top of page

WIDESHOP

PRIVACY POLICY

1. Introduction

Welcome to WIDESHOP (wideshopde.com). We take the protection of your personal data very seriously. This Privacy Policy informs you about how we collect, process, and use your personal data when you visit our website (wideshopde.com - hereinafter "Website"), contact us, or use our purchasing agency services, in compliance with the EU General Data Protection Regulation (GDPR) and relevant German data protection laws (such as the Bundesdatenschutzgesetz - BDSG and the Telekommunikation-Telemedien-Datenschutz-Gesetz - TTDSG)

2. Data Controller

The entity responsible for data processing (the "Controller") is:
 

WIDESHOP
Kölner Str. 3 65760 Eschborn Germany
Phone: 01788267257, 01788267258
Website: wideshopde.com
Email: info(at)wideshopde.com

3. Data Protection Officer

We are not legally required to appoint a Data Protection Officer and have not appointed one. For any data protection inquiries, please use the contact details provided in Section 2.

4. Types of Data Processed, Purposes, and Legal Bases

We process different types of personal data for various purposes based on specific legal grounds:
 

a) Visiting our Website: * Data: IP address, date and time of access, browser type and version, operating system, referring URL, pages visited, data volume transferred. * Purpose: Ensuring the functionality, security, and stability of the website; statistical analysis for improving the website (anonymized where possible). * Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR) in operating a secure and functional website. For data processed via cookies or similar technologies stored on/read from your device, the legal basis is your consent (Art. 6(1)(a) GDPR via § 25 TTDSG) unless strictly necessary for providing the service you requested (§ 25(2) TTDSG). See Section 10 (Cookies).
 

b) Contacting Us (e.g., via email, phone, contact form): * Data: Name, email address, phone number, content of your message/request. * Purpose: Processing your inquiry, communicating with you. * Legal Basis: Processing necessary for steps prior to entering into a contract or for contract performance if the inquiry relates to our services (Art. 6(1)(b) GDPR); otherwise, legitimate interest (Art. 6(1)(f) GDPR) in responding to inquiries.
 

c) Using Our Purchasing Agency Service (Ordering): * Data: Name, billing address, shipping address (often in South Korea), email address, phone number, order details (items requested, sizes, etc.), payment information (processed securely via payment providers, we may only see partial info like transaction ID or last digits), communication history related to the order. * Purpose: To fulfill our contractual obligations as your purchasing agent, including sourcing items, communicating with you about availability and price, purchasing items on your behalf from third-party suppliers, arranging shipping, handling payments, providing customer service, complying with legal obligations (e.g., invoicing, tax records). * Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR) for invoice/tax data.
 

d) Newsletter or Marketing Communications (if offered): * Data: Email address, potentially name, confirmation of opt-in. * Purpose: Sending information about our services, promotions, or new items. * Legal Basis: Your explicit consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time (e.g., via an unsubscribe link).

5. Data Recipients and Third-Party Disclosure

  1. We only share your personal data with third parties when necessary for the purposes outlined above, when legally permitted or required, or based on your consent. Recipients may include:

  2. Third-Party Suppliers/Retailers: We share necessary information (e.g., item details, potentially your name/shipping address if required by the supplier for purchase or warranty) to purchase the goods on your behalf. This is essential for our service.

  3. Shipping Carriers: (e.g., DHL, FedEx, UPS) We provide your name, shipping address, phone number, and email address to arrange delivery and provide tracking information.

  4. Payment Service Providers: (e.g., Stripe, PayPal, Banks) To process your payments securely. These providers process your data under their own responsibility.

  5. IT Service Providers: (e.g., hosting provider, website maintenance, email services) Who act as processors on our behalf under strict data processing agreements (Art. 28 GDPR).

  6. Authorities: If required by law (e.g., tax authorities, law enforcement).

6. Data Transfers to Third Countries (Outside EU/EEA)

  1. As our service involves purchasing goods in the EU and shipping them primarily to South Korea, data transfers outside the EU/EEA occur:

  2. Shipping to South Korea: We transfer your shipping details (name, address, phone, email) to shipping carriers who operate internationally to deliver your order. The European Commission has recognized South Korea as providing an adequate level of data protection (Adequacy Decision). This ensures your data is handled with comparable safeguards to those within the EU.

  3. Other Third Countries: If we use service providers based outside the EU/EEA or need to ship to other non-EU countries without an adequacy decision, we ensure appropriate safeguards are in place, typically through Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46 GDPR), or based on specific derogations (Art. 49 GDPR) like the necessity for contract performance.

7. Data Retention Periods

  1. We store your personal data only for as long as necessary for the purposes for which it was collected:

  2. Contract Data (Orders): Stored for the duration of the contractual relationship and thereafter for the period required by statutory retention obligations (e.g., typically 10 years for tax-relevant documents under German law).

  3. Website Log Files: Stored for a short period (e.g., 7-14 days) for security purposes and then deleted or anonymized.

  4. Contact Inquiries: Stored until the inquiry is fully resolved and then deleted, unless required for contractual purposes or legal retention.

  5. Data Processed based on Consent (e.g., Newsletter): Stored until you withdraw your consent.

8. Your Data Protection Rights

  1. Right of Access (Art. 15 GDPR): To request information about the personal data we process about you.

  2. Right to Rectification (Art. 16 GDPR): To request correction of inaccurate personal data.

  3. Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR): To request deletion of your personal data under certain conditions (e.g., if no longer necessary, consent withdrawn, processed unlawfully).

  4. Right to Restriction of Processing (Art. 18 GDPR): To request limitation of processing under certain conditions.

  5. Right to Data Portability (Art. 20 GDPR): To receive your data in a structured, common, machine-readable format and request transmission to another controller where technically feasible.

  6. Right to Object (Art. 21 GDPR): To object to processing based on legitimate interests (Art. 6(1)(f) GDPR) on grounds relating to your particular situation. You have an unconditional right to object to processing for direct marketing purposes.

  7. Right to Withdraw Consent (Art. 7(3) GDPR): To withdraw your consent at any time for future processing, where processing is based on consent.

  8. Right to Lodge a Complaint (Art. 77 GDPR): To lodge a complaint with a supervisory authority if you believe our processing infringes data protection laws. The competent authority for WIDESHOP is generally the Data Protection Authority of the State of Hesse (Der Hessische Beauftragte für Datenschutz und Informationsfreiheit), although you can also complain to the authority in your place of residence or work within the EU.

  9. To exercise these rights, please contact us using the details in Section 2.

9. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.  

10. Cookies and Similar Technologies

Our Website uses cookies and potentially similar technologies (e.g., pixels, local storage). Cookies are small text files stored on your device.
 

  1. Essential Cookies: These are strictly necessary for the Website to function correctly (e.g., session management, maintaining security). The legal basis for processing data via essential cookies falls under § 25(2) TTDSG and potentially Art. 6(1)(f) GDPR.

  2. Non-Essential Cookies (Functional, Analytical, Marketing): These are used to improve user experience, analyze website usage, or for marketing purposes. We will only use these cookies with your explicit prior consent (Art. 6(1)(a) GDPR via § 25(1) TTDSG), typically obtained through a cookie consent banner when you first visit our Website.

  3. Managing Consent: You can manage your cookie preferences and withdraw consent at any time via our cookie consent tool [Link to Cookie Settings/Tool - Implement This!] or through your browser settings. Blocking all cookies may affect website functionality.

11. Data Security

We implement appropriate technical and organizational security measures (TOMs) to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption (e.g., SSL/TLS for website transmission), access controls, and regular security reviews.  

12. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We encourage you to review this page periodically for the latest information on our privacy practices. The date of the last update is indicated at the top of this policy.

bottom of page