On 25 May 2018, the new General Data Protection Regulation (GDPR) of the European Union has come into effect. The GDPR specifies how companies must protect their customers’ data.
One of the main objectives of the new regulation is to harmonize the legal situation across member states to ensure that consumers throughout Europe can rely on uniform regulations. The GDPR is particularly relevant for online merchants because in distance selling, customer data is inevitably processed and stored. To what extent such customer data may be collected in the future, how the data should be protected and, if necessary, deleted at the request of the customer, is regulated in the ordinance.
Extremely Insain is compliant with GDPR and our service doesn’t require your explicit approval for processing personal data. Significantly, we only process and use your personal data within the limits of contract fulfilment pursuant to Art. 6 GDPR. This includes, for example, passing on your address to logistic providers. In addition, we ensure that we only request the minimum personal data required for the business transaction.
This privacy statement has been update on 25-05-2018, 00.00.
DATA COLLECTION WHEN ACCESSING OUR WEBSITE
You may visit our website without providing any personal details. Each time you access a website, the webserver will only automatically document a server log file, which contains the name of the requested file, your pseudonymised IP address, date and time of your access, volume of transferred data and the requesting provider (access data) and documents the access.
This access data is used solely for the purpose of ensuring a fault-free operation of the site and to improve our offer. When balancing interests, this serves to preserve our overriding justified interests in a correct portrayal of our offer in accordance with Art. 6(1) 1f GDPR. All access data will be deleted at the latest seven days after the end of your visit to the site.
Extremely Insain runs on an USA based server solution. With over 140.000 online shops worldwide, ePages takes care of the security and the faultless functioning of our online shop software.
We encrypt your visit to our website and entered sensitive information on our check out form using secure layer technology (SSL) to protect your privacy and data.
Our provider Denit BV supplies for us the services for hosting our webshop and the data collected within this framework as part of processing on our behalf pursuant to Article 28 GDPR. This serves to preserve our overriding justified interests, as part of balancing interests, in a correct portrayal of our offer in accordance with Art. 6(1) 1f GDPR.
All data, which is collected during the course of using our website or in the check out form, as described in the following, shall be processed on Denit BV servers, who places the greatest of importance on data protection, and these servers only operate computer centres that document the highest security standards through ISO certification.
Finally, our webshop is biannual intensively scanned on security risks including dangerous vulnerabilities such as Cross-Site Scripting (XSS) and SQL injections by partner organisation ForusP to ensure our webshop is safe.
Cookies are small data files that are not dangerous for your computer. They can’t damage your computer or any file on it. A cookie is stored in the buffer of your browser (Internet Explorer, Google Chrome, Firefox, etc) to enable data exchange, e.g. to facilitate navigation or tracking your interests. This is a feature that you can turn off in your browser.
CONTRACT DATA COLLECTION WHEN CHECKING-OUT
We collect, process and store the data that you provide to us when you register and/or decide to purchase our products.
The personal data that we collect are:
- Invoice address / delivery address
- Email address
- Phone number (not obligatory, but advised)
- Gender (not obligatory)
Your personal data is collected from the completed online screens/order forms . You are free to choose whether to enter this data and transfer it, but without the obligatory personal data we won’t be able to establish nor to fulfil a contract.
To confirm your order and to confirm dispatch a confirmation email will be sent to the email address provided. Note: for a contractual agreement to be valid, a payment will be required.
We will retain collected data for as long as necessary and permitted within the scope of the contractual agreement, guarantee terms and to comply with the applicable legislation. Invoices are retained for a period of 7 years in accordance with Dutch accounting and taxation legislation.
We are happy to inform you in writing if and what data we have stored about you. If you intend to assert your statutory rights to be informed of, rectify, erase or lock your data, please contact our customer service. We will require a legitimate identification through e.g.passport, ID-Card, Drivers License to prevent misuse.
You may update, correct, or delete your account information at any time by accessing you account settings page. Please note that information you submit may be reflected at our website instantly, but previous submitted information may be retained in backups.
GOOGLE ANALYTICS/ GOOGLE ADWORDS
Extremely Insain, as numerous others do as well, uses the Google Analytics service that gathers information about your use of our website (including IP address). This service provides reports that enable us to improve our online shop. Google provides this information only to third parties if this is legally prescribed or if third parties process this data on behalf of Google. Google won’t combine your IP address with any other data held by Google. By using our website you agree that recorded data are processed by Google in the manner and for the purposes described above.
We won’t require your explicit consent for our Newsletter when you order in our webshop. We send Newsletters sporadically and if we do it will be to inform you about offerings of a similar kind as items you’ve bought in our webshop or to announce the start of a Sale. It will always hold a link to unsubscribe.
We will never make your personal data public.