Privacy Statement for Stridepets.com Webshop (Consumers)
Last updated: 03.05.2024
Protecting your privacy is very important to Stride Pets. This notice sets out the basis on which personal data of website visitors and users are collected and processed in connection with the Company’s website and webshop www.stridepets.com. Personal data means all information on the basis of which an individual person can be identified.
This document relates to the processing of the personal data of consumers visiting the Website.
- Data Controller
The data controller for personal data collected and processed on the Stride Pets webiste. The company responsible for personal data processing is Stride Pets. Any questions or requests with regards to data protection can be sent to info@stridepets.com.
- Categories of Personal Data and the Basis for Processing Said Data
Personal data is processed on the Website pursuant to the EU General Data Protection Regulation (“GDPR”) as well as applicable national data protection legislation. Personal data is only processed for the purposes mentioned below, and there is always a legal basis for processing, based on the applicable legislation. It is necessary to provide personal data in order to use the webshop on the Website.
The Company collects and processes the following categories of personal data:
Category of personal data | Purpose of processing | Legal basis | Removal of personal data |
---|---|---|---|
Name, email address when registering | Registering for the website (not required, but helps when making purchases) | Performance of contract (GDPR Article 6(1)(b)) | Within 3 months of the account becoming inactive |
Providing newsletters to registered users | Legitimate interests of Company (GDPR Article 6(1)(f)) | ||
Name, email address when ordering a product | Purchasing goods – communications regarding orders | Performance of contract (GDPR Article 6(1)(b)) | Within 3 months of the Data Subject no longer being an active customer |
Notes made by Company’s employees in relation to orders, including any possible personal data | Documenting information regarding the purchase or return of goods | Performance of contract (GDPR Article 6(1)(b)) | |
Name, email address, phone number, postal address | Fulfilling orders or handling returns | Performance of contract (GDPR Article 6(1)(b)) | |
Individual customer identity number of each Data Subject | Identifying the purchases of individual Data Subjects in order to handle orders and returns | Performance of contract (GDPR Article 6(1)(b)) | |
Data collected by analytics services (including IP address, products looked at by Data Subject) | Analysing the behaviour of Data Subjects in order to develop the service and goods offering of the Company | Legitimate interests of Company (GDPR Article 6(1)(f)) | 90 days after end of web session |
Data Subject’s IP address | Logging in order to detect and fix errors, preventing malicious behaviour/DDoS attacks | Legitimate interests of Company (GDPR Article 6(1)(f)) | 3 months after end of web session |
- Use of Non-Personal Data
In addition to the personal data mentioned above, the Company also processes data that does not identify individual users and therefore does not fall within the scope of data protection legislation. The Company uses cookies, the use of which is described here. The Company also uses analytics services. However, these services are used in such a way that a part of the IP address of visitors is masked so that they cannot be used to identify individual users, and therefore this does not amount to the processing of personal data.
- Data Security
Personal Data will be protected by reasonable security safeguards against accidental loss, unauthorised processing, the destruction of, or use or modification of, or unauthorised disclosure of the personal data. The Company employs appropriate technical and organisational security measures in order to protect the personal data. The safeguards the Company employs, such as limiting its personnel’s and subcontractors’ access to personal data and encryption of data, are proportionate to the likelihood and severity of any potential harms or threats, the sensitivity of the personal data, and the context in which it is held as well as the development of security technologies.
- Rights of Data Subjects
Under the General Data Protection Regulation (“GDPR”), the Data Subject has the following rights with regards to Personal Data, as more closely specified in Articles 15-21 of the GDPR:
- Right of access: the Data Subject has the right to request confirmation of whether his or her personal data is processed in connection with the website, and access to that personal data.
- Right of rectification: the Data Subject has the right to request the data controller to rectify any inaccurate or incomplete personal data concerning her or him held by or processed in connection with the website.
- Right of erasure: the Data Subject has the right to request that personal data concerning her or him is erased where it is no longer necessary for the purpose for which it was collected or processed, where she or he objects to the processing and there are no overriding legitimate grounds for processing, where her or his personal data is being unlawfully processed, or where personal data must be erased in order to comply with relevant legislation.
- Right of restriction: the Data Subject has the right to request restriction of processing of her or his personal data where the accuracy of the personal data is contested, where processing is unlawful or where the personal data is no longer needed by the data controller but she or he legitimately opposes the erasure of the personal data, or where she or he objects to the processing and it has not yet been verified whether legitimate grounds exist for the processing.
- Right to object: the Data Subject has the right to object to the processing of her or his personal data where the processing is based on the legitimate interests of the data controller or third parties as specified in Section 2.
- Transfers Outside the EU/EEC
Personal Data relating to the website is only transferred or processed outside the EU/EEC pursuant to sufficient safeguards under Article 49 of the EU General Data Protection Regulation, such as an adequacy decision by the European Commission, or subject to standard contractual clauses approved by the European Commission. Data subjects have the right to receive a description of the data transferred subject to standard contractual clauses, as well as the measures undertaken to mitigate personal data risks in connection with the use of the standard contractual clauses.
- Changes to the Privacy Notice
This Privacy Notice may be amended from time to time by posting an updated version to the website, after which the updated version shall apply. In the event there are substantial changes to the Privacy Notice, the Company may notify Data Subjects by other means, for example via email.
— End of document —