Privacy Policy
1. General information
This privacy policy specifies the purposes of the processing of your personal data when visiting my website and using its services. You will also be informed about the legal basis for the processing; where applicable, my legitimate interests pursued by the processing; and the recipients or categories of recipients of your personal data, where applicable.
In addition, I inform you about:
How long your personal data will be stored
Your rights as the data subject and how to exercise them (see also section VI.)
In case that you have given me your explicit consent to process your personal data, the existence of the right to withdraw that consent at any time
The right to lodge a complaint with a supervisory authority
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data
Changes to my privacy policy
I keep my privacy policy under regular review and place any updates on this website. This privacy policy was last updated on 16 March 2022.
2. Controller of your personal data
I am the controller of your personal data as per the EU General Data Protection Regulation (EU GDPR). Hence, I shall determine the purposes and means of the processing of your personal data. My contact details are as follows:
Name: Hamid Sulaiman
E-mail: info@hamidsulaiman.com
3. Personal data processed when visiting my website or shop
3.1 Usage and traffic data
When you visit my website and the shop, personal data transmitted by your browser will be automatically processed in order to render my website. Some personal data are stored in the server logfiles.
Categories of personal data:
- Browser type and version
- Operating system
- Referrer URL
- Hostname
- Timestamp
- IP-address
Period saved for: Usually 6 months at the most.
Legal basis: Article 6 (1) f) of the EU GDPR. I have a legitimate interest in the security and performance of rendering our website.
3.2 Cookies
Cookies are small blocks of data which are stored on your device when browsing my website. The cookies I use are strictly necessary for the security and functionality of our website. You can instruct your browser to refuse all cookies. In that case, party of my website will no longer be accessible to you.
The following cookies are stored on your device:
Name | Domain | Type | Purpose | Period saved for |
---|---|---|---|---|
pll_language | .hamidsulaiman.com | Strictly necessary | Translate sites to different languages | 1 year |
sib_cuid | .hamidsulaiman.com | Strictly necessary | To subscribe to the newsletter. | 6 months |
e-mail_id | .hamidsulaiman.com | Strictly necessary | To process your order and contact you. | 2 days |
wp_woocommerce_session_… | .hamidsulaiman.com | Strictly necessary | This cookie contains information identifying the customer and session expiration time. For guest shoppers this a randomly generated cryptographically strong ID. | 3 days |
woocommerce_cart_hash | .hamidsulaiman.com | Strictly necessary | Render the shop functionality | Session |
woocommerce_items_in_cart | .hamidsulaiman.com | Strictly necessary | Records if there are any items in the shopping cart. | Session |
woolentor_already_views_count_product | .hamidsulaiman.com | Strictly necessary | Render the shop functionality | Session |
woolentor_viewed_products_list | .hamidsulaiman.com | Strictly necessary | Render the shop functionality | 5 days |
__stripe_mid | .hamidsulaiman.com | Strictly necessary | To process payments for my shop. | 1 day |
__stripe_sid | .hamidsulaiman.com | Strictly necessary | To process payments for my shop. | 1 day |
Legal basis: Article 5 (3) ePrivacy Directive in conjunction with Article 6 (1) f) of the EU GDPR. I have a legitimate interest in the security and performance of rendering my website.
3.3 Online Shop
hen visiting my shop, I will process the access data, server log files, and cookies that accrue in this context to provide you with our website and the contents and functions called up by you and to ensure stability and safety for our IT systems and databases.
Legal basis: The legal basis for this data processing are Article 6 (1) b) of the EU GDPR (see next section), Article 6 (1) f) of the EU GDPR (weighing of interests based on our above-mentioned legitimate interests), and Article 6 (1) a) of the EU GDPR as soon as you have given your consent when finalizing your order.
3.4 Contract Performance
I process your data in order to perform the contracts that we have concluded with you and to render the services you have requested. The purposes are based primarily on the specific contract contents or purpose of the services you have requested. You may find further details on the purposes of processing in the respective contract documents and terms and conditions, for example in my General Terms and Conditions. The main purpose of processing your data within the confines of contract performance is the purchase of products in my online shop.
Legal basis: The legal basis for this type of data processing is Article 6 (1) b) of the EU GDPR (performance of a contract and taking of steps prior to entering into a contract).
3.5 Payment Processing
The data necessary for payment processing (e.g. direct debit or credit card data) will be passed on to the respective payment service provider. Some of the payment service providers will collect such data on their own authority, in which case their respective privacy notices will apply.
The transmission of your data to external payment service providers is based on Article 6 (1) b) of the EU GDPR (contract performance).
The processing of personal and payment data follows security measures in accordance with Article 32 EU GDPR (Security of processing), especially:
• SSL and TLS encryption
• Encrypted payment transactions
3.5.1 Credit Card / Stripe
On my website, I offer credit card payment via Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland , (hereinafter “Stripe”). If you choose to pay via Stripe, the payment details you enter will be sent to Stripe.
The transfer of your data to Stripe is based on Art. 6 (1) a) of the EU GDPR (consent); Art. 6 (1) b) of the EU GDPR (processing to fulfil a contract); and Article 6 (1) c) of the EU GDPR in conjunction with the corresponding provisions of EU Directive 2015/2366 (PSD 2).
Data processing by Stripe takes place in the EU. Data transfer to third countries can potentially occur in cases where the banks involved (firstly, the card-issuing bank – the issuer – and secondly the merchant’s bank that accepts credit cards – the acquirer) are located in third countries. This transmission is permitted under Art. 49 GDPR.
You have the option to revoke your consent to data processing at any time. A revocation has no effect on the effectiveness of past data processing operations.
If you choose to pay by credit card in the check-out process, your credit card company may carry out a two-factor risk/authentication check. In the first step, the following data will be sent to the credit card company:
• Your name (title, first name, surname),
• Your billing address,
• Your e-mail address,
• Delivery address if different to billing address.
If the transmitted data indicates discrepancies that could indicate an increased risk, a second check level may follow, in which case additional interaction with the cardholder is required (request of a second factor, such as a password or PIN entry).
More information on how Stripe processes your personal data can be found in their Stripe Privacy Policy.
4. Personal data that you provide yourself
4.1 Sending emails
When you send me an email to contact me, I will process personal data of yours.
Categories of personal data processed:
Email address
Any personal data you submit within your email.
Period saved for: I delete this data when you delete your user account.
Legal basis: Article 6 (1) b) of the EU GDPR.
4.2 Newsletter
If you subscribe to my newsletter, I will process your personal data to send you regular mailings until you end your subscription.
Categories of personal data processed:
First name
Last name
- Email address
5. Who else may receive your personal data?
I only pass your personal data on to third parties when this is required to fulfil my business purposes; when you have given your consent to this; or when we I am obliged to on legal grounds, by court order, or at the request of another official authority.
5.1 Service providers
In cases where I use the services of external service providers in order to render my service, transmitting your personal data for processing by the service provider is usually carried out on the basis of a data processing agreement, whereby I remain the controller of the data processing. I review each of these service providers beforehand and during the contractual arrangement as stipulated by Article 28 (1) EU GDPR.
Categories of service providers that may receive your personal data:
Public authorities and courts
Technical service providers
Hosting providers
E-mail sending providers
- Delivery service providers
- Payment service providers
5.2 Third countries
Your personal data may be transferred to (non-EU) third countries. This however shall always take place in compliance with the admissibility requirements as regulated by EU GDPR and other applicable laws and regulations.
In cases where the transfer of your personal data to a third country
does not serve the fulfilment of contractual obligations,
we have not received consent from you,
the transfer is not necessary for the establishment, exercise or defence of legal claims, and no other exemption clause applies,
I shall only transfer your personal when an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR are in place.
In general, I provide for appropriate safeguards by standard contractual clauses as decreed by the European Commission with the recipient body pursuant to Article 46 of the EU GDPR, as well as an adequate level of data protection.
6. Your rights
With regards of our processing of your personal data, you can (informally) exercise the following rights:
Right to object: You have the right to file an objection at any time to any processing of your personal data pursuant to Article 6 (1) f) EU GDPR (to our legitimate interest in the processing).
Newsletter: If I process your personal data for direct marketing and newsletter purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. You can unsubscribe in your emails by clicking on the link provided at the end of the messages, or by simply contacting us.
Right of access: You can request to receive clear and transparent access to information regarding the processing of your personal data.
Right to rectification: You have the right to demand that we correct any of your personal data that is incorrect and complete any personal data that is incomplete.
Right to erasure: In certain cases we are obliged to delete your personal data once you have requested this.
Right to restriction of processing: In certain cases you can demand that restrictions be placed on the processing of your personal data.
Right to data portability: Any data disclosure report you’ve requested can also be sent to third parties.
Right to withdraw consent: You can withdraw any consent you have given to data processing at any time.
Right to lodge a complaint: You have the option of submitting an official complaint to the supervisory authority. The supervisory authority responsible for our company is: https://www.cnil.fr/fr/plaintes
If you feel that the processing of your personal data infringes upon the EU GDPR, you have the right to lodge a complaint with the supervisory authority in your regular place of residence, your place of work, or alleged place of infringement. Further information about the complaints procedure is available in Article 77 of the EU GDPR.