In short, we inform you comprehensively about the data we process about you.
Scope of application
The responsible person
In accordance with the PIPA and the GDPR, we as the “Data Controller” need to provide our contact details. If you have any questions about data protection, you can contact us using the following:
Goliath Ecommerce, LLC
1165 N Clark Street
Chicago IL 60610
The legal bases, as set out in the PIPA and the GDPR, enable us to process personal information and we only process your data if at least one of the following applies:
You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a sales contract with you, we need personal information in advance.
If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal information.
In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal information. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.
It is a general requirement that we only store personal information for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal information as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes or statutory retention periods. Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, is necessary for the performance of the contract, you have consented, a legal obligation provides for this or on the basis of our legitimate interest (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called “processing agreement”.
You have the following rights to ensure that data is processed fairly and transparently. This includes:
- the right to information,
- the right to rectification,
- the right to erasure,
- the right to restriction of data processing,
- the right to data portability,
- the right to object to data processing,
- the right to revoke any consent you have given,
Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.
Processing of Personal Information
When you contact us and communicate by phone, e-mail or social media, personal information may be processed. The data is processed for the purpose of handling and processing your question and the related business transaction. The data will be stored for the same period of time or as long as required by law. The processing of data is based on the following legal grounds: Consent, Contract, and our Legitimate Interests.
c) Visiting our website
When you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically saves data such as
- the complete Internet address (URL) of the website you are visiting
- browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer URL)
- the host name and IP address of the device being accessed
- the date and time
- in files, the so-called web server log files
As a rule, the above data is stored for 14 days and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful behavior. The processing of personal information in the context of web hosting results from our legitimate interest.
To provide our website, we use the services of BigCommerce Pty. Ltd who process the above-mentioned data and all data to be processed in connection with the operation of our website on our behalf.
d) Shopping in our online shop
In our online shop we offer you two options for purchase processing the Creation of a customer account and placing an order as a guest. For both options, the data required for order and payment processing and fraud prevention are requested, marked as mandatory fields:
- Name, street, postcode, city, date of birth and e-mail address.
- if the delivery address is different, the name, street, postcode and town are requested separately.
- In addition, the user's IP address, the date and time of registration are stored (technical background data).
i) Creation of a customer account
If you decide to register in our shop, you have the advantage that you can view your order history and manage your master data, and your specified data will be stored for future order transactions. Once you have completed the registration process, your data is stored with us for use in the protected customer area. The online shop naturally offers you the possibility to make changes to your master data and to use the "My Account" function.
You can of course revoke your consent to the use of your account, your customer account in the shop will then be deactivated.
Please note: Your password will be stored in encrypted form. Employees of our company cannot read this password. Therefore, they cannot give you any information if you have forgotten your password. In this case, please use the "Forgotten password" function, which will send you an automatically generated new password by e-mail. No member of staff is authorised to ask you for your password by telephone or in writing. Therefore, please never give your password if you receive such requests.
ii) Carrying out a guest order
If you decide to place a guest order in our shop, no customer account will be created in our shop. If you place another order, you will have to enter your data again for order processing.
e) Payment systems
In our online shop you can choose between different payment methods. For this purpose, the respective payment-relevant data is collected in order to be able to carry out your order and payment processing. The data will be transmitted to our payment service providers for payment processing (currently Braintree is a service of PayPal and PayPal).
The payment systems we use, use SSL encryption to protect the transmission of your data. The legal basis for the data processing is contract, as the processing of the data is necessary for the performance of the contract. The transfer of data for payment processing as well as for fraud prevention and detection is based on our legitimate interest as well as for the fulfilment of the contractual relationship.
f) Data transfer to shipping service providers
In order to fulfil the contract, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. If you have given us your consent to do so during or after your order, we will pass on your e-mail address to the selected shipping service provider so that the shipping service provider can contact you before delivery for the purpose of delivery notification or coordination.
g) Rewards and Referral program
When you sign up for our Rewards and Referral program, we collect your sign-up contact information, redemption details, and loyalty program elections, redeem reward points, update your account. We use your information in order to perform our contractual obligations. For example, we use the information to allow you to earn and redeem rewards, points, or credits in connection with loyalty programs. We also have a legitimate interest in marketing to you and analyzing trends and patterns among our rewards members and your consent.
For this purpose, we also evaluate your browsing and purchasing behavior online on our and other web sites, social media pages (e.g., in the context of ads placed) in order to compile content relevant to you and, if applicable, credit you with loyalty points. This also includes the data of the Shop. In addition, we may use this data to address you individually, taking into account purchases already started or made. We therefore create a user profile to compile personalized content.
Finally, we also use your data to analyze and improve the effectiveness of our services. Your data will therefore be stored and used for market analysis and product information purposes. This also includes information you provide as part of promotions/campaigns.
Security and confidentiality
To ensure the security and confidentiality of the personal information we collect on the website, we use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your personal information, we take appropriate technical and organizational measures to protect your information from loss, misuse, unauthorized access, disclosure, alteration, or destruction and to ensure its availability.
Nonetheless, databases or data sets that include personal information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose personal information may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Transfer of personal information
We will not disclose or otherwise distribute your personal information to third parties unless this:
- is necessary for the performance of our services,
- you have consented to the disclosure,
- or the disclosure of data is permitted by relevant legal provisions.
However, we are entitled to outsource the processing of your personal information in whole or in part to external service providers acting as processors within the framework of the PIPA and GDPR. External service providers support us, for example, in the technical operation of the services,and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the PIPA and the GDPR responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organizational measures, and additional controls by us.
We may also disclose Personal information to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.
We maintain presences in the "social media". Insofar as we have control over the processing of your data, we ensure that they comply with applicable data protection regulations. However, you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).
In addition, we collect data for statistical purposes in order to be able to further develop and optimize the content and to make our online offer more attractive. The data required for this purpose (e.g., total number of page views, page activities and data provided by visitors, interactions) are processed and made available by the social networks. We have no influence on the generation and presentation of this data.
Further, your personal information is used by the providers of the social media, but also by us for market research, communication, and advertising purposes. It is possible, for example, that usage profiles are created based on your usage behavior and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that presumably correspond to your interests. The processing of your personal information by us is based on our legitimate interest.
Advertising and Marketing
We use the data you provide to fulfil and process our contract and to respond to your enquiries in or on the basis of your consent. Insofar as you have also given us your separate consent to process your data for consulting, marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe (or opt out).
Registration for our e-mail newsletter
If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory data for sending the newsletter is your e-mail address. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter once you have expressly confirmed that you consent to receiving newsletters. By activating the confirmation link, you give us your consent. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately. Our e-mail newsletters are sent via the technical service provider Omnisend.
We also use Google Inc.`s reCAPTCHA to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. The legal basis for the data processing is our legitimate interest in operating a secure and spam free website.
Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
Do Not Sell
We do not sell data to third parties.However, we might, making available, transfer, communicate electronically, consumer’s personally identifiable information by the business to a business affiliated inclusive with a third party but not for monetary but for other valuable consideration.
Personal information and children
The services available on our website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Links to other websites
The website may contain links to another website. We have no control over the privacy practices or the content of those other website. Therefore, we recommend that you carefully read the respective privacy policies of these other website that you visit.
Because we’re always looking for new and innovative ways to improve our website and services, this policy may change over time. We will notify you before any material changes take effect so that you have time to review the changes.
Who should I contact for more information?
Goliath Ecommerce, LLC
1165 N Clark Street
Chicago IL 60610