In our User Privacy Notice we have compiled all essential information about our handling of your personal data and your corresponding rights for you.
This User Privacy Notice is effective from Jan 30, 2020. You can view the previous User Privacy Notice
1. Scope and updates of this User Privacy Notice
This User Privacy Notice applies to your use of this website and all smartCommerce applications, services (including payment services), products and tools (collectively the "Services"), regardless of how you access or use these Services, including access via mobile devices and apps.
2. Data protection officer and contact
In this country, where we are required to do so by law, we have appointed data protection officers to oversee the protection of your personal data. If you have any questions about this User Privacy Notice or about data protection at smartCommerce in general, you can contact the data protection officer responsible for your country at any time. You will find the contact details of your data protection officer in our smatCommerce Privacy Center.
Furthermore, if you have any questions or complaints regarding this User Privacy Notice, our global privacy standards, our handling of personal data, you can also contact the smartcommerce Privacy Team or the controller who is responsible for the processing of your personal data at any time. This applies regardless of whether we have appointed a data protection officer in your country or not. You can find all necessary information and contact details including a contact form in our smartCommerce Privacy Center.
3. What personal data we collect and process
We collect your personal data when you use our Services, create a new smartCommerce account, provide us with information via a web form, add or update information in your smartCommerce account, participate in online community discussions or otherwise interact with us. We also collect personal data from other sources (such as other smartCommerce, corporate family members or credit agencies or bureaus).
In total, we collect the following personal data:
3.1 Personal data you provide when using our Services or creating an smartCommerce account
Other data that we are required or entitled by applicable law to collect and process and that we need for your authentication or identification, or for the verification of the data we collect.
3.2 Personal data we collect automatically when you use our Services or create an smartCommerce account
For more information about our use of these technologies and your choices, see Cookies & similar technologies.
3.4 Personal data from other sources
We also collect personal data about you from other sources and from third parties to the extent permitted by applicable law. In particular, this includes the following data:
With regard to our payment services for sellers: data from government or other sources concerning any previous convictions of the respective seller, to the extent permitted by applicable law. We combine or connect the personal data we collect from you with data from these other sources. Where personal data is disclosed to us by third parties, we take steps to confirm that the information has been collected with your consent and/or that these third parties are otherwise legally permitted to disclose your personal data to us. We also receive access to personal data about you from other members of the smartCommerce family.
3.5 Social network data you share with us
We may also use plug-ins or other technologies from various social networks. If you click on a link displayed through a social network plug-in, you voluntarily connect to that social network.
4. Purposes and legal basis for data processing and categories of recipients
We process your personal data for various purposes and pursuant to various legal bases. We process your personal data primarily to provide and improve our Services, to provide you with a personalized user experience on this website, to contact you about your smartCommerce account and our Services, to provide customer service, to provide you with personalized advertising and marketing communications, and to detect, prevent, mitigate and investigate fraudulent or illegal activity. We also share your information with third parties for these purposes.
· We process your personal data in order to fulfil our contract with you and to provide you with our Services.Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:
· Other samrtCommerce users corporate family members.
External service providers and shipping companies (such as DHL, UPS etc.)
Payment service providers including the SSL Inc. group of companies
External operators of websites, applications, services and tools
Automated decision-making, we use technologies that are considered automated decision making or profiling. We will not make any automated decisions about you that would significantly affect you unless such a decision is necessary for entering into or the performance of, a contract with you, we have obtained your consent, or we are required by applicable law to use such technology. You will find information on your right to object to this processing of your data below under Rights as a data subject.
5. Storage duration and erasure
Your personal data will be stored by us and our service providers in accordance with applicable data protection laws to the extent necessary for the processing purposes set out in this User Privacy Notice (see Purposes and legal basis for data processing and categories of recipients for more information on the processing purposes). Subsequently, we will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous, unless we are legally obliged to keep your personal data longer (e.g. for tax, accounting or auditing purposes). As far as legally permissible or required, we restrict the processing of your data instead of deleting it (e.g. by restricting access to it). This applies in particular to cases where we may still need the data for the execution of the contract or for the assertion of or defense against legal claims. In these cases, the duration of the restriction of processing depends on the respective statutory limitation or retention periods. The data will be deleted after the relevant limitation or retention periods have expired.
The specific retention periods for personal data are documented in our regional data retention guidelines. How long we retain personal data may vary depending on the Services we provide and our legal obligations under applicable national law. The following factors typically affect the retention period:
Necessity for the provision of our Services
This includes such things as executing the User Agreement with you, maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. Most of our retention periods are determined on the basis of this general rule.
Special categories of personal data
If we store special categories of personal data, a shorter retention period is usually appropriate.
Consent-based processing of personal data
If we process personal data on the basis of consent (including consent to the extended storage), we store the data for as long as necessary in order to process it according to your consent.
Statutory, contractual or other similar obligations
Corresponding storage obligations may arise, for example, from laws or official orders. It may also be necessary to store personal data with regard to pending or future legal disputes. Personal data contained in contracts, notifications and business letters may be subject to statutory storage obligations depending on national law.
6. Rights as a data subject
Subject to possible restrictions under national law, as a data subject, you have the right to access, rectification, and erasure, restriction of processing and data portability with regard to your personal data. In addition, you can withdraw your consent and object to our processing of your personal data on the basis of legitimate interests. You can also lodge a complaint with a supervisory authority.
Your rights in detail:
If your personal data is processed on the basis of legitimate interests, you have the right to object to the processing of your personal data on grounds relating to your particular situation. This also applies to profiling. If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
The exercise of the above data subjects' rights (e.g. right to access or erasure) is generally free of charge. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge an appropriate fee (at most our actual costs) in accordance with the applicable statutory regulations or refuse to process the application.
Exercising your rights and managing your settings
You can exercise your rights as a data subject via our contact forms. In addition, you are of course free to contact us in any other way.
If you would like to change your preferences regarding smartCommerce notifications (including marketing communications), you can do so at any time in My smartCommerce under "Communication Preferences". If you do not wish to receive marketing communications from us, you can also unsubscribe by clicking on the link in the email you received. For technical reasons, the implementation may take a few days. For information on how to manage your cookie and similar technology preferences, see the next section Cookies & similar technologies.
7. Cookies & similar technologies
Our cookies and similar technologies have different functions:
· They may be technically necessary for the provision of our Services
· They help us optimize our Services technically (e.g. monitoring of error messages and loading times)
· They help us improve your user experience (e.g. save font size and form data entered)
· They allow us to show you more relevant advertisements
Your choices regarding cookies
8. Data security
We protect your personal data through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access and unauthorized disclosure and alteration. To this end we use firewalls and data encryption, for example, as well as physical access restrictions for our data centers and authorization controls for data access. You can find further information on data security in our Security Center.