SELFO is committed to respecting and protecting your privacy. Our goal is to be clear about what information we collect and how we use and protect your personal information.

The below Privacy Policy (together with our Terms and Conditions, any other documents referred to in it and our Cookie Policy) outlines how we may collect, use, store and process your personal information.

We truly hope that you will take time to read it through as we have no other goal but to maintaining your privacy. Please remember that you can manage your information and protect your privacy anytime by, for instance, viewing and editing your information in your account or controlling what kind of cookies are used when you visit our website.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to SELFO. By means of this data protection declaration, we would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means.

The legal bases can be found in the following articles of the GDPR:

• Consents: Art. 6 para. 1 lit. a. and Art. 7 DSGVO;
• Processing for the fulfilment of our services and implementation of contractual measures: Art. 6 para. 1 lit. b. DSGVO;
• Processing for the fulfilment of our legal obligations: Art. 6 para. 1 lit. c. DSGVO
• Processing for the protection of our legitimate interests: Art. 6 para. 1 lit. f. DSGVO. For details on the transfer of data, please refer to the passage in this data protection declaration.

This data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

• Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

• Data subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

• Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

• Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

• Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

• Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

• Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

• Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

• Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

• Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

• Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

What is this privacy policy for?

• When you make a purchase

1. In order for you to purchase and receive your order and to prevent and detect fraud

Information we may use: Email address; Full name; Phone number; Shipping address; Billing address.

2. To receive updates about your order via e-mail, SMS or our app. To receive marketing communications via e-mail or SMS

Information we may use: Phone numbers; Email address

3. To notify you about changes to our services

Information we may use: Email address

4. Receive your payments and manage refunds and compensation and to prevent and detect fraud

Information we may use: Payment information details

• When you contact us

1. To contact, communicate with you and manage all queries through e-mail, live chat, telephone and social media. In other words: to give you the World’s best customer care.

Information we may use: Name; Email address; Telephone number; Correspondences history; Order information; Shipping address; Payment information

2. To verify your identity when you request further information based on your rights

Information we may use: ID Documentation

Payment Method

Data protection provisions about the use of Sofortüberweisung as a payment processor

On this website, the controller has integrated components of Sofortüberweisung. Sofortüberweisung is a payment service that allows cashless payment of products and services on the Internet. Sofortüberweisung is a technical procedure by which the online dealer immediately receives a payment confirmation. This enables a trader to deliver goods, services or downloads to the customer immediately after ordering.

The operating company of Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.

If the data subject chooses “immediate transfer” as the payment option in our online shop during the ordering process, the data of the data subject will be transmitted to Sofortüberweisung. By selecting this payment option, the data subject agrees to the transmission of personal data required for payment processing.

In the case of purchase processing via direct transfer, the buyer sends the PIN and the TAN to Sofort GmbH. Sofortüberweisung then carries out a transfer to the online merchant after technical verification of the account status and retrieval of additional data to check the account assignment. The online trader is then automatically informed of the execution of the financial transaction.

The personal data exchanged with Sofortüberweisung is the first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The transmission of the data is aimed at payment processing and fraud prevention. The controller shall immediately transfer other personal data, even if a legitimate interest in the transmission exists. The personal data exchanged between Sofortüberweisung and the controller shall be transmitted by Sofortüberweisung to economic credit agencies. This transmission is intended for identity and creditworthiness checks.

Sofortüberweisung provides personal data to affiliated companies and service providers or subcontractors as far as this is necessary for the fulfillment of contractual obligations or data in order to be processed.

The data subject has the possibility to revoke the consent to the handling of personal data at any time from Sofortüberweisung. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.

The applicable data protection provisions of Sofortüberweisung may be retrieved under https://www.sofort.com/eng-DE/datenschutzerklaerung-sofort-gmbh/.

Woocommerce

On our website we use plug-ins, Woocommerce. These tools are local plug-ins. With these, it is possible to ensure the sale of items is technically smooth. We manage personal data of our customers with this online shop system.

This is done on the basis of Art. 6 para. 1 lit. b. DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

For more details, see https://woocommerce.com/ and https://woocommerce.com/terms-conditions/.

The provider assigns customer and invoice numbers. We create invoices as PDF files via Woocommerce and send them by e-mail. The personal data is stored for this purpose in our database and on our server.

Our legitimate interest within the meaning of Art. 6 para. 1 lit. f. DSGVO for the use of this tool is to provide you with a reliable online shop system.

We have concluded a contract with our provider for commissioned data processing (Art. 28 DSGVO) and fully implement the strict requirements of the German data protection authorities when using servers or hosting.

Links to other websites or social media

Our site or newsletters may contain on occasion links to and from other websites of our partners, advertisers and affiliates. Please note that this Privacy Policy only applies to this website. If you visit any of these websites, we therefore suggest you to read their own privacy policy as we do not accept any responsibility or liabilities for these policies.

Changes to our privacy policy

We keep our Privacy Policy under regular review. We will post any updates on this webpage. If significant changes are made, we will directly contact you by email so you can review the changes. Please check back frequently to see any updates or changes to our Privacy Notice.

The Privacy Policy was last updated Nov 2022.