Privacy Notice

The protection of your data is very important to us. With this privacy notice, we inform you about the nature, scope and purpose of the processing of your personal data (in short “data”) on our website sharokina.com and on our social media presences.

Definitions of terms

The following definitions are based on the definitions of Art. 4 of the General Data Protection Regulation (GDPR).
 
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
 
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
 
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
 
“Consent” means any freely given, specific, informed and unambiguous indication of the identifiable natural person’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1. Controller

Responsible for the data processing:
SHAROKINA
Sharokina Eshaghi Golpashin
Gneisenaustr. 7
40477 Düsseldorf, Germany
Email: service@sharokina.com
www.sharokina.com

2. Server log files and hosting

When visiting our website, our hosting provider automatically collects and stores usage data in log files – the so-called server log files – on servers in Germany. These are: IP address of the requesting device, name of file or page visited, date and time of the server request, data volume transferred, referrer URL (the previously visited website), operating system, browser type, browser version, browser language, browser interface, access status (successful submission, errors, etc.).
The processing of data is based on our legitimate interests due to Art. 6 para 1f GDPR to ensure the failure-free operation of our website. The server log files will be deleted within seven days after the end of your page visit.
 
The services for hosting and displaying our website are partly provided by our hosting provider as part of processing on our behalf. Unless otherwise explained in this privacy notice, all usage data and all data collected in forms provided for this purpose on this website are processed on the servers of our hosting provider in Germany.

3. Cookies

Cookies are small text files that are stored on your device (desktop, notebook, or mobile device) while visiting our website. The cookies contain specific settings and data. We use temporary and permanent cookies. The temporary cookies (also called session cookies or transient cookies) are stored only for the duration of your session, which means they will be deleted automatically as soon as you close your browser. The permanent cookies (also called persistent cookies) remain on your device even after closing your browser, and allow us to recognize your browser the next time you visit our website.
Some of the cookies are necessary (essential cookies) for the use of certain website functions (e.g. shopping cart function). The use of essential cookies is based on our legitimate interests in the failure-free operation of our website according to Art. 6 para 1f GDPR
Other cookies are used to optimize our website and your user experience as well as for web analytics and marketing purposes, and, where applicable, to comply with legal obligations (e.g. to be able to prove your given consent to the processing of your personal data).
 
If you have given your consent to the use of the respective cookies in accordance with Art. 6 para 1a GDPR, you can revoke your consent with effect for the future by contacting us through the contact details provided in section 1 of this privacy notice.
Alternatively, you can find an overview of all cookies we use under the following link and adjust your cookie settings individually:

Cookie Settings

.
You can also set up your web browser to store cookies only if you accept it, or you can choose to allow only specific websites to set cookies. You can also prevent all websites from storing cookies as well as enable the automatic deletion of all cookies when closing your browser. You can find instructions under the help option of your browser about how to control these settings. However, please note that the functionality of our website may be restricted if you prohibit certain cookies.
For more information on the individual services used and your options to withdraw and object, please refer to the privacy information for the respective service described below.

4. Use of Matomo for web analytics

We use the open-source web analytics platform Matomo provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, www.matomo.org, (“Matomo”). If you have given your consent to the data processing, Matomo processes data (anonymized IP address, time of visit, device and browser information, information about your use of our website) on the basis of your consent (Art. 6 para 1a GDPR) by using cookies (see section 3 of this privacy notice: Cookies), and thereof creates pseudonymised usage profiles, serving us for statistical analysis of user behavior and for optimization purposes. The pseudonymized usage profiles will not be merged with personal data about the bearer of the pseudonym without your express consent, which must be given separately. All data processing by Matomo takes place on the servers of our hosting provider in Germany.
 
Using the following button, you can consent to the collection and storage of data or revoke your consent at any time with effect for the future:

5. Facebook pixel

We use Facebook pixel provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland, (“Facebook”). The data processing takes place only after your explicit consent (Art. 6 para 1a GDPR) and serves the analysis and optimization of our online offer. By using cookies (see section 3 of this privacy notice: Cookies), the Faxebook pixel processes data (anonymized IP address, time of visit, device and browser information, information about your use of our website) on the basis of your consent (Art. 6 para 1a GDPR) by using cookies (see section 3 of this privacy notice: Cookies), and thereof creates pseudonymised usage profiles. The Facebook pixel enables the recognition of your browser when visiting other websites with the help of a pseudonymous CookieID. This information can be merged by Facebook with other data from your Facebook account and used to compile analyses of website activity and to provide other services related to website use (in particular personalized and group-based advertising). The data is usually transferred to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Our cooperation with Facebook is based on standard contractual clauses of the European Commission. If the transfer of data to the USA falls within our responsibility, the data processing is carried out on the basis of an agreement between jointly responsible parties (Art. 26 GDPR), which you can view here: www.facebook.com/legal/terms/page_controller_addendum. For more information, please see the information page for Page Insights data (www.facebook.com/legal/terms/information_about_page_insights_data) and the privacy notice of Facebook: www.facebook.com/about/privacy
 
Using the following button, you can consent to the collection and storage of data or revoke your consent at any time with effect for the future:

6. Contacting

If you contact us (e.g. via contact form, email), we use your provided data to process your request due to Art. 6 para 1b GDPR. Required fields are marked as such in the contact form, as in these cases we require the data to process your contact. If you have given your consent to data processing (e.g. by ticking a corresponding checkbox), Art. 6 para 1a GDPR additionally applies as the legal basis for data processing when contacting us.
We will delete the data after your request is fully processed unless you have expressly consented to further processing of your data following Art. 6 para 1a GDPR, or we reserve the right to further data processing that is permitted by law and about which we inform you in this privacy notice.

7. Contract processing and and shipment processing

When you place an order through our website, we process the personal data that you voluntarily provide to us during the ordering process for the purpose of processing the contract following Art. 6 para 1b GDPR. Required fields are marked as such, as in these cases we require the data for contract processing.
We are required by law to keep the confirmation of receipt of your order for a period of six years. We keep the invoice associated with the order for a period of ten years.
After complete processing of the contract, your data will be restricted for further processing and deleted after the expiry of the retention periods under tax and commercial law in accordance with Art. 6 para 1c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para 1a GDPR or we reserve the right to further data processing that is permitted by law and about which we inform you in this privacy notice.
 
For fulfilling the contract following Art. 6 para 1b GDPR, we will pass on your delivery address to the shipping service provider commissioned with the delivery insofar as this is necessary for delivering your order.

8. Payment processing and payment method “PayPal Services (PayPal / Credit Card / Direct debit / Pay upon Invoice)”

As part of the ordering process on our website, we offer various payment methods. For this purpose, we use payment service providers, banks, and credit institutions based on our legitimate interests following Art. 6 para 1f GDPR to be able to offer you efficient and secure payment options.
 
The payment method PayPal Services (PayPal / Credit Card / Direct debit / Pay upon Invoice) is provided by the payment service provider PayPal, PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, (“PayPal”). Thus, if you select this payment method in the ordering process, we will automatically redirect you to the PayPal website after completion of the order, and transmit the data required for the processing of the payment transaction to PayPal (e.g. your billing and shipping address, email address, order details such as description and quantity of the ordered products, total order value). This serves the fulfillment of the contract according to Art. 6 para 1b GDPR. In some cases, PayPal collects the necessary data itself, e.g. on its own website or via a technical integration in the ordering process. We do not receive any account or credit card-related information, but only information with confirmation or negative information of the payment. Under certain circumstances, PayPal transmits the data to credit agencies for identity and credit checks. For more information on data processing by PayPal, please refer to PayPal’s privacy notice: www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_EN.

9. Customer account

You have the choice between ordering as a guest (without a customer account) or creating a customer account. When creating a customer account, the data processing is based on your given consent following Art. 6 para 1a GDPR, and serves the purpose of opening a customer account and storing your data for future orders.

The deletion of your customer account is possible at any time and can be achieved by contacting us through the contact details provided in section 1 of this privacy notice. After deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the tax and commercial retention periods, unless you have expressly consented to further use of your data, or we reserve the right to use the data, which is permitted by law, and about which we inform you in this privacy notice.

10. Availability notification

If products are temporarily sold out on our website, we offer you the option to sign up for our availability notification on the respective product page. If you do so, we will send you an email once the approriate product is available again.
 
The only required field for this notification service is your email address. After submitting the registration form, you will receive an email with a button to confirm your registration for the availability notification (double opt-in process). Only after clicking on the confirmation button, you will be registered for the availability notification. This process ensures that the email address provided during the registration process is not misused by a third party. Unconfirmed submissions will be automatically deleted after seven days. After successful confirmation, you will receive a confirmation email of your registration. This email will also contain a “Cancel notification” link, which you can use to cancel the availability notification at any time. Your email address, the date, and the time of the registration are processed as part of the registration process and stored on the servers of our hosting provider in Germany. We will use this data exclusively to inform you about the availability of the appropriate product. If you have created a customer account, you can also manage your availability notifications via the “Notifications” menu item in your customer account.
 
After receiving the one-time availability notification from us, your registration for the availability notification will be automatically canceled for the appropriate product. This also means: If the product is sold out again after our notification, and you want to be notified about the availability again, you also have to register for the availability notification again.
 
The data processing is based on your given consent, Art. 6 para 1a GDPR. You can revoke your consent in the data processing at any time with effect for the future by cancelling the notification service. To do so, please use the “Cancel notification” link in the confirmation email we sent you after your successful registration for the availability notification. If you have created a customer account, you can also cancel your availability notifications via the menu item “Notifications” in your customer account. Alternatively, you can contact us through the contact details provided in section 1 of this privacy notice.

11. Email newsletter

If you subscribe to our newsletter, we will use your email address provided during the newsletter registration to send you our email newsletter a maximum of 1-2 times a month. The newsletter is sent as part of a processing on our behalf by the service provider MailerLite, Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland, (“MailerLite”).
Our newsletter informs you about the following topics: SHAROKINA products (bags, accessories, jewelry, leather care), insider knowledge about sustainable leather, special events and insights behind the scenes of SHAROKINA, event announcements, exclusive offers, special promotions and sweepstakes. With your subscription, you also accept the individual analysis by measuring, storing, and evaluating the opening and click rates in recipient profiles for purposes of technical and contextual optimization of future newsletters. This analysis is made possible by the use of so-called “web beacons”. These are single-pixel files that are retrieved from MailerLite’s servers when the newsletter is opened. As part of this retrieval, on the one hand, technical information (e.g. browser type/ email software), and on the other hand, also your IP address are collected, as well as information about whether and when the newsletter was opened and which links were clicked on. This information is assigned to the individual newsletter recipients and stored in their profiles until they are deleted.
 
After you have sent the subscription form, you will receive an email with a confirmation button to confirm the newsletter subscription (double opt-in process). Only after clicking on the confirmation button, you will be added to the newsletter recipients list. This process ensures that the email address provided during the subscription process is not misused by a third party. We are legally obligated to keep a log of the subscriptions in order to prove a proper subscription. Therefore, we store the subscription time, the confirmation time, your email address, and your IP address in the scope of the subscription process. The data is usually transferred to a server of MailerLite located in Germany and stored there. For more information, please see the privacy notice of MailerLite: www.mailerlite.com/legal/privacy-policy.
The dispatch of the newsletter, the analysis, and the related data processing are based on your given consent, Art. 6 para 1a GDPR, while the use of the newsletter service provider (in order to provide an efficient and secure newsletter dispatch system) as well as the logging of the subscription (for proof of legal obligations) are based our legitimate interests due to Art. 6 para 1f GDPR.
 
You can revoke your consent in the dispatch of the newsletter, the analysis, and the related data processing at any time with effect for the future by unsubscribing from the newsletter. There is an unsubscribe option at the end of every newsletter. Alternatively, you can contact us through the contact details provided in section 1 of this privacy notice.
After unsubscribing, we will delete your email address and your recipient profile, including the data stored therein, unless you have expressly consented to further use of your data, or we reserve the right to further data processing that is permitted by law and about which we inform you in this privacy notice.

12. Our social media profiles on Facebook, Instagram, and Pinterest

We have social media profiles on Facebook (www.facebook.com/SHAROKINAcom), Instagram (www.instagram.com/SHAROKINA) and Pinterest (www.pinterest.de/sharokina) to communicate with both existing clients and potential clients, and to provide information about products, offers, events, promotions, and contests.
If you have given your consent to the respective social media network following Art. 6 para 1a GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our social media sites on the above-mentioned social networks, and pseudonymized usage profiles will be created. These can be used e.g. to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose (see section 3 of this privacy notice: Cookies). For detailed information on the processing of your data by the respective social media network, as well as for contact options, your rights, and setting options to protect your privacy, please refer to the privacy policies of the social media networks linked below. If you still require assistance, you can contact us using the contact info given under section 1 of this privacy notice.
 
Facebook
Facebook is a service of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, (“Facebook”). The information automatically collected by Facebook about your use of our social media presence on Facebook is usually sent to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Our cooperation with Facebook is based on standard contractual clauses of the European Commission. The data processing is based on an agreement between jointly responsible parties (Art. 26 GDPR), which you can view here: www.facebook.com/legal/terms/page_controller_addendum. For more information, please see the information page for Page Insights data (www.facebook.com/legal/terms/information_about_page_insights_data) and the privacy notice of Facebook: www.facebook.com/about/privacy.
 
Instagram
Instagram is a service of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, (“Facebook”). The information automatically collected by Facebook about your use of our social media presence on Instagram is usually sent to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Our cooperation with Instagram is based on standard contractual clauses of the European Commission. The data processing is based on an agreement between jointly responsible parties (Art. 26 GDPR), which you can view here: www.facebook.com/legal/terms/page_controller_addendum. For more information, please see the information page for Page Insights data (www.facebook.com/legal/terms/information_about_page_insights_data) and the privacy notice of Facebook: www.facebook.com/about/privacy.
 
Pinterest
Pinterest is a service of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Irland, (“Pinterest”). The information automatically collected by Pinterest about your use of our social media presence on Pinterest is usually sent to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there. Our cooperation with Pinterest is based on standard contractual clauses of the European Commission. The data processing is based on an agreement between jointly responsible parties (Art. 26 GDPR). For more information, please see the privacy notice of Pinterest: policy.pinterest.com/de/privacy-policy.

13. Your rights

The processing of your personal data gives you the following rights:
 

  • Right of access (Art. 15 GDPR)
    You have the right to obtain information about your personal data which we process, within the scope described therein.
  • Right to rectification (Art. 16 GDPR)
    You have the right to immediately demand rectification of incorrect or completion of your personal data stored by us.
  • Right to erasure (“Right to be forgotten”, Art. 17 GDPR)
    You have the right to request erasure of your personal data stored with us, unless further processing is required (for compliance with a legal obligation, for reasons of public interest or for establishing, exercising or defending legal claims) to exercise the right of freedom of expression and information.
  • Right to restriction of processing (Art. 18 GDPR)
    You have the right to request restriction of processing of your personal data, insofar as the accuracy of the data is contested by you or where one of the following applies: the processing is unlawful, but you refuse their erasure; we no longer need the data, but you need it to establish, exercise or defend legal claims; or you have lodged an objection to the processing in accordance with Art. 21 GDPR.
  • Right to data portability (Art. 20 GDPR)
    You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller.
  • Right to withdraw (Art. 7 para 3 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
    You have the right to complain to a supervisory authority. You can contact the supervisory authority at your habitual place of residence, place of work, or place of the alleged infringement.
  • Right to object (Art. 21 GDPR)
    You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 para 1e or f GDPR, including profiling based on those provisions. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
    Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
    Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

 
If you have any questions about the collection, processing or use of your personal data, if you request information, correction, erasure, or restriction of the processing of data, or to exercise your right to object or withdraw, please contact us using the contact info given under section 1 of this privacy notice.