Thank you for your interest in ShimlaGin.com. To enable us to provide our services, we require some data about you. We take the protection of your personal data very seriously and will al-ways process it in accordance with the applicable data protection regulations, in particular with the EU General Data Protection Regulation. The purpose of this Data Privacy Statement is to inform you in detail about the nature, scope and purpose of the personal data processed by us and your rights as a data subject.
1. Data Controller and General Information Your data will be processed by Shimla Gin Ltd, 352 Bearwood Rd, Smethwick, Birmingham, B66 4ET, England, email: firstname.lastname@example.org (service provider and data controller within the meaning of the General Data Protection Regulation (GDPR). Please note that whenever we use formulations such as “we” or “us”, we are referring to Shimla Gin Ltd. Within this document, “Shimla Gin” refers to www.shimlagin.com, and to various apps provided by Shimla Gin Ltd., including all sub-pages, content and functions provided therein. Our services are provided for the general public and are not intended to be used by children. We do not knowingly collect any personal data from users classified as children under national legislation.
2. Collection and Processing of Personal Data In general, insofar as any of the services provided by us do not require payment or registration, you can use them without providing personal information. In certain cases we will process the personal data listed in Section 3. This will generally only occur insofar as the processing of this personal data is necessary to ensure the functioning of the website or app, or to provide you with out content and services. Furthermore, we process personal data in connection with your use of viabatuta.com in circumstances where this data is provided voluntarily by you, e.g. in the context of registration, an inquiry to us, an application, the conclusion of a subscription or another legal basis (see Section 4). If you do not wish this to happen, you may be unable to use our services, or at least be restricted from accessing their full range of functions.
3. Categories of Data Processed By Us As soon as you begin using ShimlaGin.com, our system automatically collects information from the system of the requesting machine. Data collected can include the following: – Information about the browser type and version – The operating system of the user – Mobile Device ID – Date and time of request – Web analysis data / pseudonymized user profiles (cookie ID, ad ID, etc.) – Websites from which users are referred to our website – Websites accessed by users via our website In addition, we process the following personal data insofar as there is a contractual relationship between you and us, or if you have transmitted the data to us in other ways: – Personal master data (name, address, date of birth) – Communication data (telephone number, email address) – Contractual master data (contractual relationship, contractual or product interest, order history) – Login data with password – Comments, posts, etc. – Employee data (name, address and communication data, contractual master data and accounting data, date of birth, marital status, nationality, denomination, field of activity, social insurance status, wage tax data, social data, bank details, HR administration and management data, access and access control data).
4. Legal Basis and Purpose of Processing We process your data exclusively on the basis of one or more of the possible legal bases for data processing. According to the GDPR, personal data may, in particular, be processed on the basis of a con-tract or for the implementation of pre-contractual measures, on the basis of your consent, on the basis of a legitimate interest or law and/or for the protection of vital or public interests. Registration is required for the provision of certain content or services on our website. All users can register with ShimlaGin.com free of charge, stating their given name, last name, email ad-dress and a password, whereby this registration data is transmitted to us. The collection and processing of this data takes place for the purpose of fulfilling the user agreement between us and the user pursuant to Art. 6.1.b GDPR. Where you have provided an email address in the course of registration or in connection with the performance of a contract, we also use this email address to send you information about similar goods or services as well as about existing subscriptions or about Shimla Gin Ltd. in general. In this case, the processing of the email address is based on our legitimate interest in the advertising our goods and services (Article 6.1.f GDPR). In addition, if you have issued your prior express consent for receiving a newsletter or advertizing materials, we will use your email address to send you our newsletter. In this case, we will process your email address in order to be able to deliver the newsletter as per your request (Art. 6.1.b GDPR). You can object to the use of your email address by sending an email to email@example.com with effect for the future and without incurring any costs other than transmission costs according to the basic tariffs. Naturally, you can unsubscribe from the newsletter at any time in your user profile or by clicking on the unsubscribe link in the newsletter itself. On the internet, each device capable of transmitting data requires its own unique address, commonly known as an “IP address”. The (at least temporary) storage of the IP address is technically necessary to allow the website to be delivered to the user’s computer. We truncate IP addresses prior to processing them and carry out any further processing anonymously. We offer a comment function (forum) for registered users on our website, in connection with which additional personal data is stored. The same applies to any surveys in which the user chooses to participate. If you wish to post a comment, you will need to register in order to do so. You may use a pseudonym as your “username”. We collect and process the data provided by you to enable us to publish your comment as per your request (Article 6.1.b GDPR). In particular, we require your email address to be able to contact you in case of complaints regarding your comment and to give you the opportunity to respond (Article 6.1.c GDPR). In the case of processing activities not covered by one or more of the aforementioned legal bases, processing will take place only if it is necessary to safeguard a legitimate interest and if your interests, fundamental rights and fundamental freedoms do not override this legitimate interest in the context of a comprehensive balancing of interests (Article 6.1.f GDPR). A legitimate interest can be assumed if the data subject is a customer of the data controller. In relation to the processing of personal data, our legitimate interest consists, in particular, in conducting our business for the benefit of all of our employees and our shareholders. Our legitimate interest in offering you tailored products, notifying you about our products, innovations and quality features and continually improving our products and services forms the legal basis for any and all processing that takes place for the purpose of big data, direct marketing (own advertising and third-party advertising), usage-based online advertising, web/app analysis and lead scoring (combining different selection criteria to determine which adverts to show). For more information on web analysis services, see Section 9. Our legitimate interest in fraud prevention, network and information security and the reliability of our services and/or products also constitute a legal basis for the processing of certain data. Another of our legitimate interests lies in the functionality of the business processes on the basis of which processing occurs for internal administrative purposes (e.g. address management/accounting). When processing the personal data of data subjects covered by our reporting, we also invoke our legitimate interest in exercising freedom of expression and information. You can object at any time to data processing that occurs on the basis of a legitimate interest (see Section 13). In the event that the data is processed for a purpose other than that specified in connection with the original data collection, a compatibility check will be carried out in accordance with Art. 6.4 GDPR. Further processing will only be permitted if the original purpose is compatible with the new purpose or is permitted on a separate legal basis. Recognized compatible purposes include the assertion, exercise or defense of civil law claims, insofar as the interest of the data subject does not override these purposes. In such cases, we will inform you of the new purpose. If the new purpose is incompatible with the purpose cited in connection with the original data collection, collection will be re-established on a new legal basis. In this case, too, we will inform you about the change of purpose.
5. Location of Processing We do not transfer your personal data to countries outside the United Kingdom and the European Economic Area, except in cases where this is permitted under the GDPR. We have no knowledge of or influence over whether third parties with whom you have a separate contractual relationship (e.g. Facebook, if you have a Facebook account) transfer data to countries outside the European Economic Area. We sometimes process data in countries outside the European Economic Area (“EEA”). In order to ensure the protection of your personal rights in connection with these data transfers, we use the standard contractual clauses of the EU Commission to structure our contractual relationships with recipients in third countries in accordance with Art. 46.2.c GDPR. These are available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF at any time. Alternatively, you can download these documents from us using one of the con-tact methods below. In regards to the US, the European Commission decided, by means of a decision adopted on 12 July 2016, that an appropriate level of data protection is provided under the regulations of the EU-U.S. Privacy Shield (adequacy decision, Art. 45 GDPR). For more information – including the certification of the service providers we use – please visit https://www.privacyshield.gov . We only use US service providers who are certified under the EU-US Privacy Shield scheme.
7. Transfer of Your Data to Third Parties We transmit your personal data to third parties only if this transmission is necessary in order to fulfill our contractual obligations towards you and it occurs in cooperation with another provider (e.g. a partnership), if we are legally entitled or obliged to make the transfer on any other grounds, or you have issued a corresponding consent. To enable us to provide our services, selected personal information may be shared with certain departments within our company. This includes employees in the accounting, product management, marketing and IT departments. In certain cases, we also use external service providers or affiliates who have been contracted by us to process data on our behalf. Such service providers are contractually obligated by us to adhere to the strict requirements of the GDPR in their role as a processor and may not re-use your data for any other purpose. Our contractors provide us with the following services: subscription management, content recommendations, hosting, survey and comment service(s), maintenance and support, and web and app analytics. The transfer of data to contract data processors takes place on the basis of Art. 28.1 GDPR or, alternatively, based on our legitimate interest in the economic and technical advantages associated with the use of specialist contract data processors pursuant to Art. 6.1.f GDPR. Insofar as we are legally obliged to do so, or if it is permitted under data protection law, we transfer personal data to authorities, e.g. the police or the public prosecution services (Art. 6.1.c GDPR). The disclosure of this data is based on our legitimate interest in the fight against abuse, the prosecution of crimes and the securing, assertion and enforcement of claims, It may only occur if your rights and interests in the protection of your personal data do not over-ride these interests pursuant to Art. 6.1.f GDPR.
11. Online Marketing and Internet Advertising This website is marketed by Shimla Gin Ltd. As part of this process, advertising is optimized for you through the collection and processing of information about your usage behavior, and is aligned to your predicted interests. As a result, you, as a user and data subject, benefit by receiving advertising that is more in line with your interests. A cookie is stored on your computer to record your usage behavior, but does not enable you to be personally identified.
13. External Links Our website contains links referring to third party sites. Shimla Gin Ltd. has no influence over whether or not these website operators comply with data protection regulations.
14. Duration of Storage We store personal data for only as long as we are entitled to do so and the purpose of processing remains in place. The respective statutory retention period applies in respect of the duration of storage of personal data. Once the period has expired, and insofar as is the corresponding data is no longer required to fulfill or initiate a contract, the data will be routinely deleted.
15. Contact Data and Your Rights as a Data Subject If you have any questions or suggestions about privacy and the exercise of your rights as a data subject, you are welcome to contact our Data Protection Officer at any time: Shimla Gin Ltd., 352 Bearwood Rd, Smethwick, Birmingham, B66 4ET, England ; email: firstname.lastname@example.org. Access and Rectification: At any time, and free of charge (a maximum of once per year), you can obtain information from us about whether or not personal data about you is being processed by us. You can also request specific details about the data being stored and obtain a copy of this stored data. You have the right to correct incorrect data and to have incomplete personal data completed. Deletion, Restriction and the Right to be Forgotten You have the right to request the deletion of your personal data or the restriction of its processing. Please keep in mind that legal storage obligations exist in respect of (e.g.) paid contracts, such as the purchase of a subscription from Shimla Gin Ltd., and that we may not be able to delete your data fully anyway. In this case, your data will be marked with the aim of restricting its future processing.