This policy applies to information we collect when you choose to use this website, and also to personal information which we process further to supplying goods to our customers and receiving personal data from our suppliers.
Who We Are
This website is owned by Chithaka Paragoda Vithanage. Our registered office in Germany is at Hackerstr 4, Ebenhausen 82067, Bavaria. Chinthaka Paragoda Vithanage (‘Chin&Annie’, ‘Chin+Annie’, ‘we’ or ‘us’) is a ‘data controller’ for the purposes of the General Data Protection Regulation (‘GDPR’) where we control the purposes for which we process your personal information e.g. when we take your personal information to supply you with our goods. Otherwise, we are the data processor. We will take all appropriate steps to ensure compliance with the GDPR and all other laws which protect your personal data (the ‘Legislation’).
Any questions about our data protection policy or how we handle your personal data should be addressed to us (see ‘How to contact us’ below).
What Information We Collect
We collect personal information about you (Personal Information: such as your name, delivery address, email address and telephone number), when you contact us via our website or purchase goods from us. We also collect personal information when you visit our website, as explained below in the Cookies section.
For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of a user’s internet service provider, to improve the user’s experience whilst visiting the website, and better understand how you use it. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
You can set your browser not to accept cookies, and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
Third Party Cookies
Cookies we use can be divided into the following categories:
- Necessary cookies: The data from these required cookies is necessary for a visitor to use our website and its functions and for the website to function properly.
- Performance cookies: These cookies collect information about how visitors use a website. These cookies don’t collect information that identifies a visitor.
- Analytics cookies: Analysis cookies are used to monitor and track visitor behaviour on our site.
- Advertisement cookies: These cookies are used to deliver adverts more relevant to a visitor and visitor’s interests. They are also used to limit the number of times a visitor sees an advertisement, as well as help measure the effectiveness of the advertising campaign.
As described above, we use your ‘Personal Information’ to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Any comments you make on these social media platforms in general must be not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use.
How Will We Use the Information About You
We process information about you so that we can:
- provide the goods or information you have requested
- identify you and manage any accounts you hold with us
- let you know about goods or services that may be of interest to you (see further information in our ‘Marketing’ section below)
- detect and prevent fraud
- customize our website and its content to your particular preferences
- notify you of any changes to our website or to our goods or services that may affect you
- improve our service
Lawful Basis for Processing your Personal Data
The reasons why we process your personal data are listed above, and the lawful basis for such processing is one or more of the following:
- it is necessary for us to comply with a legal obligation (e.g. keeping information which The Federal Central Tax Office (BZSt) requires us to keep)
- it is in our legitimate business interest to carry out such processing (e.g. reminding you of an “abandoned on-line cart”) except where such an interest is overridden by your interests or fundamental rights and freedoms which require your personal data to be protected
- you have given your consent for one or more specific purposes.
Who do we Share your Personal Data with
We may send information about you to other parties to help us to fulfil your order with us and to law enforcement agencies in connection with any investigation to help prevent unlawful activity.
Marketing and Email Newsletter
We use any information submitted to us by you to provide you with further information by email about the goods (and services) we offer which you have requested and/or which may be of interest to you. You can choose to unsubscribe at any point by clicking on the link at the bottom of the email.
Email marketing campaigns published by us may contain tracking facilities within the actual email. Subscribed activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include: the opening of emails, forwarding of emails, the clicking of links within the email consent, times, dates and frequency of activity (this is by no means a comprehensive list).
This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue is a service that can be used, among other things, to organize and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter will be stored on the Sendinblue servers in Germany.
Data analysis by Sendinblue
With the help of Sendinblue it is possible for us to analyse our newsletter campaigns. So we can, e.g., see whether a newsletter message has been opened and which links, if any, have been clicked. In this way, we can determine, among other things, which links were clicked particularly often. We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). We can e.g. B. recognize whether you have made a purchase after clicking on the newsletter. Sendinblue also allows us to subdivide ("cluster") newsletter recipients into different categories. The newsletter recipients can be clustered e.g. by age, gender or place of residence. In this way, the newsletters can be better adapted to the respective target groups. If you do not wish to be analysed by Sendinblue, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
For detailed information on Sendinblue's features, please visit the following link: https://www.sendinblue.com/newsletter-software/.
Keeping your Data Secure
Our staff and associates are bound by obligations of confidentiality and trained in the protection of personal data. We will take all reasonable steps to comply with the Legislation and use the appropriate technical and organizational measures necessary to safeguard your personal data. As we mention above, we only share your personal data with third parties who also comply with the Legislation.
While we will use all appropriate efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
When you give us personal information, we take steps to ensure that it is treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with 128-Bit encryption on SSL. When you are on a secure page, a lock icon will appear somewhere within the browser.
Our online store is hosted on a secure server at Hetzner Online GmbH. Our website uses WooCommerce to power the ecommerce store, and your data is stored in WordPress’s database behind a firewall. You can read more about how customer data of a WooCommerce powered ecommerce website is stored here.
We only send your personal data outside the European Economic Area where we have in place a legal agreement which complies with the Legislation or where you have given your express consent.
If you want detailed information on how to protect your information and your computers and devices from fraud, identity theft, viruses and many other online problems, please visit www.bsi.bund.de.
The criterion for the duration of the storage of personal data is the legal retention period. After this retention period has expired, the corresponding data will be routinely deleted, provided that they are no longer required to fulfil the contract or to initiate a contract.
What Rights do you have?
The GDPR provides the following rights for individuals whose personal data is processed:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object to processing
8. Rights in relation to automated decision-making and profiling
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
WooCommerce uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary deny list of IP addresses associated with repeated failed transactions. This 'deny' list persists for a small number of hours.
- Temporary deny list of credit cards associated with deny listed IP addresses. This 'deny' list persists for a small number of days.
To Exercise any of your Rights
You can request a copy of the personal information which we hold or amend it or ask us not to use it for particular purposes by:
- emailing or writing to us (see ‘How can you contact us?’ below);
- providing us with proof of your identity (a copy of your driving licence or passport); and
- letting us know what information you want or what you want us to do.
- let us know the information that is incorrect and what it should be replaced with.
You can ask us to stop contacting you for particular purposes or remove your information completely from our records. There may be a legal reason why we need to keep your personal data, and in that circumstance we will destroy your personal information as soon as we are legally entitled to do so.
Right to Lodge a Complaint with a Superior Authority
In the event of violations of data protection law, the person concerned has the right to lodge a complaint with the responsible supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
How to Contact Us