Privacy notice

The protection of your data is very important to us. With this privacy notice, we inform you about the nature, scope and purpose of the processing of your personal data (in short “data”) on our website sharokina.com and on our social media presences.

Definitions of terms

The following definitions are based on the definitions of Art. 4 of the General Data Protection Regulation (GDPR).
 
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
 
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
 
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
 
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

1. Controller

Responsible for the data processing:
SHAROKINA
Sharokina Golpashin
Gneisenaustraße 7
40477 Düsseldorf, Germany
Email: service@sharokina.com
www.sharokina.com

2. Server log files and hosting

When you visit our website, our hosting provider automatically saves usage data in the so-called server log files. These are: IP address of the requesting device, name of file or page visited, date and time of the server request, data volume transferred, referrer URL (the previously visited website), operating system, browser type, browser version, browser language, browser interface, access status (successful submission, errors, etc.).
In accordance with Art. 6(1)(1)(f) GDPR, this serves to safeguard our legitimate interests in the failure-free operation of our website, which predominate in the context of a balancing of interests. The server log files will be deleted within seven days after the end of your page visit.
 
The hosting and display services for our website are partly provided by our hosting provider as part of processing on our behalf. Unless otherwise stated in this privacy notice, all access data and all data collected via the forms on this website are processed on the servers of our hosting provider in Germany.

3. Cookies

In order to make visiting our website appealing and to enable the use of certain functions, we only use essential cookies. Cookies are small text files that are stored on your device (desktop, notebook, or mobile device) while visiting our website. The cookies contain specific settings and data.  We use temporary and permanent cookies. The temporary cookies (also called session cookies or transient cookies) are stored only for the duration of your session, which means they will be deleted automatically as soon as you close your browser.  The permanent cookies (also called persistent cookies) remain on your device even after closing your browser, and allow us to recognize your browser the next time you visit our website.
 
Some of the cookies we use are essential for the use of certain website functions (e.g., to provide the expressly requested telemedia service or the shopping cart function) (essential cookies). The use of essential cookies serves to safeguard our legitimate interests in the unrestricted operation of our website, which predominate in the context of a balancing of interests, in accordance with Art. 6(1)(f) GDPR. The storage of information on your end device or access to information already stored on your end device does not require consent in this case.
 
We also use the privacy-friendly web analytics software Matomo to statistically evaluate the use of our website. This has been configured so that no cookies are set and no information is stored on your device. Please find further information on this in the next section (“Statistical analysis with Matomo”).
 
You can set your browser so that cookies are only accepted with your consent, or you can exclude the acceptance of cookies in certain cases or in general, and activate the automatic deletion of all cookies when you close your browser. You can find instructions under the help option of your browser about how to control these settings. However, please note that the functionality of our website may be restricted if you prohibit certain cookies.

4. Statistical analysis with Matomo

We use the software Matomo, a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, www.matomo.org (“Matomo”). This is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our overriding legitimate interest in optimizing our services through the statistical analysis of page visits. Matomo is configured so that no personal usage profiles are created. In particular, we refrain from the use of cookies and ensure that IP addresses are immediately anonymized. The analysis is carried out exclusively on the basis of the server log files of our hosting provider. With these settings, it is not possible to draw any conclusions about individual persons. We only receive aggregated, anonymized information, such as which browsers and device types were used to visit our website, how many visits were made, and which subpages were accessed. All data processing takes place on the servers of our hosting provider in Germany.

5. Contacting

If you contact us (e.g. via contact form, email), we process your voluntarily provided data in accordance with Art. 6(1)(b) GDPR to process the contact request. Required fields are marked as such in the contact form, as in these cases we require the data to process your contact. If you have given your consent to data processing (e.g. by ticking a corresponding checkbox), Art. 6(1)(a) GDPR additionally applies as the legal basis for data processing when contacting us.
The data will be deleted after your request has been fully processed, unless you have consented to further use in accordance with Art. 6(1)(a) GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy notice.

6. Contract processing and shipment processing

When you place an order with us, we process the personal data that you voluntarily provide to us as part of the ordering process for the purpose of contract processing (including inquiries about and processing of warranty and service disruption claims as well as statutory updating obligations) in accordance with Art. 6(1)(b) GDPR. Required fields are marked as such, as in these cases we require the data for contract processing. You can find detailed information on the processing of your data, in particular on the transfer to our service providers for order, payment and shipping processing, in the relevant sections of this privacy notice.
We are required by law to keep the confirmation of receipt of your order for a period of six years. We keep the invoice associated with the order for a period of ten years.
After the contract has been processed, your data will be restricted for further processing and deleted in accordance with the retention periods under tax and commercial law pursuant to Art. 6(1)(c) GDPR, unless you have consented to further use in accordance with Art. 6(1)(a) GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy notice.
 
For the purpose of contract fulfillment in accordance with Art. 6(1)(b) GDPR, we pass on your delivery address to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of your order.

7. Payment processing

As part of the ordering process on our website, we offer various payment methods. In addition to banks and credit institutions, we also use payment service providers for this purpose.
Depending on the selected payment method, we transmit the data required for payment processing to our technical service providers, who work for us as part of order processing, or to the commissioned credit institutions or the selected payment service provider, insofar as this is necessary for payment processing, for the purpose of fulfilling the contract in accordance with Art. 6(1)(b) GDPR. In some cases, the payment service providers collect the required data themselves, e.g. on their own website or through a technical integration in the ordering process. In such cases, the privacy policy of the respective payment service provider applies.
 
Among others, the external payment service provider Mollie, Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands (“Mollie”) – privacy policy: www.mollie.com/privacy, is used for payment processing on the website. In accordance with Art. 6(1)(f) GDPR, this serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in being able to offer you an attractive selection of efficient and secure payment options. When making the payment, the data you enter will be transmitted both to Mollie and to your chosen payment service provider. The following payment methods are offered via Mollie:

• Klarna Pay later/ Klarna Slice it – privacy policy: www.klarna.com/international/privacy-policy
  If you use the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as Klarna), we transmit your data to Klarna for the purpose of payment and contract processing in accordance with Art. 6(1)(b) GDPR. This data transfer enables Klarna to create an invoice for the payment method you have selected and to carry out an identity and credit check. Please understand that we can only offer you the respective Klarna payment method if it is approved on the basis of the credit check. Detailed information on this and on the credit agencies used can be found in Klarna’s privacy policy above.
• Credit card
  If you use credit card payment, we transmit your data to your credit card company and to the banks and financial institutions involved in the transaction for the purpose of payment and contract processing in accordance with Art. 6(1)(b) GDPR.
  Detailed information on this can be found in the privacy policy of your credit card company, e.g. Visa: www.visa.co.uk/legal/global-privacy-notice.html or Mastercard: www.mastercard.com/global/en/vision/corp-responsibility/commitment-to-privacy/privacy.html.

 
If necessary, we transmit additional data to our service providers, which they use in combination with the information required for payment processing as our processors for fraud prevention and to optimize our payment processes (e.g. billing, processing of disputed payments, accounting support). This is done in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in fraud protection and efficient payment management, which are overriding in the context of a balancing of interests.

8. Customer account

You have the choice between ordering as a guest (without a customer account) or creating a customer account. When opening a customer account, the data processing is based on your consent in accordance with Art. 6(1)(a) GDPR and serves the purpose of opening a customer account and storing your data for future orders. The deletion of your customer account is possible at any time and can be achieved by contacting us through the contact details provided in section 1 of this privacy notice. After deletion of your customer account, your data will be restricted for further processing and deleted in accordance with the retention periods under tax and commercial law pursuant to Art. 6(1)(c) GDPR, unless you have consented to further use in accordance with Art. 6(1)(a) GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy notice.

9. Availability notification

If products are temporarily sold out on our website, we offer you the option to sign up for our availability notification on the respective product page. If you do so, we will send you an email once the approriate product is available again.
 
The only required field for this notification service is your email address. After submitting the registration form, you will receive an email with a button to confirm your registration for the availability notification (double opt-in process). Only after clicking on the confirmation button, you will be registered for the availability notification. This process ensures that the email address provided during the registration process is not misused by a third party. Unconfirmed submissions will be automatically deleted after seven days. After successful confirmation, you will receive a confirmation email of your registration. This email will also contain a “Cancel notification” link, which you can use to cancel the availability notification at any time. Your email address, the date, and the time of the registration are processed as part of the registration process and stored on the servers of our hosting provider in Germany. We will use this data exclusively to inform you about the availability of the appropriate product. If you have created a customer account, you can also manage your availability notifications via the “Notifications” menu item in your customer account.
 
After receiving the one-time availability notification from us, your registration for the availability notification will be automatically canceled for the appropriate product. This also means: If the product is sold out again after our notification, and you want to be notified about the availability again, you also have to register for the availability notification again.
 
The data processing is based on your consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent in the data processing at any time with effect for the future by cancelling the notification service. To do so, please use the “Cancel notification” link in the confirmation email we sent you after your successful registration for the availability notification. If you have created a customer account, you can also cancel your availability notifications via the menu item “Notifications” in your customer account. Alternatively, you can contact us through the contact details provided in section 1 of this privacy notice.
After unsubscribing, we will delete your email address from the recipient list for the availability notification, unless you have consented to further use in accordance with Art. 6(1)(a) GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy notice.

10. Review invitations

As part of the ordering process, you have the option of agreeing to receive a one-off review invitation for the current order by ticking the corresponding checkbox. After you have placed your order, you will receive an email with a confirmation link (double opt-in process). You will only be registered for the review invitation after clicking on this confirmation link. This process ensures that the email address provided during the registration process is not misused by a third party. If you do not confirm the review invitation, your data will not be processed for this purpose. After successful registration, you will receive a confirmation email that also contains an “Unsubscribe” link, which you can use to unsubscribe from the review invitation at any time. To send the review invitation, we only use the data collected during the ordering process, which is stored on the servers of our hosting provider in Germany.
 
The data processing as part of the registration for the review invitation is based on your consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent to data processing at any time with effect for the future by unsubscribing from the review invitation. Please use the “Unsubscribe” link in the confirmation email or contact us directly using the contact details provided in section 1 of this privacy notice. If you unsubscribe from the review invitation, this will be noted immediately in our system and the time of unsubscription recorded.
 
Review form
If you have consented to the review invitation, we will send you an review invitation by email. The review invitation contains one or more links (one link per product ordered) to a review form. The review form can only be submitted if you agree to the publication on our website by ticking the corresponding checkbox. The publication is permanent until you revoke your consent. The exact conditions and information on publication will be provided in the review form.
 
This data processing is based on your consent in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by informing us using the contact details provided in section 1 of this privacy notice. In the event of a revocation, we will remove your rating from our website within seven days and delete the associated data, unless you have consented to further use in accordance with Art. 6(1)(a) GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy notice.

11. Email newsletter

When you register for our newsletter, we use the email address you provide when registering for the newsletter to send you our email newsletter on the basis of your consent in accordance with Art. 6(1)(a) GDPR. The newsletter (including the newsletter tracking described below) is sent as part of processing on our behalf by the service provider MailerLite Limited, 38 Mount Street Upper, Dublin 2, D02 PR89 Ireland (“MailerLite”). The servers of MailerLite are located in Germany.
Our newsletter informs you a maximum of 1-2 times per month about the following topics: SHAROKINA products (bags, accessories, jewelry, leather care), insider knowledge about sustainable leather, special events and insights behind the scenes at SHAROKINA, event announcements, exclusive offers, special promotions and sweepstakes.
 
After you have sent the subscription form, you will receive an email with a confirmation button to confirm the newsletter subscription (double opt-in process). Only after clicking on the confirmation button, you will be added to the newsletter recipients list. This process ensures that the email address provided during the registration process is not misused by a third party. We are legally obligated to keep a log of the subscriptions in order to prove a proper subscription. In this respect, your email address, the time of registration and confirmation as well as your IP address are transmitted to MailerLite’s servers in Germany and stored there. For more information, please see the privacy policy of MailerLite: www.mailerlite.com/legal/privacy-policy.
 
We would like to point out that we analyze your user behavior when sending the newsletter by measuring, storing and evaluating the opening and click rates for the purpose of technical and content optimization of future newsletters (“newsletter tracking”). This analysis is made possible by the use of so-called “web beacons” or “tracking pixels”. These are one-pixel files that are integrated into the newsletter email and, in particular, transmit the following newsletter data when the newsletter is opened, assign it to the recipient profiles and store it in their profiles until it is deleted: Your email address, the date and time of newsletter registration and confirmation as well as newsletter opening, the IP address of the device used for newsletter registration and confirmation, information on the web browser used, the referrer URL (page from which you registered for the newsletter) and which links in the newsletter you clicked on. If you do not wish to receive newsletter tracking, you can unsubscribe from the newsletter at any time.
 
You can revoke your consent in the dispatch of the newsletter, the analysis, and the related data processing at any time with effect for the future by unsubscribing from the newsletter. There is an unsubscribe option at the end of every newsletter. Alternatively, you can contact us through the contact details provided in section 1 of this privacy notice.
After unsubscribing, we will delete your email address from the recipient list and your recipient profile, including the data stored therein, unless you have consented to further use in accordance with Art. 6(1)(a) GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy notice.

12. Our social media profiles on Facebook, Instagram, Pinterest and LinkedIn

To communicate with our customers and interested parties and provide information on products, offers, events, special promotions and competitions, we have social media presences on the social networks Facebook (www.facebook.com/SHAROKINAcom), Instagram (www.instagram.com/SHAROKINA), Pinterest (www.pinterest.de/sharokina) and LinkedIn (www.linkedin.com/company/sharokina).
If you have given your consent to the respective social media operator in accordance with Art. 6(1)(a) GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our social media presences on the aforementioned networks. Usage profiles are created using pseudonyms. These profiles can be used e.g. to place advertisements inside and outside the platforms that are likely to match your interests. Cookies are generally used for this purpose (see section 3 of this privacy notice: Cookies). Detailed information on data processing by the respective social media operator as well as contact options, your rights and setting options to protect your privacy can be found in the providers’ privacy policy linked below.
 
Facebook
Facebook is a service provided by Meta Platforms Ireland Ltd, Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta”). The information automatically collected by Meta about your use of our social media presence on Facebook is usually transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. Data processing in the context of a visit to a social media presence on Facebook is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Weitere Informationen finden Sie auf der Informationsseite für Page Insights-Daten (www.facebook.com/legal/terms/information_about_page_insights_data) und in der Datenschutzrichtlinie von Facebook: www.facebook.com/about/privacy. Meta sitzt und/ oder verwendet sowohl Server in Ländern, für die die Europäische Kommission durch Beschluss ein angemessenes Datenschutzniveau festgestellt hat (USA, Kanada, Japan, Südkorea, Neuseeland, Vereinigtes Königreich, Argentinien), als auch in Ländern, für die kein Angemessenheitsbeschluss der Europäischen Kommission vorliegt (Australien, Hongkong, Indien, Indonesien, Malaysia, Singapur, Thailand, Taiwan, Brasilien, Mexiko). The adequacy decision for the USA is the basis for third country transfers. For countries without an adequacy decision by the European Commission, the data transfer continues to be based on the standard data protection clauses of the European Commission.
Weitere Informationen finden Sie auf der Informationsseite für Page Insights-Daten (www.facebook.com/legal/terms/information_about_page_insights_data) und in der Datenschutzrichtlinie von Facebook: www.facebook.com/about/privacy.
Meta sitzt und/ oder verwendet sowohl Server in Ländern, für die die Europäische Kommission durch Beschluss ein angemessenes Datenschutzniveau festgestellt hat (USA, Kanada, Japan, Südkorea, Neuseeland, Vereinigtes Königreich, Argentinien), als auch in Ländern, für die kein Angemessenheitsbeschluss der Europäischen Kommission vorliegt (Australien, Hongkong, Indien, Indonesien, Malaysia, Singapur, Thailand, Taiwan, Brasilien, Mexiko). The adequacy decision for the USA is the basis for third country transfers. For countries without an adequacy decision by the European Commission, the data transfer continues to be based on the standard data protection clauses of the European Commission.
 
Instagram
Instagram is a service provided by Meta Platforms Ireland Ltd, Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta”). The information automatically collected by Meta about your use of our social media presence on Instagram is usually transmitted to a server of Meta Platforms, Inc, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. Data processing in the context of a visit to a social media presence on Instagram is based on an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Further information can be found on the information page for Page Insights data (www.facebook.com/legal/terms/information_about_page_insights_data) and in Instagram’s privacy policy: privacycenter.instagram.com/policy. Meta sitzt und/ oder verwendet sowohl Server in Ländern, für die die Europäische Kommission durch Beschluss ein angemessenes Datenschutzniveau festgestellt hat (USA, Kanada, Japan, Südkorea, Neuseeland, Vereinigtes Königreich, Argentinien), als auch in Ländern, für die kein Angemessenheitsbeschluss der Europäischen Kommission vorliegt (Australien, Hongkong, Indien, Indonesien, Malaysia, Singapur, Thailand, Taiwan, Brasilien, Mexiko). The adequacy decision for the USA is the basis for third country transfers. For countries without an adequacy decision by the European Commission, the data transfer continues to be based on the standard data protection clauses of the European Commission.
Further information can be found on the information page for Page Insights data (www.facebook.com/legal/terms/information_about_page_insights_data) and in Instagram’s privacy policy: privacycenter.instagram.com/policy.
Meta sitzt und/ oder verwendet sowohl Server in Ländern, für die die Europäische Kommission durch Beschluss ein angemessenes Datenschutzniveau festgestellt hat (USA, Kanada, Japan, Südkorea, Neuseeland, Vereinigtes Königreich, Argentinien), als auch in Ländern, für die kein Angemessenheitsbeschluss der Europäischen Kommission vorliegt (Australien, Hongkong, Indien, Indonesien, Malaysia, Singapur, Thailand, Taiwan, Brasilien, Mexiko). The adequacy decision for the USA is the basis for third country transfers. For countries without an adequacy decision by the European Commission, the data transfer continues to be based on the standard data protection clauses of the European Commission.
 
Pinterest
Pinterest is an offer of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, (“Pinterest”). The information automatically collected by Pinterest about your use of our social media presence on Pinterest is usually transferred to a server of Pinterest, Inc, 505 Brannan St., San Francisco, CA 94107, USA and stored there. Data processing in the context of a visit to a Pinterest social media site is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR.
Further information can be found in Pinterest’s privacy policy: policy.pinterest.com/en/privacy-policy.
Pinterest is located and/or uses servers in countries for which the European Commission has determined an adequate level of data protection by decision, as well as in countries for which there is no adequacy decision by the European Commission. For countries without an adequacy decision by the European Commission, the data transfer continues to be based on the standard data protection clauses of the European Commission.
 
LinkedIn
LinkedIn ist ein Angebot der LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland („LinkedIn“). The information automatically collected by LinkedIn about your use of our social media presence on LinkedIn is usually transferred to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored there. Data processing in the context of a visit to a social media presence on LinkedIn is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR.
LinkedIn is located and/or uses servers in the USA, for which the European Commission has determined an adequate level of data protection. The adequacy decision for the USA applies as the basis for third country transfers, provided that the respective service provider is certified. Until certification by our service providers, data transmission will continue to be based on the standard data protection clauses of the European Commission.

13. Your rights

The processing of your personal data gives you the following rights:
 

• Right of access (Art. 15 GDPR)
  You have the right to obtain information about your personal data which we process, within the scope described therein.
• Right to rectification (Art. 16 GDPR)
  You have the right to immediately demand rectification of incorrect or completion of your personal data stored by us.
• Right to erasure (“Right to be forgotten”, Art. 17 GDPR)
  You have the right to request erasure of your personal data stored with us, unless further processing is required to exercise the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for establishing, exercising or defending legal claims.
• Right to restriction of processing (Art. 18 GDPR)
  You have the right to request restriction of processing of your personal data, insofar as the accuracy of the data is contested by you or as the processing is unlawful, but you refuse their erasure, or as we no longer need the data, but you need it to establish, exercise or defend legal claims or as you have lodged an objection to the processing in accordance with Art. 21 GDPR.
• Right to data portability (Art. 20 GDPR)
  You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller where the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and where the processing is carried out by automated means.
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
  You have the right to complain to a supervisory authority. You can contact the supervisory authority at your habitual place of residence, place of work, or place of the alleged infringement.
• Right to object (Art. 21 GDPR)
  You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1)(e) or (f) GDPR, including profiling based on those provisions. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
  Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

 
If you have any questions about the collection, processing or use of your personal data, if you request information, correction, erasure, or restriction of the processing of data, or to exercise your right to object or withdraw, please contact us using the contact info given under section 1 of this privacy notice.