland to the USA happens. All these third party providers are certified under the EU - U.S. and Swiss - U.S. Privacy Shield frameworks, which are a legal mechanism to enable the transfer of personal data from the EEA and Switzerland to the US, where certified organisations guarantee to provide a level of protection in line with EU data protection law.
We give everyone who interacts with us the same rights. These include the right to request:
- Deletion (erasure) of your personal data
- Correction (rectification) of your data
- Access to your data
- An export of your data in a common (portable) format
These requests will be addressed by us within one month, unless they are exceptionally complex or numerous (in accordance with General Data Protection Regulation, Article 12(3)).
You have the right to request that your personal data be erased in certain circumstances. If we receive a request from you to delete your personal data, we will
- Verify that you are you (or in GDPR terms that the requester is the same as the data subject (that is, the requester is not asking to erase someone else’s personal data)
- Confirm there is no legal reason to preserve this data
If both conditions are satisfied, we will forward the request to Shopify and also delete the data in our system. In addition to that, we will also work with any relevant third parties to make sure that they delete or anonymise the personal data.
Personal data cannot be erased from Shopify while it is:
- Associated with a pending order
- Associated with an order made fewer than 180 days before the request (the usual window in which a buyer can make a chargeback).
If the buyer’s personal data cannot be erased for this reason, we will re-submit the deletion request after the appropriate time has passed.
When processing a request for erasure, we (and Shopify) will anonymise the personal data of the buyer, but keep non-personal data such as revenue information and order details. Order details that are retained include the gateway used to process payment, time of sale, amount paid, currency, subtotal, shipping cost, taxes added, shipping method, item quantity, item name, SKU, and payment method.
If you ask for it, we will provide you with your personal data upon request. This data will be provided in a commonly used and machine-readable format.
EXCEPTIONS APPLY - we may retain certain information as required by law or as necessary for our legitimate business purposes.
You can opt out of the collection of data. This includes:
- Social Sharing tools
- Google Tools
- Other user behaviour tools
Please note that you can opt out via different methods:
Our Cookies Management Tool
Using our own opt-out via https://awesome-maps.com/pages/webtracking-opt-out. Please note that you will need to opt-out of each browser (Chrome, Firefox, Safari, etc.) and device (computer, phone, etc.).
Web Browser Controls
You can prevent the use of certain Tracking Tools, such as cookies using the controls in your web browser. These controls can be found here: Tools > Internet Options (or similar). Through your web browser, you may be able to:
- Delete existing Tracking Tools
- Disable future Tracking Tools
- Set your browser to provide you with a warning each time a cookie or certain other Tracking Tools are being set
Mobile Opt Out
Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of mobile app information for Behavioral Advertising. You may also opt-out of certain Tracking Tools on mobile devices by installing the DAA’s AppChoice app on your mobile device (for iTunes, visit https://itunes.apple.com/us/app/appchoices/id894822870?mt=8, for Android, visit https://play.google.com/store/apps/details?id=com.DAA.appchoices&hl=en). For more information, please visit http://support.apple.com/kb/HT4228, https://support.google.com/ads/answer/2662922?hl=en or http://www.applicationprivacy.org/expressing-your-behavioral-advertising-choices-on-a-mobile-device, as applicable.
Please be aware of this: some opt-outs are cookie based. This means that when opting-out you will have a cookie placed on your device that lets us know you have opted-out. If you delete your cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.
Emails: We will give you the ability to opt-out of marketing-related emails via a link at the bottom of each such email. You cannot opt-out of receiving certain non-marketing emails regarding the Service. For example if we sell the company, we will also send you an order confirmation and tracking if applicable.
Please note this: Opting-out of Behavioral Advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads from us.
We work with partners who encrypt the data. For example Shopify and all online stores powered by Shopify are Level 1 PCI-DSS compliant. We have agreements with our partners in place who also are GDPR compliant.
However no method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee its absolute security.
Data Protection Authority complaint
DATA PROTECTION OFFICER
We are a small company and we don’t need one. However you can of course contact us regarding any of this under email@example.com
People under 18 (or the legal age in your jurisdiction) are not permitted interact with us on their own. Awesome Maps does not knowingly collect any personal information from children under the age of 13 and children under 13 are not permitted to interact with us or buy from us.
If you believe that a child has provided us with personal information, please contact us at firstname.lastname@example.org. If we become aware that a child under age 13 has provided us with personally identifiable information, we’ll delete it.