Thank you for your interest in ShimlaGin.com. To enable us to provide our services, we require some data about you. We take the protection of your personal data very seriously and will al-ways process it in accordance with the applicable data protection regulations, in particular with the EU General Data Protection Regulation. The purpose of this Data Privacy Statement is to inform you in detail about the nature, scope and purpose of the personal data processed by us and your rights as a data subject.
1. Data Controller and General Information
Your data will be processed by Shimla Gin Ltd, 352 Bearwood Rd, Smethwick, Birmingham, B66 4ET, England, email: email@example.com (service provider and data controller within the meaning of the General Data Protection Regulation (GDPR). Please note that whenever we use formulations such as “we” or “us”, we are referring to Shimla Gin Ltd. Within this document, “Shimla Gin” refers to www.shimlagin.com, and to various apps provided by Shimla Gin Ltd., including all sub-pages, content and functions provided therein. Our services are provided for the general public and are not intended to be used by children. We do not knowingly collect any personal data from users classified as children under national legislation.
2. Collection and Processing of Personal Data
In general, insofar as any of the services provided by us do not require payment or registration, you can use them without providing personal information. In certain cases we will process the personal data listed in Section 3. This will generally only occur insofar as the processing of this personal data is necessary to ensure the functioning of the website or app, or to provide you with out content and services. Furthermore, we process personal data in connection with your use of viabatuta.com in circumstances where this data is provided voluntarily by you, e.g. in the context of registration, an inquiry to us, an application, the conclusion of a subscription or another legal basis (see Section 4). If you do not wish this to happen, you may be unable to use our services, or at least be restricted from accessing their full range of functions.
3. Categories of Data Processed By Us
As soon as you begin using ShimlaGin.com, our system automatically collects information from the system of the requesting machine. Data collected can include the following: – Information about the browser type and version – The operating system of the user – Mobile Device ID – Date and time of request – Web analysis data / pseudonymized user profiles (cookie ID, ad ID, etc.) – Websites from which users are referred to our website – Websites accessed by users via our website In addition, we process the following personal data insofar as there is a contractual relationship between you and us, or if you have transmitted the data to us in other ways: – Personal master data (name, address, date of birth) – Communication data (telephone number, email address) – Contractual master data (contractual relationship, contractual or product interest, order history) – Login data with password – Comments, posts, etc. – Employee data (name, address and communication data, contractual master data and accounting data, date of birth, marital status, nationality, denomination, field of activity, social insurance status, wage tax data, social data, bank details, HR administration and management data, access and access control data).
4. Legal Basis and Purpose of Processing
We process your data exclusively on the basis of one or more of the possible legal bases for data processing. According to the GDPR, personal data may, in particular, be processed on the basis of a con-tract or for the implementation of pre-contractual measures, on the basis of your consent, on the basis of a legitimate interest or law and/or for the protection of vital or public interests. Registration is required for the provision of certain content or services on our website. All users can register with ShimlaGin.com free of charge, stating their given name, last name, email ad-dress and a password, whereby this registration data is transmitted to us. The collection and processing of this data takes place for the purpose of fulfilling the user agreement between us and the user pursuant to Art. 6.1.b GDPR. Where you have provided an email address in the course of registration or in connection with the performance of a contract, we also use this email address to send you information about similar goods or services as well as about existing subscriptions or about Shimla Gin Ltd. in general. In this case, the processing of the email address is based on our legitimate interest in the advertising our goods and services (Article 6.1.f GDPR). In addition, if you have issued your prior express consent for receiving a newsletter or advertizing materials, we will use your email address to send you our newsletter. In this case, we will process your email address in order to be able to deliver the newsletter as per your request (Art. 6.1.b GDPR).
You can object to the use of your email address by sending an email to firstname.lastname@example.org with effect for the future and without incurring any costs other than transmission costs according to the basic tariffs. Naturally, you can unsubscribe from the newsletter at any time in your user profile or by clicking on the unsubscribe link in the newsletter itself. On the internet, each device capable of transmitting data requires its own unique address, commonly known as an “IP address”. The (at least temporary) storage of the IP address is technically necessary to allow the website to be delivered to the user’s computer. We truncate IP addresses prior to processing them and carry out any further processing anonymously. We offer a comment function (forum) for registered users on our website, in connection with which additional personal data is stored. The same applies to any surveys in which the user chooses to participate. If you wish to post a comment, you will need to register in order to do so. You may use a pseudonym as your “username”. We collect and process the data provided by you to enable us to publish your comment as per your request (Article 6.1.b GDPR). In particular, we require your email address to be able to contact you in case of complaints regarding your comment and to give you the opportunity to respond (Article 6.1.c GDPR). In the case of processing activities not covered by one or more of the aforementioned legal bases, processing will take place only if it is necessary to safeguard a legitimate interest and if your interests, fundamental rights and fundamental freedoms do not override this legitimate interest in the context of a comprehensive balancing of interests (Article 6.1.f GDPR). A legitimate interest can be assumed if the data subject is a customer of the data controller. In relation to the processing of personal data, our legitimate interest consists, in particular, in conducting our business for the benefit of all of our employees and our shareholders. Our legitimate interest in offering you tailored products, notifying you about our products, innovations and quality features and continually improving our products and services forms the legal basis for any and all processing that takes place for the purpose of big data, direct marketing (own advertising and third-party advertising), usage-based online advertising, web/app analysis and lead scoring (combining different selection criteria to determine which adverts to show). For more information on web analysis services, see Section 9.
Our legitimate interest in fraud prevention, network and information security and the reliability of our services and/or products also constitute a legal basis for the processing of certain data. Another of our legitimate interests lies in the functionality of the business processes on the basis of which processing occurs for internal administrative purposes (e.g. address management/accounting). When processing the personal data of data subjects covered by our reporting, we also invoke our legitimate interest in exercising freedom of expression and information. You can object at any time to data processing that occurs on the basis of a legitimate interest (see Section 13). In the event that the data is processed for a purpose other than that specified in connection with the original data collection, a compatibility check will be carried out in accordance with Art. 6.4 GDPR. Further processing will only be permitted if the original purpose is compatible with the new purpose or is permitted on a separate legal basis. Recognized compatible purposes include the assertion, exercise or defense of civil law claims, insofar as the interest of the data subject does not override these purposes. In such cases, we will inform you of the new purpose. If the new purpose is incompatible with the purpose cited in connection with the original data collection, collection will be re-established on a new legal basis. In this case, too, we will inform you about the change of purpose.
5. Location of Processing
We do not transfer your personal data to countries outside the United Kingdom and the European Economic Area, except in cases where this is permitted under the GDPR. We have no knowledge of or influence over whether third parties with whom you have a separate contractual relationship (e.g. Facebook, if you have a Facebook account) transfer data to countries outside the European Economic Area. We sometimes process data in countries outside the European Economic Area (“EEA”). In order to ensure the protection of your personal rights in connection with these data transfers, we use the standard contractual clauses of the EU Commission to structure our contractual relationships with recipients in third countries in accordance with Art. 46.2.c GDPR. These are available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF at any time. Alternatively, you can download these documents from us using one of the con-tact methods below. In regards to the US, the European Commission decided, by means of a decision adopted on 12 July 2016, that an appropriate level of data protection is provided under the regulations of the EU-U.S. Privacy Shield (adequacy decision, Art. 45 GDPR). For more information – including the certification of the service providers we use – please visit https://www.privacyshield.gov . We only use US service providers who are certified under the EU-US Privacy Shield scheme.
6. Origin of the Data
7. Transfer of Your Data to Third Parties
We transmit your personal data to third parties only if this transmission is necessary in order to fulfill our contractual obligations towards you and it occurs in cooperation with another provider (e.g. a partnership), if we are legally entitled or obliged to make the transfer on any other grounds, or you have issued a corresponding consent. To enable us to provide our services, selected personal information may be shared with certain departments within our company. This includes employees in the accounting, product management, marketing and IT departments. In certain cases, we also use external service providers or affiliates who have been contracted by us to process data on our behalf. Such service providers are contractually obligated by us to adhere to the strict requirements of the GDPR in their role as a processor and may not re-use your data for any other purpose. Our contractors provide us with the following services: subscription management, content recommendations, hosting, survey and comment service(s), maintenance and support, and web and app analytics. The transfer of data to contract data processors takes place on the basis of Art. 28.1 GDPR or, alternatively, based on our legitimate interest in the economic and technical advantages associated with the use of specialist contract data processors pursuant to Art. 6.1.f GDPR. Insofar as we are legally obliged to do so, or if it is permitted under data protection law, we transfer personal data to authorities, e.g. the police or the public prosecution services (Art. 6.1.c GDPR). The disclosure of this data is based on our legitimate interest in the fight against abuse, the prosecution of crimes and the securing, assertion and enforcement of claims, It may only occur if your rights and interests in the protection of your personal data do not over-ride these interests pursuant to Art. 6.1.f GDPR.
8. Cookies and Similar Technologies
9. Google reCAPTCHA
10. Web / App Analysis Services
In order to improve our content on an ongoing basis, to adapt it to the interests of our users and to display usage-based online advertising, we use a number of services that collect and evaluate data on our website or in our app. Insofar as these service providers do not themselves constitute data controllers within the meaning of data protection law, they always process the pseudonymized user data according to the provisions of a contract data processing agreement. You can disable these individual analysis services at any time with effect for the future. The following paragraphs contain more information about the analysis services we use.
We have integrated functions of Google Analytics (including IP anonymization) into our Online Services. Google Analytics is a web analytics service and is designed to collect, compile and analyze data about the behavior of website visitors. Among other things, a web analytics service collects information about the referrer URL, the pages of the website that were accessed, and how often and for what length of time a page was viewed. Web analytics data is used primarily to optimize websites and for the cost-benefit analysis of internet advertising. The operator of Google Analytics is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. We use the anonymization function “ga (‘set’, ‘anonymizelp’, true)”, which prompts to Google to truncate and anonymize the user’s IP address if the access request comes from a Member State of the European Union or another Contracting Party to the Agreement on the European Economic Area. The purpose of Google Analytics is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate visitors’ use of our website, to com-pile reports for us about activity on our web pages and to provide other services related to the use of our website. Google Analytics places a cookie on the data subject’s computer system (for the definition of a cookie, please see above). Google can use the cookie-generated information to analyze your use of our website. Each time you visit any of the pages of our website into which a Google Analytics component has been incorporated, the internet browser on your computer system is automatically prompted by the respective Google Analytics component to submit the data to Google for online analysis. As part of this technical process, Google will become aware of personal data such as your IP address. This serves, among other things, to enable Google to track the origin of visitors and clicks and thus to reach subsequent commission settlements.
We have integrated components of DoubleClick by Google into this website. DoubleClick is a Google brand under which special online marketing solutions are marketed to advertising agencies and publishers. The operator of DoubleClick by Google is is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. DoubleClick by Google transmits data to the DoubleClick server with every impression, click, or other activity. Each of these data transfers triggers a cookie request to the data subject’s browser. If the browser accepts this request, DoubleClick sets a cookie on the data subject’s computer system (for the definition of a cookie, please see above). The purpose of the cookie is to optimize and display advertising. The cookie is used, among other things, to serve and display user-relevant advertisements as well as to generate reports on or optimize advertising campaigns. The cookie is used to avoid multiple impressions of the same advertising message. DoubleClick uses a cookie ID, which is necessary for the execution of the technical process. It is required, for example, to display an ad in a browser. DoubleClick can also use the cookie ID to see which ads have already appeared in a browser and thus to avoid avoid duplication. The cookie ID further enables DoubleClick to track conversions. A “conversion” is recorded when, for example, a user has previously been shown a DoubleClick ad and then makes a purchase on the advertiser’s site using the same internet browser. A DoubleClick cookie does not contain any personally identifiable information. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier identifies the campaigns with which the user has already come into contact. Each time you visit any of the pages of this website that are operated by us and into which a DoubleClick component has been integrated, the Internet browser on your computer system will be automatically prompted, by the respective DoubleClick component, to transmit the data to Google for the purpose of online advertising and calculating commission settlements. As part of this technical process, Google will gain knowledge of the data it uses to draw up commission settlements. Google learns, among other things, that you, as the data subject, have clicked on certain links on our website. As already described above, you can prevent the setting of cookies by our website at any time by adjusting the corresponding settings on your internet browser and thus objecting permanently to the setting of cookies. Adjusting the settings in this way will also prevent Google from set-ting a cookie on the computer system. In addition, cookies already set by Google can be deleted at any time via an internet browser or other software program. Further information and the respective data privacy guidelines of DoubleClick by Google can be viewed at https://policies.google.com/?hl=en.
11. Online Marketing and Internet Advertising
This website is marketed by Shimla Gin Ltd. As part of this process, advertising is optimized for you through the collection and processing of information about your usage behavior, and is aligned to your predicted interests. As a result, you, as a user and data subject, benefit by receiving advertising that is more in line with your interests. A cookie is stored on your computer to record your usage behavior, but does not enable you to be personally identified.
12. Social Networks
You can find us on the social networks of third party companies, such as Facebook or Twitter. We have also integrated certain functions of these networks into our Online Services; you can only use these if you are registered and logged in to the respective social network at the time. Please note that use of the social network is governed by the usage and privacy conditions of the respective third party company and that we have no influence over these. However, we are happy to provide some information about how such networks process your personal data in this regard.
13. External Links
Our website contains links referring to third party sites. Shimla Gin Ltd. has no influence over whether or not these website operators comply with data protection regulations.
14. Duration of Storage
We store personal data for only as long as we are entitled to do so and the purpose of processing remains in place. The respective statutory retention period applies in respect of the duration of storage of personal data. Once the period has expired, and insofar as is the corresponding data is no longer required to fulfill or initiate a contract, the data will be routinely deleted.
15. Contact Data and Your Rights as a Data Subject
If you have any questions or suggestions about privacy and the exercise of your rights as a data subject, you are welcome to contact our Data Protection Officer at any time: Shimla Gin Ltd., 352 Bearwood Rd, Smethwick, Birmingham, B66 4ET, England ; email: email@example.com.
Access and Rectification: At any time, and free of charge (a maximum of once per year), you can obtain information from us about whether or not personal data about you is being processed by us. You can also request specific details about the data being stored and obtain a copy of this stored data. You have the right to correct incorrect data and to have incomplete personal data completed.
Deletion, Restriction and the Right to be Forgotten You have the right to request the deletion of your personal data or the restriction of its processing. Please keep in mind that legal storage obligations exist in respect of (e.g.) paid contracts, such as the purchase of a subscription from Shimla Gin Ltd., and that we may not be able to delete your data fully anyway. In this case, your data will be marked with the aim of restricting its future processing.