Christmas order deadline - 30.11.19

Privacy Policy

Last Updated: 20.11.2018

Please read our data protection information carefully. If you have any questions or comments about our privacy information, please contact us at privacy@hotchipsandsorbet.com.

Contents

  1. Our Commitment to Data Protection
  2. Our Website and Online Services
  3. Promoting Our Services
  4. Contact and Communication
  5. Your Rights

1. Our Commitment to Data Protection

At SH Morgan UG, we take our data protection and information security responsibilities very seriously. The effective management of all personal data, including its security and confidentiality, lies at the very heart of our business. This is not only conditioned by our legal and regulatory responsibilities, but also fundamentally driven by our commitment to our clients and to meet their expectations of us having in place robust compliance and risk management practices and protocols. In the following, we would like to inform you about the processing of personal data by us in the context of our website and in the course of our business.

2. Our Website and Online Services

In the following section 2, we inform you about the processing of personal data in the context of your visit to our website. Data controller for all processing activities in this context is SH Morgan UG, unless stated otherwise.

2.1 Our Website

Description and purposes of the processing

When visiting our website, your browser will contact our webserver to retrieve the sites you wish to visit. In this context, personal data such as your IP address is transferred by your browser (i.e. by HTTPS requests) to us. This connection data is processed by our webserver to enable access to and the display of our website.

Our webserver automatically saves a record of the pages you visited (so-called logfiles / record of session). We use these logfiles to ensure the security of our website, in particular to prevent unauthorized interference with it, and to enable to exercise our legal rights and obligations in regard to such unauthorized interference.

Furthermore, we analyze session records to optimize our website. However, this analysis takes place in an anonymized way. The results cannot be linked to your person.

Legal basis for the processing & legitimate interests for the processing

Generally the processing activities data in the context of your visit to our website are based on our legitimate interests according to Art. 6 (1) f GDPR to operate an internet website for general information and communication purposes and to optimize our website and to protect it from attacks. If you are visiting our website in order to initiate a business relationship with us, the processing is based on Art. 6 (1) b GDPR.

Exceptionally, we may process personal data in accordance with Art. 6 (1) (c) GDPR to fulfil our legal obligations, in particular vis-à-vis relevant authorities in cases of unauthorised interference.

Recipients

Our IT team members have access to logfiles and will pass them on to other internal or external recipients including the relevant authorities if necessary to exercise our legal rights in regard to unauthorized interference.

Retention period

The log data is stored as long as the web servers serving the site are up. Once they are restarted, the log data is erased. This often happens weekly.

All other data is erased immediately after processing the HTTPS request.

Possible consequences of failure to provide personal data

Without processing the above mentioned personal data, you cannot display and visit our website.

2.2 Our Educational Subdomains

Recipients

Once you have agreed to SH Morgan UG cookie policy banner on any page, 3rd party cookies will be enabled for the domain and subdomains. These 3rd party web properties are:

  • Google

Legal basis for the processing and legitimate interests for the processing The processing is based on Art. 6 (1) (f) GDPR. It serves our legitimate interests to develop our business and promote client relationships.

Transfer of personal data to third countries or international organizations We do not transfer personal data to third countries. However, the plug-ins listed above will connect to the webserver of the respective network in the United States of America. For further information on transfers and relevant safeguards in regard to them, please contact the respective social media provider or refer to their respective privacy policy:

  • Google: https://policies.google.com/privacy

Possible consequences of failure to provide personal data

Without accepting the cookie policy within the banner, the 3rd party plug-ins will no longer function. If you wish to use one of the applications after declining the cookie policy, you will have the opportunity to do so by accepting the individual cookie specified on the website. You can see this notice on the website on the Information Hub domain and sub-domains.

Retention period

We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review.

2.4 Social Plug-Ins

Data Controller

We take the position that we do not control the processing of personal data in the context of social media plug-ins. We do not have any access to the data collected and transferred by the social media plug-in to the social network provider. Any data processing is determined solely by the network service provider.

In the interest of transparency, we would regardless like to inform you about the processing of your personal data in this context.

Description and purposes of the processing

To improve your user experience, our website includes social media plug-ins of the large social media networks Facebook, Twitter, YouTube. These plug-ins allow you to directly post links to and other content from our websites on the relevant network.

Upon you opening a website on which a social media plug-in is embedded, the respective social network provider

  • Google: 1600 Amphitheatre Parkway, Mountain View, CA, USA
  • Facebook, 1 Hacker Way Menlo Park, CA 94025 USA
  • Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
  • YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066 USA
  • LinkedIn: 2029 Stierlin Ct. Ste. 200 Mountain View, CA 94043 USA

will collect and process information on your visit to our website for its own business purposes. This processing is not initiated or controlled by us, but is a built-in feature of the respective social media plug-in.

For information on the legal basis of processing by the social media provider, please contact the respective social media provider or refer to their respective privacy policy:

  • Google: https://policies.google.com/privacy
  • Facebook: https://www.facebook.com/policy.php
  • Twitter: https://twitter.com/privacy
  • YouTube: https://policies.google.com/privacy
  • LinkedIn: https://linkedin.com/legal/privacy-policy

Legal basis for the processing & legitimate interests for the processing

The processing of personal data in this context by us, if any, is based on Art. 6 (1) f GDPR. It serves our legitimate interest of (i) improving our website’s user experience thereby making it more attractive and thus increasing user traffic and (ii) make our content more visible and thereby promote our business.

For information on the legal basis of processing by the social media provider, please contact the respective social media provider or refer to their respective privacy policy:

  • Google: policies.google.com/privacy
  • Twitter: twitter.com/privacy
  • YouTube: policies.google.com/privacy
  • LinkedIn: linkedin.com/legal/privacy-policy

Recipients

We do not have access to or not share any personal data in this context.

For sharing of personal data by the social media provider, please contact the respective social media provider.

Transfer of personal data to third countries or international organisations We do not transfer personal data to third countries. However, the social media plug-in will connect to the webserver of the social media network in the United States of America. For further information on transfers and relevant safeguards in regard to them, please contact the respective social media provider or refer to their respective privacy policy:

  • Google: policies.google.com/privacy
  • Twitter: twitter.com/privacy
  • LinkedIn: linkedin.com/legal/privacy-policy

Retention period

We do not store any personal data in this context.

For storage of personal data by the social media provider, please contact the respective social media provider or refer to their respective privacy policy:

  • Google: policies.google.com/privacy
  • Twitter: twitter.com/privacy
  • LinkedIn: linkedin.com/legal/privacy-policy

Possible consequences of failure to provide personal data

Without processing the above mentioned personal data, you will not be able to post links to and other content from our website.

2.5 We use Cookies and Similar Technology

Cookies allow the website to distinguish you from other users of the site. This helps the originators to optimize websites and also allows certain parts of websites to function correctly. Find out more about cookies and the data processing in this context on www.allaboutcookies.org.

By using the hotchipsandsorbet.store website you have the opportunity to agree or decline our use of cookies based on the banner placed on every page. Cookies are set ourselves as well as we use 3rd party plug-ins, which set cookies. The difference in how that data is used and stored is listed below.

2.5.1 We use Strictly Necessary Cookies

Description and purposes of the processing

We use cookies necessary for users to visit and display our website. These cookies are essential in order to enable you to move around the website and use its features. Without these cookies services you have asked for cannot be provided.

We collect strictly necessary cookie data, such as your unique session ID and the time of your login (time stamp). This data allows us to relate the visitor's unique session to server side data. The cookies act as a reference to the session created. Whenever an activity is performed on our website, our server recognizes your session ID and validates that activity.

Legal basis for the processing & legitimate interests for the processing

Processing of strictly necessary cookies data is based on Art. 6 (1) of GDPR. It serves our legitimate business interests to enable users to visit our web presence and thereby ultimately promote our business.

Recipients

Strictly necessary cookie data is processed by SH Morgan UG. Transfer of personal data to third countries or international organizations Strictly necessary cookie data will not be processed to third countries or international organizations.

Possible consequences of failure to provide personal data

Disabling these cookies will encumber the Sites' performance, and may make services and features unavailable.

We use the following strictly necessary cookies:

  • user-has-accepted-cookies: Type: Permanent, Expiry after: 365 days; Purpose: Stores the visitor‘s accept/decline decision expressed in the context of the third party cookie/plugin consent banner mentioned earlier.

Legal basis for storage and access to these cookies

Legitimate goal to provide a functional website.

2.5.2 We use Web Analytic Cookies

Description and purposes of the processing

We use the web analytics services of

  • Google

for purposes of statistical analysis and optimization of our website. This helps us tailor our website to our users’ needs by, for example, placing the most sought after pages where they are most easily found. It also allows us to gauge how attractive our website is, how many of our users are regulars and how we can improve the reach of our website, e.g. by optimizing search engine ranking.

For this purpose,

  • Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA)

(together referred to as cookie supplier) collect and store on our behalf certain usage data (e.g. which sites you navigate to, how long you spend on these sites, how often you return to our website) attributed to an anonymous identifier. This usage data is then used to generate non-personalized analyses of website usage for us.

Show Details: When you visit a page on our website that uses Google Analytics, some information on this “pageview hit” (incl. the URL of the site visited by you as well as your IP address, information on the operating system, browser and language setting used by you and potentially some information stored in the cookies described below) will be transmitted to our cookie suppliers server by code embedded in the respective site. The IP address is only used for technical purposes of transmission and anonymized by deleting the last digits immediately after reception. The other usage data will be attributed to an anonymous / pseudonymous identifier that is automatically generated and stored in a cookie on your device (cf. below). This identifier cannot and will not be traced back to you. Its sole purpose is to allow us to analyze typical website usage by obtaining information on relevant usage cycles.

Legal basis for the processing & legitimate interests for the processing

Processing of usage data is based on Art. 6 (1) f GDPR. It serves our legitimate business interests to optimize our web presence and improve its reach, usability and content and thereby ultimately promote our business.

Recipients

Usage data is processed by our cookie supplier as a data processor on our behalf on the basis of a data processing agreement between the cookie supplier and us. Analyses of website traffic provided by our cookie suppliers are used by our internal departments, in particular the IT and business development departments, for the above mentioned purposes.

Transfer of personal data to third countries or international organisations

Usage data may be processed by our cookie suppliers on servers in the United States of America. An adequate level of data protection is ensured, as Google LLC is certified under the so-called EU-US Privacy Shield.

Possible consequences of failure to provide personal data

None.

You may prevent processing of personal data by activating the "do-not-track"-option of your browser.

To prevent processing by Google Analytics, you can install the Google Analytics opt-out browser add-on. This add-on is compatible with all major browsers and can be downloaded and installed via the Google Analytics opt-out page.

Further information

Please see the Google Analytics privacy notice

The following cookies are used for the purposes of web analytics:

Google Analytics

  • Cookie Name: utmb _utmc. Type: Permanent. Expiry after: 30 minutes. Purpose: These cookies work together to calculate how long a visit takes.utmb takes a timestamp of the exact moment when a visitor enters a site, while_utmc takes a timestamp of the exact moment when a visitor leaves a site. _utmb expires at the end of the session. _utmc waits 30 minutes, and then expires. _utmc waits 30 minutes for another page view to happen, and if it doesn't, it expires.

  • Cookie Name: _utmz. Type: Permanent. Expiry after: 6 months. Purpose: This tracks where visitors came from. What search engine was used. What links were clicked on. What keywords were used. Where they were in the world when they accessed the website.

  • Cookie Name: _utmv. Type: Permanent. Expiry after: 2 years after last visit. Purpose: This cookie stores custom variables for each visitor and allows us to use segmentation to better understand our visitors.

  • Cookie Name: _ga. Type: Permanent. Expiry after: 2 years after last visit. Purpose: This cookie is used to distinguish between site visitors.

Technically necessary?

No.

Legal basis for storage and access to these cookies

User's consent.

Right to withdraw your consent

You have the right to withdraw your consent to us storing these cookies on your device and accessing them from time to time by activating the "do-not-track"-option of your browser.

2.5.3 Third Party Cookies

We partner with third parties to provide you with connections to certain social networks, such as Google, Twitter and LinkedIn (cf. 2.4.). By engaging with third-party plug-ins and widgets on our website, such third parties may place session or persistent cookies or similar technologies on your browser. These technologies may provide to the third parties information about your visit so that they can present you with advertisements and services which may be of interest to you. As we are not responsible for the use of such cookies and do not gather any information in that regard, the use of these cookies is subject to third party’s own cookie policies:

  • Google: https://policies.google.com/technologies/cookies
  • Facebook: https://www.facebook.com/policies/cookies/

3. Promoting Our Services

3.1 General

Controller

Data processing activities in the context of global business development initiatives are generally controlled by SH Morgan UG.

Data processing activities in the context of local business development initiatives are ordinarily controlled by the respective SH Morgan UG entity.

If different SH Morgan UG entities exceptionally act as joint controllers, SH Morgan UG is designated as a single point of contact for data subjects under the GDPR.

Description and purposes of the processing

In the conduct of our business we engage in different business development activities with current and potential clients and other relevant third parties. For this end, we process “business development data” such as

  • contact information (e.g. name, work address, telephone numbers, e-mail, position),
  • data on (marketing) preferences and fields of interest; and/or
  • data on past participation in marketing initiatives.

This data is either provided directly by the relevant data subject or by other business contacts and sources (e.g., public directories or public registers).

Legal basis for the processing & legitimate interests for the processing

The processing is based on our legitimate interest according to Art. 6 (1) f GDPR to pursue our business interests of marketing and business development, or, as the case may be, in order to take steps at the request of the data subject prior to entering into a contract according to Art. 6 (1) b GDPR.

Recipients

In the conduct of our business, we share certain business development data within SH Morgan UG.

On a case-by-case basis, in accordance with accepted market practice, we may also share certain business development data with our business partners (e.g. Amazon Web Services or Microsoft Partner Network) and certain other parties that assist us with our business development activities in the ordinary course of our business (e.g. marketing services providers).

Transfer of personal data to third countries or international organisations

As a global Enterprise Computing Service, we also share business development data within SH Morgan UG. We do not transfer personal data to third countries or international organizations.

In the conduct of our business, we also share data with external business partners in accordance with accepted market practice. For those external transfers, we have in place adequate safeguards, in particular standard contractual clauses according to Art. 46 (1) lit. c GDPR

Retention period

We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymize it.

Possible consequences of failure to provide personal data

Where we collect business development data directly from you, you continue to retain full discretion if, how, and what you disclose to us. There are no negative consequences if you do not provide us business development data.

3.2 Newsletters and Updates

Controller

Generally, data processing activities in the context of newsletters and update services (e.g., RSS newsfeed, social media news feeds) are controlled by SH Morgan UG.

Data processing in the context of newsletters or other update services is ordinarily controlled by the respective SH Morgan UG entity. If different SH Morgan UG entities exceptionally act as joint controllers, SH Morgan UG is designated as a single point of contact for data subjects under the GDPR.

Description and purposes of the processing

If you have signed up or otherwise agreed to receive newsletters or other update services, we will process your contact data (e.g. name, e-mail) to render those services.

In order to further optimize the user experience and in particular tailor the information provided to you, we process information on your specified preferences, if any, and in some instances, follow your consumption of material (user statistics). All newsletter activities and other update services serve marketing purposes and business development.

Legal basis for the processing & legitimate interests for the processing

The processing is based on our legitimate interests according to Art. 6 (1) f GDPR to pursue our business interests of marketing and business development, or, as the case may be, for the performance of a contract according to Art. 6 (1) b GDPR. If there is no legitimate interest or contractual necessity to process your personal data, we will ask you for your explicit consent under Art. 6 (1) a GDPR.

Recipients

In the conduct of our business, we share certain business development data within SH Morgan UG. We also share certain business development data with our business partners (e.g., Shopify inc) in accordance with accepted market practice.

Transfer of personal data to third countries or international organisations

As a global Enterprise Computing Service, we also share business development data within SH Morgan UG. We do not transfer personal data to third countries or international organizations.

In the conduct of our business, we also share data with external business partners in accordance with accepted market practice. For those external transfers, we have in place adequate safeguards, in particular standard contractual clauses according to Art. 46 (1) lit. c GDPR

Retention period

We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymize it.

Possible consequences of failure to provide personal data

There are no negative consequences if you do not provide us the above mentioned personal data. However, without providing your personal data, you cannot receive our newsletter or other update services.

4. Contact and Communication

Controller

If you use the contact options on our website, the respective data processing is controlled by SH Morgan UG (cf. 2.1). Single SH Morgan UG entities may be controller if you contact them directly.

If different SH Morgan UG entities exceptionally act as joint controllers, SH Morgan UG is designated as a single point of contact for data subjects under the GDPR.

Description and purposes of the processing

We offer you the possibility to contact us via e-mail our contact form or the outreach form on the website. We will process your personal data (such as your name, address, telephone number) to respond to you request and save them for potential further inquiries. Also the content of the communication will be processed by us for the purpose of responding to your request.

Legal basis for the processing & legitimate interests for the processing

The processing of your data in the context of communication, e.g. via the contact form or by e-mail, is based on Art. 6 (1) b GDPR in case you are contacting us in order to initiate or perform a business relationship with us.

If the communication is not linked to an existing or initiated contractual relationship, the processing is based on legitimate interests according to Art. 6 (1) f GDPR. Our legitimate interest is to conduct business correspondence or, for example, to respond to data protection requests.

Recipients

We share the above-mentioned personal data, in particular, contact data, within those SH Morgan UG entities your request is aimed at.

Transfer of personal data to third countries or international organisations

We share the above-mentioned personal data, in particular contact data, with those SH Morgan UG entities in third countries your request is aimed at. We have in place standard contractual clauses according to Art. 46 (1) lit. c GDPR that cover all transfers within SH Morgan UG.

Possible consequences of failure to provide data

You are not obliged to provide us with your personal data. However, we need the relevant data to contact you and respond to your request or communication.

Retention period

We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymize it.

5. Your Rights

We have a legal obligation to ensure that your information is kept accurate and up to date. Please assist us to comply with this obligation by ensuring that you inform us of any changes to your information. Your personal data is collected and processed for specified, explicit and legitimate purposes. The processing of the data will not take place in a manner incompatible with these purposes.

If you have any questions in relation to this notice, or wish to assert any of your rights, please contact us using the contact details included below. To protect your rights and your privacy and to validate communications received in relation to this notice, we may request a confirmation and proof of your identity.

As a data subject you have several rights, as defined within the GDPR. These are listed below together with a brief, non-exhaustive explanation.

The right to information (Art. 13 GDPR)

You have the right to be informed whether and to what extent we process your data.

The right of access (Art. 15 GDPR)

You have the right to obtain a confirmation as to whether or not we process your personal data, and if we do, request access to your data.

The right to rectification (Art. 16 GDPR)

If the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time.

The right to deletion (Art. 17 GDPR)

If you consider that we should stop processing some or all of your personal data, you have the right to request its deletion. However, there may well be reasons why an immediate deletion may not be possible (for example where retention is required to meet legal or regulatory obligations).

The right to restrict the processing (Art. 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain situations:

  • If you contest the accuracy of your personal data, you may request that its processing is restricted while we verify its accuracy.
  • If the processing of your personal data is considered unlawful, but you do not require the deletion of your personal data.
  • If we no longer need the data for the purposes of its processing, but you need it for the establishment, exercise or defense of legal claims.
  • If you object to our processing of your data based on our legitimate interests under Art. 6(1) (f) GDPR, or where the processing is based on Art. 6(1) (e) GDPR.

The right to data portability (Art. 20 GDPR)

Where the processing takes place on the basis of your consent or contract, and is carried out by automated means, you have the right to request that we provide your personal data to you in a machine-readable format.

The right to object to the processing (Art. 21 GDPR)

You have the right to object to the processing of your personal data in certain situations.

Rights in relation to automated decision making and profiling (Art. 22 GDPR)

You have the right to object to decisions based exclusively on the automated processing of your personal data.

The right to withdraw your consent

If your personal data is processed on the basis of your consent (Art. 6 (1) (a) or Art. 9 (2) (a) GDPR), you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise your rights you can get in touch with us by contacting:

  • privacy@hotchipsandsorbet.com