1.1 SINFUL ApS ("Sinful", "Sinful.eu", "our", "us", or "we") is the data controller of the personal information we have received from you. You will find our contact information in Section 7.
2. WHICH PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSE, AND HOW WE PROCESS YOUR PERSONAL INFORMATION IN ACCORDANCE WITH APPLICABLE LAW
2.1 When you visit Sinful.eu, our system automatically collects information about you and your use of our website. The data registered by the system include information about which browser you use, which words, products and categories you search for, your IP address, network location and information about your computer, mobile or tablet, which makes it possible for us to improve your user experience and optimise Sinful.eu’s functions, and we use the information to be able to carry out relevant marketing activities. The legal basis for processing your data in connection with your visit at our website is to be found in the GDPR article 6, subsection 1, paragraph f.
2.2 When you sign up for direct marketing from Sinful.eu, e.g. Our Facebook page, newsletter, push notifications etc., we register your name, email address and other voluntary information that you provide in connection with signing up. The aim is to ensure that we can deliver relevant marketing to you. The legal basis for this is to be found in the GDPR article 6, subsection 1, paragraph f.
2.3 When you buy a product at Sinful.eu or communicate with us through our website, we register the information that you provide yourself, e.g. Your name, address, email address, phone number, payment method, delivery method, IP address, and which products you have bought and might have returned to us. This information is registered so that we can deliver the products you have ordered, and in order for us to be able to manage and observe your right to return and complain about a product in accordance with the GDPR article 6, subsection 1, paragraph b. Information about your purchases through our website is also collected so that we can comply with legal requirements to bookkeeping and accounting records in accordance with the GDPR article 6, subsection 1, paragraph c. We register your IP address, because Sinful.eu has an interest in preventing fraud. The legal basis for this is to be found in the GDPR article 6, subsection 1, paragraph f.
2.4 When you enter into a collaboration agreement with us, we register the following information: your name, address, email address, phone number, delivery preferences, IP-address and the products you have received from us. The purpose of collecting and storing this data is to evaluate the potential collaboration agreement and to deliver the products you have requested to receive in accordance with the agreement. The information you give to us is processed in order to take action on your request prior to entering into a collaboration agreement in accordance with the GDPR article 6, subsection 1, paragraph b.
2.5 When you fill out a questionnaire, we register your name and email address as well as information regarding your sexual relations and health, if the questionnaire includes questions about such topics. The purpose of a questionnaire is to obtain information for a specific study. Thus the legal basis is to be found in the GDPR article 6, subsection 1, paragraph a and article 9, subsection 2, paragraph a.
3. RECIPIENTS OF PERSONAL DATA
3.1 Sinful.eu entrusts information about your name, address, phone number, email address, order number and delivery choices to PostNord, DPD, DHL or any other carrier that handles the carriage and delivery of the items you buy from us. If you buy products that our out of stock at our warehouse, your details may in exceptional cases be passed on to the manufacturer who then will make sure the item in question is sent to you. Such information is exchanged between Sinful and the carrier through Consignor.
3.2 Since we use external partners for e.g. technical operation, website improvements, collection of permissions for sending newsletters, participation in competitions, pop ups, relevant marketing and rating of our company and products, information about your name and your email address may be entrusted with them.
We transfer information about your name and your email address to, inter alia, the following external collaborators established within the EU:
Some of the above-mentioned companies carry the status of data processors who under our specific instructions process data that we are legally responsible for. All external partners that process personal data on our behalf have signed written data processing agreements with us in which they are subject to strict confidentiality. None of our external partners can use your personal information for any other purpose than to fulfil the agreement they have signed with us.
Some of our external data processors, e.g. Google Analytics of Google LLC, Klaviyo Inc., Magento Inc., Zendesk Inc., and Microsoft Corporation are established outside the EU, i.e. the United States. The guarantee for the secure transfer of information from EU countries to the United States is secured through data processor's certification under the EU-U.S. Privacy Shield, cf. the GDPR article 45.
3.2.1 Find a copy of Google LLC's certification here:
3.2.2 Find a copy of Zendesk Inc.'s certification here:
3.2.3 Find a copy of Microsoft Corporation’s certification here:
3.2.4 Find a copy of Klaviyo certification here:
3.2.5 Find a copy of SurveyMonkey certification here:
In addition, Facebook Inc. is located in the United States. Find a copy of Facebook’s certification here:
4. YOUR RIGHTS
4.1 For maximum transparency regarding our processing of your personal information, we as data controller must inform you about your rights.
4.2 Right of access
4.2.1 You have the right to at any time ask for access to the data we hold about you, which purposes your data serves, which categories of personal information we hold about you, who receives and processes the data, and from where our data about you is collected.
4.2.2 You have the right to have a copy of your personal information, which we have registered and processed, sent to your email. If you wish to receive such a copy, please send our customer service team a written request at email@example.com. We only send only personal information that relates directly to email address from which the request was made. In other words, you cannot ask for information related to a different email address than the one you use to contact us from.
4.3 Right to rectification
4.3.1 You have the right to have incorrect personal information about yourself corrected by us, so we do not use false information about you when you use the company's services. If you find that there is an error in the information we hold about you, please notify us aware via email to our customer service, so that we can correct the error.
4.4 Right to erasure
4.4.1 In certain cases, you have the right to have all or part of your personal information erased by us. This applies e.g. in cases where you withdraw your consent and we have no legal basis to continue processing your data. If it is necessary to continue the processing of your personal information, we are not obligated to erase the data we hold about you, this includes cases where we must comply with our legal obligations; so that legal claims can be determined, enforced or justified in connection with police investigations.
Personal information can only be erased retrospectively. Note that if you request to have your data erased, information will once again be collected about you if you decide to use our company’s services in the future.
4.5 Right to restriction of processing
4.5.1 In certain cases, you have the right to restrict the processing of your personal data to storage, if you believe that the information we process about you is incorrect.
4.6 Right to data portability
4.6.1 In certain cases, you have the right to receive a machine-readable copy of the personal data that you have given us yourself, and you have the right to transfer any personal data concerning yourself to another data controller.
4.7 Right to object
4.7.1 You have the right to object to our processing of your personal data for direct marketing purposes, including the profiling, segmentation and analysis that we carry out to be able to make our communication and marketing relevant to you.
4.7.2 You have the right to, on grounds related to your personal situation, object to our processing of your personal information, which we carry out on the basis of our legitimate interest cf. section 2.1 and 2.3.
4.8 Right to withdraw consent
4.8.1 You have the right to withdraw your consent to direct marketing, e.g. newsletters. If you wish to withdraw your consent, please write to us at firstname.lastname@example.org cf. section 4.2.2.
4.9 Right to lodge a complaint
4.9.1 You have the right to lodge a complaint to the supervisory authority of Denmark:
Borgergade 28, 5
1300 Copenhagen K
Regarding our company’s processing of your personal data. Your complaint must be filed either in writing via email to email@example.com or communicated by telephone at +45 33193200.
5. ERASURE OF PERSONAL DATA
5.1 Information collected about your use of Sinful.eu, cf. sections 2.1 and 2.2, shall after a total period of 2 years either be erased or only be available in anonymous form so that they cannot be traced back to you. It is understood that you during this period have not interacted with our company’s services, in other words that you have not visited our website, made purchases on our website, participated in our competitions, read or clicked on our emails, ads, pop ups etc.
5.2 The personal information that we have collected in connection with you signing up to our newsletter shall be erased within 2 years since we sent our last newsletter to you. Withdrawing your consent is a prerequisite for erasure.
5.3 In general, the personal data we have collected in connection with your purchase at Sinful.eu shall be erased or anonymised, so that they cannot be traced back to you, 5 years after the end of the calendar year in which you made the purchase. The data may, however, be stored for a longer period, if we believe we have a legitimate need to keep them.
5.4 The company’s financial records shall be stored for 5 years until the end of a financial year in accordance with the legal requirements of the Danish Bookkeeping Act.
5.5 The personal information we have collected upon your interaction with our customer service shall be erased after a total period of 2 years since you last contacted us.
5.6 The information we have collected in connection with collaboration agreements shall be erased within 2 years of our last interaction with you. If we have received a request for a sponsorship that has not been agreed to, the related information will be erased immediately.
5.7 The information we have collected in connection with a questionnaire shall be erased as soon as the survey period is over. The information will only be published in anonymous state, unless the respondent consents to the disclosure of their information. In that case the information shall be erased as soon as the questionnaire is no longer relevant.
6.1 SINFUL ApS has implemented all the recommended technical and organisational security measures to prevent accidental or unlawful destruction, loss, alteration, deterioration, abuse, unauthorised disclosure of or access to your personal information.
6.2 Only employees with a legitimate need to access your information to be able to perform their duties, shall have access to your personal data.
7. CONTACT DETAILS
7.1 SINFUL ApS is data controller of the personal data collected via our website.
Søren Nymarks Vej 1C
Telephone: +45 70777070