We always process your data in accordance with the statutory provisions, in particular the French Data Protection Act (DPA) and the General Data Protection Regulation (GDPR).
As a matter of principle, we only process personal data of our users to the extent that this is necessary for the provision of a functional website and our content and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
As the controller, ShopMyStuff operated (hereinafter “ShopMyStuff”, “we”, “us” or “our”) has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means.
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outwei
gh the first-mentioned interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned norms expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.
Should your data be passed on to other companies or subcontractors, this will only be done in compliance with the present data protection regulations and the statutory provisions as well as for the fulfilment of contractual obligations, e.g., the provider may possibly view corresponding statistical data.
We do not transfer your personal data to third parties outside the company without your express consent. External service providers who process data on our behalf are contractually obliged to do so. In particular, these service providers are prohibited from using your data for purposes other than those for which it was originally provided.
We will only provide third parties with data that goes beyond the data provided by you, in particular data that you have provided to us for internal purposes for the pure processing of contracts, in the event of a corresponding legal obligation or in order to safeguard legitimate interests.
Due to legal requirements, we may be obliged to store your data beyond the period of your use of our website - in particular for tax purposes. However, we will only ever store data to the extent necessary, taking into account the legal requirements.
Your data is processed on servers located in the UK and thus within the scope of the EU data protection level. However, we would like to point out possible exceptions according to the DPA and the GDPR.
Log files During a simple website visit, we only store access data in so-called server log files. This is data which is provided by your browser, and which is not personally identifiable, namely:
Operating system used
Referrer URL (the previously visited page)
Websites accessed by the user's system via our website
the user's internet service provider
Host name of the accessing device (IP address)
time and date of the server request.
We are not able to assign this data to specific persons. We do not combine this data with other data sources and the data is deleted after statistical evaluation. For this purpose, the accesses of the users to our website is stored in the server log files, including the IP address. These log files are processed monthly for statistical purposes using analysis software and then deleted. It is not possible to draw conclusions about a specific person when we use the data.
The processing of this data is based on Art. 6 (1) f GDPR. The legitimate interests arise, on the one hand, from the need to display and optimise the contents of the website in a technically correct manner. Furthermore, the collection is necessary to ensure the functionality of the website in the event of attacks by third parties and to enable the prosecution of such attacks.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
Some functions of our website ask the visitor to provide personal data such as name, e-mail or postal address. Names and details can be provided here voluntarily. The processing is preceded by the user's consent to this, Art. 6(1)(a) GDPR, or is carried out on a voluntary basis.
The processing of the aforementioned data is also based on Art. 6 (1) (b) GDPR. This is necessary for the purpose of contacting you to initiate a contract, the fulfilment of a possible contract or the implementation of other pre-contractual measures. If there is a legal obligation that requires the processing of personal data, such as for the performance of tax obligations, the basis for the processing is Article 6 (1) (c) of the GDPR.
The legal basis for the processing of the data is Art. 6 (1) (a) GDPR as the user has given his consent. The legal basis for the processing of data transmitted in the course of sending the contact form is Art. 6 (1) f GDPR. If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. The user has the option of revoking his or her consent to the processing of personal data at any time by contacting us. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
On our website, offer users the opportunity to register by providing personal data (username, name and email address). The data is entered in an input mask and transmitted to us and stored. The data will not be passed on to third parties. Within the scope of registration, the data that is required for the purpose pursued with the registration is collected.
As part of the registration process, the user's consent to the processing of this data is obtained. The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 lit. a GDPR. If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.
Registration is necessary for the provision of certain content and services and, if applicable, for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. As a user, you have the option of cancelling your registration at any time. You can have the data stored about you changed at any time.
Third-party Connect features such as Facebook Connect, and Google are offered as an option to register with us. When registering via connect functions of third-party providers, you agree to the respective terms and conditions of these third-party providers and also consent to certain data from your respective profile of being transferred to us.
We process the data of our users in order to enable them to select, purchase or commission the selected good and services. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information.
Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organizational procedures, administration, and response to requests, visit action evaluation, interest-based and behavioural marketing. And, the Legal bases are Contractual performance and pre-contractual inquiries, Legal obligation, and our Legitimate interests.
We process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are Article 6 (1) (c) GDPR, Article 6 (1) (f) GDPR. Users, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.
In this context, we disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.
Furthermore, based on our business interests, we store information on suppliers and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.
On our website you can choose between different payment methods. For this purpose, the respective payment-relevant data is collected in order to be able to carry out your order and payment processing. In addition, your IP address is processed due to technical necessity and for legal protection.
Certain personal data, see mandatory data, are required for the fulfilment of the contract. Without this data, we will unfortunately have to refuse to conclude the contract, as we will then not be able to carry it out. The data will be transmitted accordingly to our payment service providers for payment processing. The payment systems we use SSL encryption to protect the transmission of your data.
On our website, users are given the opportunity to subscribe to our newsletter. In principle, our newsletter can only be received by the data subject if he or she registers for the newsletter mailing. For legal reasons, a confirmation email is sent to the email address entered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address as the data subject has authorised the receipt of the newsletter.
When registering for the newsletter, we also store the IP address of the device used by the data subject at the time of registration as well as the date and time of registration, which is assigned by the Internet service provider (ISP). The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later date and therefore serves our legal protection.
The personal data collected in the context of a registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes to the technical circumstances.
The processing of your e-mail address is thus based exclusively on your consent (Art. 6 para. 1 p. 1 lit. a) GDPR). You can revoke this consent at any time. An informal communication by e-mail to us is sufficient for this purpose. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
We use the data you provide to fulfil and process our contract and to respond to your enquiries in accordance with Art. 6 (1) (b) GDPR or on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Insofar as you have also given us separate consent to process your data for consulting, and advertising purposes, ShopMyStuff is entitled to contact you for these purposes via the communication channels you have ticked in this consent.
We secure our websites and the systems connected to them by technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons.
You should always treat your access information confidentially and close the browser window when you have finished using it, especially if you share the device with others, in order to prevent misuse of your account.
We are not liable for the content of other providers that can be reached via the hyperlinks on our websites. Links on our website refer to content that is not stored on our own servers. External content was checked for illegality and criminal liability when links were set. Nevertheless, it cannot be ruled out that content is subsequently changed by providers.
We use "Google reCAPTCHA" on our website. The provider is Google Inc. The purpose of reCAPTCHA is to check whether the data input on our websites is made by a human being or by an automated programme, and reCAPTCHA also protects our users from SPAM when using the message function. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. We have a legitimate interest in protecting our offers from abusive automated spying and our users from SPAM.
Social Media Presences
We maintain online presences on the basis of our legitimate interests. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.
Social Media Plugins
Social media plugins normally result in every visitor to a page being immediately recorded by these services with their IP address and their further browsing behaviour being logged. This can happen even if you do not click the button.
To prevent this, we use the Shariff method. This means that our social media buttons only establish direct contact between the social network and you when you click on the respective share button. If you are already logged in to a social network, this is done without another window for Facebook and Google+. On Twitter, a pop-up window appears in which you can still edit the text of the tweet.
You can thus publish our content on social networks without them being able to create complete surf profiles. The Shariff method is already used by many web sites to protect their users.
But at the latest when you call up the social media platform, your data will be processed there. The social media platform will usually store cookies on your device or even save your usage behaviour to your account, especially if you are logged in yourself. The social media platform can use your data to analyse your user behaviour and use it for (interest-based) advertising. This may result in advertisements being displayed to you inside and outside the social media platform.
Social Media Links
We refer to our offered social media presences with links. Unlike social media plugins, links do not lead to the social media platform finding out about your visit when you call up our site. However, like any link, they will lead to your data being processed by the social media platform at the latest when you click on the link. As a rule, the social media platform will save cookies on your device or even save your usage behaviour to your account, especially if you are logged in yourself. The social media platform can use your data to analyse your user behaviour and use it for (interest-based) advertising. This may result in advertisements being displayed to you inside and outside the social media platform.
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Commission Nationale de l’Informatique et des Libertés (CNIL) website (www.cnil.fr).
information about the processing of your personal data.
obtain access to the personal data held about you.
ask for incorrect, inaccurate or incomplete personal data to be corrected.
request that personal data be erased when it’s no longer needed or if processing it is unlawful.
object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
request the restriction of the processing of your personal data in specific cases.
receive your personal data in a machine-readable format and send it to another controller (‘data portability’).
request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
You also have the right in this case to express your point of view and to contest the decision
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it.
We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the CNIL, their contact details can be found on their website (www.cnil.fr).
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of t data subject access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.
You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
To ensure the security and confidentiality of the personal data we collect on the Website, we use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your personal information, we take appropriate technical and organisational measures to protect your information from loss, misuse, unauthorised access, disclosure, alteration or destruction and to ensure its availability.