Privacy policy

 

Deutsche Version der Datenschutzerklärung - hier klicken

General notes

This privacy policy contains detailed information about what happens to your personal data when you visit our website www.JustFitteds.com. Personal data is any data with which you can personally identify yourself. We strictly adhere to the legal provisions when processing your data, in particular the General Data Protection Regulation ("GDPR"), and attach great importance to ensuring that your visit to our website is absolutely secure.

Responsible entity 

Responsible under data protection law for the collection and processing of personal data on this website is:

First name, last name: Ramin Arzanesh
Street, number: Feldstraße 31
Postal code, city: 20357 Hamburg
Country: Germany

E-mail: info@justfitteds.com
Tel.: +49 040 43280888

 

Access data (server log files)

When you access our website, we automatically collect and store in so-called server log files access data that your browser automatically transmits to us. These are:

  • Browser type and browser version of your PC
  • operating system used by your PC
  • Referrer URL (source/reference from which you came to our website)
  • Host name of the accessing computer
  • Date and time of the server request
  • the IP address currently used by your PC (if applicable, in anonymized form) As a rule, it is not possible for us to make a personal reference, nor is this intended. 

The Processing of such data is carried out in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interest in improving the stability and functionality of our website.

Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your terminal device. Cookies cannot execute programs or transfer viruses to your computer system.

Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested are stored on the basis of Art. 6 (1) lit. f DSGVO. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy.

Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.

 

  1. Web analytics tools and advertising

 1.1 Meta Pixel (formerly Facebook Pixel)

Our website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

In this way, the behavior of page visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data usage policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data may be prohibited by usas the site operator are not influenced.

The use of Facebook Pixel is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) lit. a DSGVO; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find more information about protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.

You can also disable the Custom Audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/ preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

 

1.2 Facebook Conversions API

We use Facebook Conversions API on our website, a server-side event tracking tool. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region. Facebook also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

Facebook uses so-called standard contractual clauses (= Art. 46.para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates prepared by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission.

You can find the decision and the corresponding standard contractual clauses here, among other places

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

Facebook's data processing terms and conditions, which comply with the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

You can learn more about the data processed through the use of Facebook Conversions API in the Privacy Policy at https://www.facebook.com/about/privacy.

 

1.2 Facebook Custom Audiences

We use Facebook Custom Audiences on our website, a server-side event tracking tool. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

Facebook also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

Facebook uses so-called standard contractual clauses (= Art. 46.para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates prepared by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission.

You can find the decision and the corresponding standard contractual clauses here, among other places:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

Facebook's data processing terms and conditions, which comply with the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

You can learn more about the data processed through the use of Facebook Custom Audiences in the Privacy Policy at https://www.facebook.com/about/privacy.

 

Newsletter

 If you have expressly consented, we will send our newsletter to your e-mail address on a regular basis. To receive our newsletter, you must provide us with your e-mail address and then verify it. Supplementary data is not collected or is voluntary. The data is used exclusively for sending the newsletter.

The data provided during the newsletter registration will be processed exclusively on the basis of your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. A revocation of your already given consent is possible at any time. For the revocation, an informal message by e-mail or you unsubscribe via the "unsubscribe" link in the newsletter is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

Data entered to set up the subscription will be deleted in the event of unsubscription. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.

 

Contact form

 If you contact us by e-mail or via a contact form, transmitted data including your contact information will be stored in order to process your request or to be available for follow-up questions. This data will not be passed on without your consent.

The processing of the data entered in the contact form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. An informal communication by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to store it, or there is no longer any need to store the data. Mandatory legal provisions - in particular retention periods - remain unaffected.

 

Customer account

 If you open a customer account, you agree that your inventory data such as name, address, e-mail address and bank details as well as your usage data (username, password) are stored. This gives you the opportunity to order from us with your e-mail address and your personal password.

 

Online payments

 If you order goods or services in our online store, it is necessary for the fulfillment of the contract that you provide your personal data, which are necessary for the processing of your order. The mandatory data required for the processing of the contract are marked separately. Depending on the selected payment method, the data required for payment processing will be forwarded to the corresponding payment service providers. The processing of your data is based on the legal basis of Art. 6 para. 1 sentence 1 lit. b) DSGVO.

 

1.1 PayPal 

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg is responsible for the European region.

The data processing is essentially done by PayPal. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from possible other PayPal services where you have a user account.

You can learn more about the data processed through the use of PayPal in the Privacy Policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

 

1.2 Shopify Payments 

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment is processed via the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number, if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b DSGVO.

Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose.

For more information about Shopify Payments' privacy policy, please visit the following web address:https://www.shopify.com/legal/

privacy. Privacy information about Stripe Payments Europe Ltd. can be found here:https://stripe.com/de/privacy.

 

Data use and disclosure

 

1.1 General recipients

Within our company, the departments responsible for processing the requests have access to your data. In addition, we use external service providers if we cannot or cannot reasonably perform services ourselves. These external service providers are - in addition to those already mentioned - primarily providers of IT services and telecommunications services as well as transport companies. Apart from the cases specifically listed, transfers to third countries are generally not planned. Should this exceptionally be the case, we will inform you separately in this declaration.

 

1.2 Shopify

To offer our online store, we use the service of Shopify International Ltd, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32 Ireland (hereinafter: Shopify). All data you provide in our online store is thereby processed on our behalf by Shopify in order to provide you with the services of the online store, which includes the support and execution of orders, authentication and payment processing. For more information, please visit: https://www.shopify.com/legal/privacy.

 

 

SSL or TLS encryption 

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, our website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

§ 2 Storage duration

 Personal data that has been communicated to us via our website is only stored until the purpose for which it was entrusted to us has been fulfilled. Insofar as retention periods under commercial and tax law must be observed, the storage period for certain data may be up to 10 years.

 

§ 3 Data subject rights

 With regard to the personal data concerning you, as a data subject, you have the following rights vis-à-vis the data controller in accordance with the statutory provisions:

 

3.1 Right of withdrawal

 Many data processing operations are only possible with your express consent. If the processing of your data is based on your consent, you have the right to revoke your consent to the processing of data at any time with effect for the future in accordance with Art. 7 (3) DSGVO. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Storage of data for billing and accounting purposes remains unaffected by a revocation.

 

3.2 Right to information

 You have the right to request confirmation from us, pursuant to Article 15 of the GDPR, as to whether we are processing personal data concerning you. If such processing is taking place, you have the right to obtain information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the intended storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed about which guarantees exist in accordance with Art. 46 DSGVO when your data is transferred to third countries.

 

3.3 Right to rectification

 You have the right, in accordance with Art. 16 DSGVO, to request at any time the immediate correction of inaccurate personal data concerning you and/or the completion of your incomplete data.

 

3.4 Right to deletion

 You have the right to request the deletion of your personal data in accordance with Art. 17 DSGVO, provided that one of the following reasons applies:

 

a)

Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

 

b)

You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing;

 

c)

You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;

 

d)

The personal data have been processed unlawfully;

 

e)

The deletion of personal data is necessary for compliance with a legal obligation under Union law or the law of the Member State to which we are subject;

 

f)

The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO;

 

However, this right does not exist insofar as the processing is necessary:

 

a)

to exercise the right to freedom of expression and information;

 

b)

to comply with a legal obligation that requires processing under the law of the Union or the Member State to which we are subject, or for the exercise of

a task that is in the public interest or is performed in the exercise of official authority vested in us;

 

c)

for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;

 

d)

for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right of the data subject is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

for the assertion, exercise or defense of legal claims.

If we have made your personal data public and we are obliged to erase it in accordance with the above, we shall take reasonable steps, including technical measures, to inform data controllers processing the personal data that you, as the data subject, have requested that they erase all links to your personal data or copies or replications of such personal data, taking into account the available technology and the cost of implementation.

 

3.5 Right to restriction of processing

 You have the right to request the restriction of processing (blocking) of your personal data in accordance with Art. 18 DSGVO. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

  1. If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  2. If the processing of your personal data happened / happens unlawfully, you may request the restriction of the data processing instead of the deletion.
  3. If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.

 

you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

 

3.6 Right to information 

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. In accordance with Art. 19 DSGVO, you have the right to be informed about these recipients upon request.

 

3.7 The right not to be subject to a decision based solely on automated processing, including profiling.

 You have the right, in accordance with Article 22 of the GDPR, not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision

  1. is necessary for the conclusion or fulfillment of a contract between you and us,
  2. is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. is done with your express consent.

However, decisions in the cases mentioned in (a) to (c) may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

In the cases referred to in (a) and (c), we will take reasonable measures to safeguard your rights and freedoms and your legitimate interests, which include at least the right to The decision-making process shall include the request of the person responsible to intervene, to express his or her point of view and to contest the decision.

 

3.8 Right to data portability

If the processing is based on your consent pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO or on a contract pursuant to Art. 6(1)(b) DSGVO and is carried out with the help of automated processes, you have the right, pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format and to transfer it to another controller or to request the transfer to another controller, insofar as this is technically feasible.

 

3.9 Right of objection 

Insofar as we base the processing of your personal data on the balance of interests pursuant to Art. 6 (1) lit. f DSGVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on this provision. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection pursuant to Art. 21(1) DSGVO).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) DSGVO).

You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.

 

3.10 Right of appeal to the competent supervisory authority pursuant to Art. 77 DSGVO

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.

The supervisory authority responsible for us is:

The Hamburg Commissioner for Data Protection and Freedom of Information

Ludwig-Erhard-Str. 22 7th floor

20459 Hamburg

Phone: 040/428 54-40 40

E-mail: mailbox@datenschutz.hamburg.de Internet: https://www.datenschutz-hamburg.de

 

Validity and amendment of this privacy policy

This privacy policy is effective as of February 7, 2023. We reserve the right to change this privacy policy at any time in compliance with applicable data protection regulations. This may be necessary, for example, to comply with new legal provisions or to take into account changes to our website or new services on our website. The version available at the time of your visit applies.

If this Privacy Policy is amended, we intend to post changes to our Privacy Policy on this page so that you are fully informed about what personal information we collect, how we process it, and under what circumstances it may be disclosed.