1.1 On the 25th May 2018, the EU's General Data Protection Regulation [the GDPR] comes into force. The GDPR concerns the processing and storage of personal information. In the following you can read how Sinful.eu /Mcompany ApS collects and processes information concerning you.
2. WHICH PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSE, AND HOW WE PROCESS YOUR PERSONAL INFORMATION IN ACCORDANCE WITH APPLICABLE LAW
2.1 When you visit Sinful.eu, our system automatically collects information about you and your use of our website. The data registered by the system include information about which browser you use, which words, products and categories you search for, your IP address, network location and information about your computer, mobile or tablet, which makes it possible for us to improve your user experience and optimise Sinful.eu’s functions, and we use the information to be able to carry out relevant marketing activities. The legal basis for processing your data in connection with your visit at our website is to be found in the GDPR article 6, subsection 1, paragraph f.
2.2 When you sign up for direct marketing from Sinful.eu, e.g. Our Facebook page, newsletter, push notifications etc., we register your name, email address and other voluntary information that you provide in connection with signing up. The aim is to ensure that we can deliver relevant marketing to you. The legal basis for this is to be found in the GDPR article 6, subsection 1, paragraph f.
2.3 When you buy a product at Sinful.eu or communicate with us through our website, we register the information that you provide yourself, e.g. Your name, address, email address, phone number, payment method, delivery method, IP address, and which products you have bought and might have returned to us. This information is registered so that we can deliver the products you have ordered, and in order for us to be able to manage and observe your right to return and complain about a product. Information about your purchases through our website is also collected so that we can comply with legal requirements to bookkeeping and accounting records. We register your IP address, because Sinful.eu has an interest in preventing fraud. The legal basis for this is to be found in the GDPR article 6, subsection 1, paragraph b, c and f.
3. RECIPIENTS OF PERSONAL DATA
3.1 Sinful.eu entrusts information about your name, address, phone number, email address, order number and delivery choices to PostNord, DPD, DHL or any other carrier that handles the carriage and delivery of the items you buy from us. If you buy products that our out of stock at our warehouse, your details may in exceptional cases be passed on to the manufacturer who then will make sure the item in question is sent to you. Such information is exchanged between Sinful and the carrier through Consignor.
3.2 Since we use external partners for e.g. technical operation, website improvements, collection of permissions for sending newsletters, participation in competitions, pop ups, relevant marketing and rating of our company and products, information about your name and your email address may be entrusted with them.
We transfer information about your name and your email address to, inter alia, the following external collaborators established within the EU:
The above-mentioned companies carry the status of data processors who under our specific instructions process data that we are legally responsible for. All external partners that process personal data on our behalf have signed written data processing agreements with us in which they are subject to strict confidentiality. None of our external partners can use your personal information for any other purpose than to fulfil the agreement they have signed with us.
Some of our external data processors, e.g. Google Analytics of Google LLC, Facebook Inc., Klaviyo Inc., Magento Inc. and Zendesk Inc., are established outside the EU, i.e. the United States. The guarantee for the secure transfer of information from EU countries to the United States is secured through data processor's certification under the EU-U.S. Privacy Shield, cf. the GDPA article 45.
3.2.1 Find a copy of Google LLC's certification here:
3.2.2 Find a copy Facebook’s certification here:
3.2.3 Find a copy of Zendesk Inc.'s certification here:
3.2.4 Find a copy of Microsoft Corporation’s certification here:
3.2.5 Find a copy of Klaviyo certification here:
4. YOUR RIGHTS
4.1 For maximum transparency regarding our processing of your personal information, we as data controller must inform you about your rights.
4.2 Right of access
4.2.1 You have the right to at any time ask for access to the data we hold about you, which purposes your data serves, which categories of personal information we hold about you, who receives and processes the data, and from where our data about you is collected.
4.2.2 You have the right to have a copy of your personal information, which we have registered and processed, sent to your email. If you wish to receive such a copy, please send our customer service team a written request at firstname.lastname@example.org. We only send only personal information that relates directly to email address from which the request was made. In other words, you cannot ask for information related to a different email address than the one you use to contact us from.
4.3 Right to rectification
4.3.1 You have the right to have incorrect personal information about yourself corrected by us, so we do not use false information about you when you use the company's services. If you find that there is an error in the information we hold about you, please notify us aware via email to our customer service, so that we can correct the error.
4.4 Right to erasure
4.4.1 In certain cases, you have the right to have all or part of your personal information erased by us. This applies e.g. in cases where you withdraw your consent and we have no legal basis to continue processing your data. If it is necessary to continue the processing of your personal information, we are not obligated to erase the data we hold about you, this includes cases where we must comply with our legal obligations; so that legal claims can be determined, enforced or justified in connection with police investigations.
Personal information can only be erased retrospectively. Note that if you request to have your data erased, information will once again be collected about you if you decide to use our company’s services in the future.
4.5 Right to restriction of processing
4.5.1 In certain cases, you have the right to restrict the processing of your personal data to storage, if you believe that the information we process about you is incorrect.
4.6 Right to data portability
4.6.1 In certain cases, you have the right to receive a machine-readable copy of the personal data that you have given us yourself, and you have the right to transfer any personal data concerning yourself to another data controller.
4.7 Right to object
4.7.1 You have the right to object to our processing of your personal data for direct marketing purposes, including the profiling, segmentation and analysis that we carry out to be able to make our communication and marketing relevant to you.
4.7.2 You have the right to, on grounds related to your personal situation, object to our processing of your personal information, which we carry out on the basis of our legitimate interest cf. section 2.1 and 2.3.
4.8 Right to withdraw consent
4.8.1 You have the right to withdraw your consent to direct marketing, e.g. newsletters. If you wish to withdraw your consent, please write to us at email@example.com cf. section 4.2.2.
4.9 Right to lodge a complaint
4.9.1 You have the right to lodge a complaint to the supervisory authority of Denmark:
Borgergade 28, 5
1300 Copenhagen K
Regarding our company’s processing of your personal data. Your complaint must be filed either in writing via email to firstname.lastname@example.org or communicated by telephone at +45 33193200.
5. ERASURE OF PERSONAL DATA
5.1 Information collected about your use of Sinful.eu, your name, address, email, phone number, method of payment and delivery, IP address, which products you have purchased and may have returned to us,
which browser you are using, which words, products and categories you search for, your network location, information about your computer, mobile or tablet as well as your use of our services, such as our Facebook page, competitions, newsletters, push notifications, pop ups or similar cf. section 2.1, 2.2 and 2.3, shall after a total period of 2 years either be erased or only be available in anonymous form so that they cannot be traced back to you. It is understood that you during this period have not interacted with our company’s services, in other words that you have not visited our website, made purchases on our website, participated in our competitions, read or clicked on our emails, ads, pop ups etc.
5.2 The personal information that we have collected in connection with your use of Sinful.eu, i.e. your name, address. email address, phone number, payment and delivery method, IP address, which products you have purchased and may have returned to us, which browser you are using, which words, products and categories you search for, your network location, information about your computer, mobile or tablet as well as your use of our services like our Facebook page, competitions, newsletters, flow emails, push notifications, pop ups or similar, shall be erased or anonymised once your consent is withdrawn. Your personal data may, however, be stored for a longer period, if we believe we have a legitimate need to keep them in cases where it is necessary in order for legal claims to be determined, enforced or justified, or if storing your personal data is necessary to comply with legal requirements.
5.3 In general, the personal data we have collected in connection with your purchase at Sinful.eu shall be erased or anonymised, so that they cannot be traced back to you,3 years after the end of the calendar year in which you made the purchase. It is understood that you during this period have not interacted with our company’s services, in other words that you have not visited our website, made purchases at our webshop, participated in our competitions, read or clicked on our emails, push notifications, ads, pop ups etc. The data may, however, be stored for a longer period, if we believe we have a legitimate need to keep them in cases where it is necessary in order for legal claims to be determined, enforced or justified, or if storing your personal data is necessary to comply with legal requirements. The company’s financial records shall be stored for 5 years until the end of a financial year in accordance with the legal requirements of the Danish Bookkeeping Act.
6.1 Sinful.eu /Mcompany ApS has implemented all the recommended technical and organisational security measures to prevent accidental or unlawful destruction, loss, alteration, deterioration, abuse, unauthorised disclosure of or access to your personal information.
6.2 Only employees with a legitimate need to access your information to be able to perform their duties, shall have access to your personal data.
7. CONTACT DETAILS
7.1 Sinful.eu /Mcompany ApS data is data controller of the personal data collected via our website.
Sinful.eu /Mcompany ApS
Søren Nymarks Vej 1C
Telephone: +45 70777070