Privacy Policy

1. General information

This privacy policy specifies the purposes of the processing of your personal data when visiting my website and using its services. You will also be informed about the legal basis for the processing; where applicable, my legitimate interests pursued by the processing; and the recipients or categories of recipients of your personal data, where applicable.

In addition, I inform you about:

  • How long your personal data will be stored

  • Your rights as the data subject and how to exercise them (see also section VI.)

  • In case that you have given me your explicit consent to process your personal data, the existence of the right to withdraw that consent at any time

  • The right to lodge a complaint with a supervisory authority

  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data

Changes to my privacy policy

I keep my privacy policy under regular review and place any updates on this website. This privacy policy was last updated on 16 March 2022.

2. Controller of your personal data

I am the controller of your personal data as per the EU General Data Protection Regulation (EU GDPR). Hence, I shall determine the purposes and means of the processing of your personal data. My contact details are as follows:

Name: Hamid Sulaiman

E-mail: info@hamidsulaiman.com

3. Personal data processed when visiting my website or shop

3.1 Usage and traffic data

When you visit my website and the shop, personal data transmitted by your browser will be automatically processed in order to render my website. Some personal data are stored in the server logfiles.

Categories of personal data:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname
  • Timestamp
  • IP-address

Period saved for: Usually 6 months at the most.

Legal basis: Article 6 (1) f) of the EU GDPR. I have a legitimate interest in the security and performance of rendering our website.

3.2 Cookies

Cookies are small blocks of data which are stored on your device when browsing my website. The cookies I use are strictly necessary for the security and functionality of our website. You can instruct your browser to refuse all cookies. In that case, party of my website will no longer be accessible to you.

The following cookies are stored on your device:

Name Domain Type Purpose Period saved for
pll_language .hamidsulaiman.com Strictly necessary Translate sites to different languages 1 year
sib_cuid .hamidsulaiman.com Strictly necessary To subscribe to the newsletter. 6 months
e-mail_id .hamidsulaiman.com Strictly necessary To process your order and contact you. 2 days
wp_woocommerce_session_… .hamidsulaiman.com Strictly necessary This cookie contains information identifying the customer and session expiration time. For guest shoppers this a randomly generated cryptographically strong ID. 3 days
woocommerce_cart_hash .hamidsulaiman.com Strictly necessary Render the shop functionality Session
woocommerce_items_in_cart .hamidsulaiman.com Strictly necessary Records if there are any items in the shopping cart. Session
woolentor_already_views_count_product .hamidsulaiman.com Strictly necessary Render the shop functionality Session
woolentor_viewed_products_list .hamidsulaiman.com Strictly necessary Render the shop functionality 5 days
__stripe_mid .hamidsulaiman.com Strictly necessary To process payments for my shop. 1 day
__stripe_sid .hamidsulaiman.com Strictly necessary To process payments for my shop. 1 day

 

Legal basis: Article 5 (3) ePrivacy Directive in conjunction with Article 6 (1) f) of the EU GDPR. I have a legitimate interest in the security and performance of rendering my website.

3.3 Online Shop

hen visiting my shop, I will process the access data, server log files, and cookies that accrue in this context to provide you with our website and the contents and functions called up by you and to ensure stability and safety for our IT systems and databases.

Legal basis: The legal basis for this data processing are Article 6 (1) b) of the EU GDPR (see next section), Article 6 (1) f) of the EU GDPR (weighing of interests based on our above-mentioned legitimate interests), and Article 6 (1) a) of the EU GDPR as soon as you have given your consent when finalizing your order.

3.4 Contract Performance

I process your data in order to perform the contracts that we have concluded with you and to render the services you have requested. The purposes are based primarily on the specific contract contents or purpose of the services you have requested. You may find further details on the purposes of processing in the respective contract documents and terms and conditions, for example in my General Terms and Conditions. The main purpose of processing your data within the confines of contract performance is the purchase of products in my online shop.

Legal basis: The legal basis for this type of data processing is Article 6 (1) b) of the EU GDPR (performance of a contract and taking of steps prior to entering into a contract).

3.5 Payment Processing

The data necessary for payment processing (e.g. direct debit or credit card data) will be passed on to the respective payment service provider. Some of the payment service providers will collect such data on their own authority, in which case their respective privacy notices will apply.

The transmission of your data to external payment service providers is based on Article 6 (1) b) of the EU GDPR (contract performance).

The processing of personal and payment data follows security measures in accordance with Article 32 EU GDPR (Security of processing), especially:
    • SSL and TLS encryption
    • Encrypted payment transactions

3.5.1 Credit Card / Stripe

On my website, I offer credit card payment via Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland , (hereinafter “Stripe”). If you choose to pay via Stripe, the payment details you enter will be sent to Stripe.

The transfer of your data to Stripe is based on Art. 6 (1) a) of the EU GDPR (consent); Art. 6 (1) b) of the EU GDPR (processing to fulfil a contract); and Article 6 (1) c) of the EU GDPR in conjunction with the corresponding provisions of EU Directive 2015/2366 (PSD 2).

Data processing by Stripe takes place in the EU. Data transfer to third countries can potentially occur in cases where the banks involved (firstly, the card-issuing bank – the issuer – and secondly the merchant’s bank that accepts credit cards – the acquirer) are located in third countries. This transmission is permitted under Art. 49 GDPR.

You have the option to revoke your consent to data processing at any time. A revocation has no effect on the effectiveness of past data processing operations.

If you choose to pay by credit card in the check-out process, your credit card company may carry out a two-factor risk/authentication check. In the first step, the following data will be sent to the credit card company:

    • Your name (title, first name, surname),
    • Your billing address,
    • Your e-mail address,
    • Delivery address if different to billing address.

If the transmitted data indicates discrepancies that could indicate an increased risk, a second check level may follow, in which case additional interaction with the cardholder is required (request of a second factor, such as a password or PIN entry).

More information on how Stripe processes your personal data can be found in their Stripe Privacy Policy.

4. Personal data that you provide yourself

4.1 Sending emails

When you send me an email to contact me, I will process personal data of yours.

Categories of personal data processed:

  • Email address

  • Any personal data you submit within your email.

Period saved for: I delete this data when you delete your user account.

Legal basis: Article 6 (1) b) of the EU GDPR.

4.2 Newsletter

If you subscribe to my newsletter, I will process your personal data to send you regular mailings until you end your subscription.

Categories of personal data processed:

  • First name

  • Last name

  • Email address
 
Period saved for: I will delete your personal data when you unsubscribe.
 
Legal basis: Article 16 (1) ePrivacy Regulation in conjunction with Articles 4 (2) and 7 of the EU GDPR. Where you have given explicit consent, you can revoke your consent at any time. This can be done by unsubscribing from the mailing list via the respective links in the emails (see also section VI).

5. Who else may receive your personal data?

I only pass your personal data on to third parties when this is required to fulfil my business purposes; when you have given your consent to this; or when we I am obliged to on legal grounds, by court order, or at the request of another official authority.

5.1 Service providers

In cases where I use the services of external service providers in order to render my service, transmitting your personal data for processing by the service provider is usually carried out on the basis of a data processing agreement, whereby I remain the controller of the data processing. I review each of these service providers beforehand and during the contractual arrangement as stipulated by Article 28 (1) EU GDPR.

Categories of service providers that may receive your personal data:

  • Public authorities and courts

  • Technical service providers

  • Hosting providers

  • E-mail sending providers

  • Delivery service providers
  • Payment service providers

5.2 Third countries

Your personal data may be transferred to (non-EU) third countries. This however shall always take place in compliance with the admissibility requirements as regulated by EU GDPR and other applicable laws and regulations.

In cases where the transfer of your personal data to a third country

  • does not serve the fulfilment of contractual obligations,

  • we have not received consent from you,

  • the transfer is not necessary for the establishment, exercise or defence of legal claims, and no other exemption clause applies,

I shall only transfer your personal when an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR are in place.

In general, I provide for appropriate safeguards by standard contractual clauses as decreed by the European Commission with the recipient body pursuant to Article 46 of the EU GDPR, as well as an adequate level of data protection.

6. Your rights

With regards of our processing of your personal data, you can (informally) exercise the following rights:

  • Right to object: You have the right to file an objection at any time to any processing of your personal data pursuant to Article 6 (1) f) EU GDPR (to our legitimate interest in the processing).

    • Newsletter: If I process your personal data for direct marketing and newsletter purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. You can unsubscribe in your emails by clicking on the link provided at the end of the messages, or by simply contacting us.

  • Right of access: You can request to receive clear and transparent access to information regarding the processing of your personal data.

  • Right to rectification: You have the right to demand that we correct any of your personal data that is incorrect and complete any personal data that is incomplete.

  • Right to erasure: In certain cases we are obliged to delete your personal data once you have requested this.

  • Right to restriction of processing: In certain cases you can demand that restrictions be placed on the processing of your personal data.

  • Right to data portability: Any data disclosure report you’ve requested can also be sent to third parties.

  • Right to withdraw consent: You can withdraw any consent you have given to data processing at any time.

  • Right to lodge a complaint: You have the option of submitting an official complaint to the supervisory authority. The supervisory authority responsible for our company is: https://www.cnil.fr/fr/plaintes

If you feel that the processing of your personal data infringes upon the EU GDPR, you have the right to lodge a complaint with the supervisory authority in your regular place of residence, your place of work, or alleged place of infringement. Further information about the complaints procedure is available in Article 77 of the EU GDPR.