Definitions of terms
The following definitions are based on the definitions of Art. 4 of the General Data Protection Regulation (GDPR).
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Responsible for the data processing:
Sharokina Eshaghi Golpashin
40477 Düsseldorf, Germany
2. Server log files
When visiting our website, our hosting provider automatically collects and stores usage data in log files – the so-called server log files – on servers in Germany. These are: IP address of the requesting device, name of file or page visited, date and time of the server request, indication of the time difference between requesting host and web server, data volume transferred, referrer URL (the previously visited website), operating system, browser type, browser version, browser language, browser interface, access status (successful submission, errors, etc.).
The processing of data is based on our legitimate interests due to Art. 6 para. 1f GDPR. The data are processed only for the reasons of security and maintenance as well as to ensure the failure-free operation of our website. The server log files will be deleted within seven days after the end of your page visit unless further storage is required for evidence purposes until the respective incident has been finally clarified. We have concluded a data processing contract with our hosting provider following Art. 28 para. 3 GDPR.
Cookies are small text files that are stored on your device (desktop, notebook, or mobile device) while visiting our website. The cookies contain specific settings and data. We usw temporary and permanent cookies. The temporary cookies (also called session cookies or transient cookies) are stored only for the duration of your session, which means they will be deleted automatically as soon as you close your browser. The permanent cookies (also called persistent cookies) remain on your device even after closing your browser, and thus, allow us to recognize your browser the next time you visit our website. The storage helps us to optimize our website and our offers and makes it easier for you to use it because you don’t have to enter specific entries repeatedly.
Some of the cookies are essential, while others help us to improve this website and your user experience. The essential cookies are set based on our legitimate interests due to Art. 6 para. 1f GDPR to ensure the failure-free operation of our online shop, i.e., they are required for the cart functionality and for ordering products. All other cookies serve to optimize our website and our offer and are set based on your consent due to Art. 6 para. 1a GDPR, i. e. they are only stored on your device if you have agreed to their storage. Further information on the individual services used for this purpose and your options for withdrawal and objection can be found in the privacy information for the respective service described below.
The following link provides an overview of all cookies used, and you can customize your cookie preferences: Privacy Preferences
Alternatively, you can set up your web browser to store cookies only if you accept it, or you can choose to allow only specific websites to set cookies. You can also prevent all websites from storing cookies as well as enable the automatic deletion of all cookies when closing your browser. You can find instructions under the help option of your browser about how to control these settings. However, please note that the functionality of our website may be restricted if you prohibit certain cookies.
When contacting us (e.g., via our contact form, email, phone), we use your data to process your request due to Art. 6 para. 1b GDPR. Since you can only submit all contact forms on our website if you have given your consent to the data processing, Art. 6 GDPR additionally applies as the legal basis for data processing for contacting us via a contact form. We delete the data as soon as it is no longer needed for the mentioned purposes unless further storage is required due to legal archiving obligations.
5. Data processing for the fulfillment of a contract
When placing an order via our website, we are processing your personal data (first name, last name, billing address, shipping address, email address) due to Art. 6 para. 1b GDPR to fulfill our contractual obligations and services as follows:
- Your billing address is required for the conclusion of the contract and to issue an invoice. If you do not enter a different shipping address, your order will be sent to the billing address.
- Your shipping address will be forwarded to the respective carrier (DPD or DHL), if this is necessary for the delivery of the ordered goods.
- Your email address is required to send you an electronic order confirmation after placing your order and to send you a shipment confirmation after we have shipped your order.
The data required for the conclusion of the contract are marked as required fields in the order process. We are legally obligated to store the confirmation of receipt of your order for six years. The order-related invoice will be stored for ten years.
6. Customer account
7. Product reviews
If you wish to leave a review for a purchased product on our website, we need the email address you used for your purchase to verify you as the buyer. That means we process your data to verify if the reviewed product has been purchased via the given email address. Your email address will not be published. You can freely decide whether you want to publish your name, a pseudonym, or no name with the review. The verification process and publication of your review can take up to 24 hours. Your review will only be published in case of a successful verification. If we can not verify you as the buyer for the product in question, your review will not be published, and the submitted data will be deleted within seven days. Your IP address will not be logged and not stored.
8. Email newsletter
If you subscribe to our newsletter, we use your email address provided for the newsletter registration to send you regular email newsletters. Our newsletter contains information about new products and offers from SHAROKINA and points you to upcoming events such as pop up stores, fairs and markets, exclusive discounts, special promotions, and competitions. The newsletter will be sent at most once a month. The data processing is based on your consent, Art. 6 para. 1a GDPR.
After completing the subscription form, giving your consent to the data processing and have submitted the form, you will receive a confirmation email in which you need to confirm your newsletter subscription (double opt-in process). This process ensures that the email address provided for the subscription is not misused by another third person. As part of the registration, we store the confirmation time, your email address, and your IP address. We are legally obligated to log the registrations to prove a proper registration.
The newsletter will be sent on our behalf by the service provider MailChimp, Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to whom we will pass on your email address. MailChimp is certified under the EU-U.S. Privacy Shield, an agreement between the United States (US) and the European Commission.
The European Commission has confirmed a suitable level of data protection on the basis of an adequacy decision for companies certified under the Privacy Shield. The current certificate can be viewed here.
In addition, we have concluded a data processing contract with MailChimp following Art. 28 para. 3 GDPR.
9. Use of Matomo for web analytics
With the following button, you can agree to the data collection and storage or withdraw your consent at any time with effect for the future. Please note: If you delete your cookies, you must check the box again.
10. Social Share Plugins
Based on our legitimate interests (Art. 6 para. 1f GDPR) in the analysis and efficient optimization of our online offer, we use social share plugins of Facebook, Pinterest, and Twitter to facilitate the sharing of our website’s content. We use an HTML link for the integration of the social plugins. This type of integration protects your personal data because it ensures that there is not yet any connection to the servers of the social network providers when you access a page of our website that contains social plugins. If you click on a social share button, a new window will open in your browser and access the website of the social network provider, on which you can click on the share button (where applicable, after entering your login data) to share the desired content.
For more information about the processing of your personal data, as well as your related rights and setting options to protect your privacy, please refer to the privacy policies of the social network providers:
11. Facebook Pixel
You can also deactivate the “Custom Audiences” remarketing feature in the ad settings section at www.facebook.com/ads/preferences. To do so, you have to be logged in to Facebook.
If you do not have a Facebook account, you can opt out of using Facebook-based advertising on the European Interactive Digital Advertising Alliance website: www.youronlinechoices.com/uk/your-ad-choices
Alternatively, you can prevent the collection of your data by Facebook on our website by customizing your cookie settings:
12. Our social media profiles on Facebook and Instagram
We have social media profiles on Facebook (www.facebook.com/SHAROKINAcom) and Instagram (www.instagram.com/SHAROKINA) to communicate with both existing clients and potential clients, and to provide information about new products, offers, events, promotions, and contests.
The data processing is based on our legitimate interests (Art. 6 para. 1f GDPR) in the optimization of our online offer as well as in the efficient communication with both existing clients and potential clients. If the providers of the respective network ask you to consent to data processing (i.e., if you declare your consent, e.g., by clicking on a checkbox, or by confirming a button), then Art. 6 para. 1a GDPR applies as the legal basis for data processing.
Facebook Inc. is certified under the EU-U.S. Privacy Shield, an agreement between the United States (US) and the European Commission.
The European Commission has confirmed a suitable level of data protection on the basis of an adequacy decision for companies certified under the Privacy Shield. The current certificate can be viewed here. For detailed information about the processing of your personal data through the respective social network providers as well as for your related rights, contact information and setting options (also opt-out options) to protect your privacy, please refer to the privacy policies of the social network providers:
The data processing is based on an agreement between joint controllers due to Art. 26 GDPR, which can be viewed here: www.facebook.com/legal/terms/page_controller_addendum.
Further information on data processing during the visit of a Facebook fanpage (information about Insights data) can be found here: www.facebook.com/legal/terms/information_about_page_insights_data.
13. Your rights
The processing of your personal data gives you the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (“Right to be forgotten”, Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw (Art. 7 para. 3 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you consider that the processing of your personal data violates applicable law, you have the right to file a complaint with a supervisory authority. For this, you can contact the supervisory authority of your habitual residence, place of work, or place of the alleged infringement.