General Data Protection Regulation
TABLE OF CONTENTS
- 1: Who is the "Data Controller" ?
- 2: What categories of data are we dealing with?
- 3: How do we obtain and use your personal data?
- 4: Who has access to this data?
- 5: Where are your personal data processed?
- 6: How long do we keep your data?
- 7: How to access, update, delete your personal data?
1. Who is the "Data Controller" ?
For the purposes of the applicable regulation, the manager of Santi-shop is the Data Processing Controller for your data and the data Santi-shop collects.
2. What categories of data are we dealing with?
- Personal identification data: title, first name, last name, email address, anniversary date.
- Delivery data: delivery address, billing address, phone number.
- Order data: quantity, product name, payment method, delivery method.
- Site access data: ip address, time, page displayed, characteristics of the device/browser used to connect, duration of the connection etc.
- Data included in emails that you send to us.
3. How do we obtain and use your personal data?
We collect and process the personal data that you provide to us exclusively for the following purposes:
- the correct execution of the sales contract between you and Santi-shop until the delivery of your order
- the presentation, during the ordering process, of products that might be of interest to you
- the sending of tracking information about your order
- the sending of emails in relation with your actions on Santi-shop, with the changes of your voucher account, with your birthday
We collect and process login data exclusively for the following purposes:
- internal statistics on the use and visits of our website
- optimisation of the performance of our website (security, problem analysis, abuse blocking)
The emails you send us are treated as regular emails. They are not stored nor linked to your customer account in a database.
4. Who has access to this data?
Your personal data:
- Santi-shop: all the data.
- The subcontractor who packages and ships: your name, address, phone number, order contents, shipping method, email address and invoice if sent outside the EU.
- The subcontractor who sends parcel tracking emails: your name, address, phone number, shipping method, email address.
- Carriers: name, address, phone number, email address and invoice if sent outside the EU.
- Customs or other local authorities when applicable: all legal data present on the invoices.
- If necessary, the content of your email (without your name), that is to say your question, can be sent to our supplier or subcontractor if only him can provide an answer.
5. Where are your personal data processed?
Your data are stored and processed in Germany on virtual servers. A backup copy is kept in Luxembourg at the premises of Santi-shop. The data transferred to our subcontractors are processed by their servers, in Europe, under their responsibility in accordance with the GDPR.
6. How long do we keep your data?
- Your account is kept 2 years after your last identified login. If, after having contacted you by email, you do not respond/react within 10 days, your account will be deleted.
- Invoices and orders: 10 years in compliance with legal requirements.
- Detailed login data: 2 years plus current year.
- Statistical login data: indefinitely. The latter no longer contain any identifiable personal data.
- General emails: maximum one year.
- Email containing a sensitive medical question: the time to give you an answer.
- Email related to a conflictual case (i.e.: delivery or quality issue): one year after the settlement of the conflict or the last email exchanged on the subject.
7. How to access, update, delete your personal data?
This is only possible if your Santi-shop account exists. This is why we invite you to check and update it once a year.
- Your personal data: by logging into your Santi-shop account. To change a registered birth date, please contact us.
- Logging data: being anonymous this data can not be updated.
- Emails: no update possible, they will be deleted by Santi-shop.
You also have the right to portability of your personal data that you have entered in your account in a structured, commonly used and machine-readable format.