Privacy Policy

Overview

Data protection is a top priority at EdsbGlobal. While you can use our website, Edsbglobal.com, without providing personal data, certain services may require it. If processing personal data becomes necessary and there is no legal basis for it, we will seek consent from the data subject.

The processing of personal data, such as name, address, email address, or telephone number, always adheres to the General Data Protection Regulation (GDPR) and relevant country-specific data protection laws. This privacy policy aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Additionally, data subjects are informed of their rights as outlined in this declaration.

As the controller, EdsbGlobal has implemented various technical and organizational measures to ensure the comprehensive protection of personal data processed through our website. However, it's important to note that internet-based data transmissions may inherently possess security vulnerabilities, and thus absolute protection cannot be guaranteed.

Name and Address of the Controller

The controller responsible for data processing under the General Data Protection Regulation (GDPR) and other relevant data protection laws is:

EdsbGlobal
Compliance Department
support@edsbglobal.com.

Definitions

This privacy policy is based on the terms outlined by the European legislator in the General Data Protection Regulation (GDPR). To ensure clarity and understanding, particularly for the general public, customers, and business partners, we provide explanations for the terminology used herein.

In this privacy policy, the following terms apply:

A.) Personal Data:

Refers to any information relating to an identified or identifiable natural person ("data subject"). This includes identifiers such as name, identification number, location data, online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the individual.

B.) Data Subject:

Denotes any identified or identifiable natural person whose personal data is processed by the controller responsible for processing.

C.) Processing:

Encompasses any operation or set of operations performed on personal data, whether automated or not. This includes collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.

D.) Restriction of Processing:

Refers to marking stored personal data to limit their processing in the future.

E.) Profiling:

Involves automated processing of personal data to assess certain personal aspects concerning a natural person, such as work performance, economic situation, health, preferences, interests, behavior, location, or movements.

F.) Pseudonymization:

Describes the processing of personal data in a manner that prevents direct attribution to a specific individual without additional information. This additional information is kept separately and subject to technical and organizational measures to ensure anonymity.

G.) Controller or Controller Responsible for Processing:

Refers to the entity, whether natural or legal, public authority, agency, or other body, that determines the purposes and means of personal data processing.

H.) Processor:

Denotes a natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the controller.

I.) Recipient:

Includes natural or legal persons, public authorities, agencies, or other entities to whom personal data are disclosed, whether third parties or not.

J.) Third Party:

Refers to natural or legal persons, public authorities, agencies, or bodies other than the data subject, controller, processor, or persons authorized to process personal data under the direct authority of the controller or processor.

K.) Consent:

Indicates any freely given, specific, informed, and unambiguous indication of the data subject's wishes, signifying agreement to the processing of personal data relating to them.

Cookies

Our website, ecfgiftshop.com, utilizes cookies, which are text files stored in a computer system through an internet browser. Many internet sites and servers employ cookies. These cookies often contain a unique identifier known as a cookie ID, allowing websites and servers to distinguish an individual's internet browser from others containing different cookies. This distinction enables visited sites and servers to differentiate between individual browsers, enhancing user experience by providing more user-friendly services made possible through cookie settings.

Cookies enable us to optimize the information and offers on our website with users in mind. They facilitate recognition of our website users, streamlining their experience. For instance, a user's access data need not be entered each time the website is visited, as this information is retained by the website through stored cookies on the user's computer system. Additionally, cookies contribute to functionalities such as maintaining a shopping cart in an online shop, where the store remembers items added by the customer.

Users may choose to prevent the setting of cookies through our website by adjusting their internet browser settings accordingly, thereby permanently denying cookie placement. Furthermore, already set cookies may be deleted at any time through internet browsers or other software programs. This functionality is available in all popular internet browsers. However, it's important to note that disabling cookie settings may result in some functions of our website becoming partially or entirely unusable.

COLLECTION OF GENERAL DATA AND INFORMATION

When a data subject or automated system accesses our website, ecfgiftshop.com, a series of general data and information is collected and stored in server log files. This data may include:

  1. Browser types and versions used.
  2. Operating systems utilized by accessing systems.
  3. Websites from which accessing systems reach our website (referrers).
  4. Sub-websites accessed.
  5. Date and time of access to the internet site.
  6. Internet Protocol (IP) address.
  7. Internet service provider of accessing systems.
  8. Any other similar data and information useful in the event of attacks on our information technology systems.

We do not draw conclusions about individual data subjects when using this general data and information. Instead, it serves to:

  1. Deliver website content accurately.
  2. Optimize website content and advertising.
  3. Ensure the long-term viability of our information technology systems and website technology.
  4. Provide law enforcement authorities with necessary information for criminal prosecution in case of cyber-attacks.

We analyze this anonymously collected data and information statistically to enhance data protection and security, ensuring optimal protection for processed personal data. Server log file data is stored separately from all personal data provided by data subjects.

RIGHTS OF THE DATA SUBJECT

A.) RIGHT OF CONFIRMATION

Every data subject has the right, as granted by the European legislator, to request confirmation from the controller as to whether personal data concerning them are being processed. If a data subject wishes to exercise this right, they may contact any employee of EdsbGlobal at any time.

 B.) RIGHT OF ACCESS

Each data subject holds the right, as granted by the European legislator, to obtain free information from the controller regarding their personal data stored at any time, as well as a copy of this information. Additionally, the data subject has access to the following information in accordance with European directives and regulations:

  • Purposes of processing
  • Categories of personal data involved
  • Recipients or categories of recipients to whom personal data have been or will be disclosed, particularly recipients in third countries or international organizations
  • Envisaged duration of personal data storage or criteria used to determine that duration, if not explicitly stated
  • Existence of the right to request rectification, erasure, or restriction of processing, as well as the right to object to processing
  • Right to lodge a complaint with a supervisory authority
  • Source of personal data if not obtained from the data subject
  • Existence of automated decision-making, including profiling, and meaningful information about its logic, significance, and envisaged consequences for the data subject

The data subject also has the right to know if personal data is transferred to a third country or international organization, and if so, to be informed of the appropriate safeguards. To exercise this right, the data subject may contact any employee of the controller at any time.

 

C.) RIGHT TO RECTIFICATION

Every data subject has the right, as granted by the European legislator, to request rectification of inaccurate personal data concerning them without undue delay. Additionally, incomplete personal data may be completed with a supplementary statement, considering the purposes of processing. To exercise this right, the data subject may contact any employee of the controller at any time.

 

D.) RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN)

Each data subject holds the right, as granted by the European legislator, to request the erasure of personal data concerning them without undue delay. The controller shall promptly comply with such requests when one of the following grounds applies:

  • Personal data are no longer necessary for the purposes they were collected or processed.
  • The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to processing pursuant to Article 21(1) of the GDPR, and there are no overriding legal grounds for processing, , or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
  • Personal data have been unlawfully processed.
  • Erasure is necessary to comply with a legal obligation.
  • Personal data have been collected in relation to information society services referred to in Article 8(1) of the GDPR.

 

If a data subject wishes to request erasure of personal data stored by EdsbGlobal, they may contact any employee of the controller at any time. When erasing personal data that have been made public, reasonable steps are taken to inform other controllers processing the data, unless this proves impossible or involves disproportionate effort. An employee will arrange the necessary measures in individual cases.

 

E.) RIGHT OF RESTRICTION OF PROCESSING

Every data subject, according to the European legislator, has the right to request from the controller a restriction of processing in the following circumstances:

    •  The accuracy of the personal data is contested by the data subject, allowing the controller time to verify its accuracy.
    • The processing is deemed unlawful, and the data subject opposes erasure but requests restriction instead.
    • The controller no longer requires the personal data for processing purposes, but the data subject needs it for legal claims.
    • The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending verification of the controller's legitimate grounds over those of the data subject.
    • If any of these conditions are met, and a data subject wishes to request restriction of processing personal data stored by us, they may contact any employee of the controller. The employee will facilitate the restriction of processing accordingly.

F.) RIGHT TO DATA PORTABILITY

Every data subject is granted the right by the European legislator to receive their personal data, provided to a controller, in a structured, commonly used, and machine-readable format. They have the right to transmit this data to another controller without hindrance, as long as processing is based on consent or a contract, and carried out by automated means. To exercise this right, the data subject may contact any employee. Additionally, the data subject has the right for personal data to be transmitted directly from one controller to another where technically feasible, without adversely affecting the rights and freedoms of others.

 

G.) RIGHT TO OBJECT

Each data subject holds the right, under the European legislator, to object at any time to the processing of personal data concerning them, based on legitimate interests pursued by the controller or a third party, unless overridden by the data subject's interests, rights, and freedoms. This includes profiling for direct marketing purposes. If the data subject objects, we will cease processing personal data for such purposes unless compelling legitimate grounds override their interests or for legal claims. To object to processing, the data subject may contact any employee. They are also free to use their right to object through automated means.

H.) AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING

Each data subject has the right not to be subject to decisions based solely on automated processing, including profiling, unless necessary for entering into or performing a contract, authorized by law with safeguards, or based on explicit consent. If necessary for a contract or based on consent, suitable measures are implemented to safeguard the data subject's rights and freedoms. To exercise these rights, the data subject may contact any employee.

 

I.) RIGHT TO WITHDRAW DATA PROTECTION CONSENT

Every data subject has the right to withdraw consent for processing their personal data at any time. To exercise this right, the data subject may contact any employee.

 

LEGAL BASIS FOR PROCESSING

The legal basis for processing operations includes consent, contract performance, legal obligations, protection of vital interests, and legitimate interests pursued by us or a third party. This basis ensures compliance with GDPR requirements, particularly regarding the protection of personal data and the rights of data subjects.

ROUTINE ERASURE AND BLOCKING OF PERSONAL DATA

Personal data is processed and stored only for the period necessary to achieve the purpose of storage or as granted by relevant laws or regulations. If the storage purpose becomes inapplicable or the prescribed storage period expires, personal data is routinely blocked or erased in accordance with legal requirements.

LEGITIMATE INTERESTS

Our legitimate interest, as stated in Article 6(1) lit. f GDPR, is to conduct our business for the benefit of our employees and shareholders.

PERIOD FOR DATA STORAGE

The period of storage for personal data is determined by the respective statutory retention period. After expiration, data is routinely deleted, provided it's no longer necessary for contract fulfillment or initiation.

PROVISION OF PERSONAL DATA AND CONSEQUENCES

The provision of personal data may be required by law or contract, or for contract conclusion. Failure to provide necessary data could result in the inability to conclude a contract. Before providing personal data, the data subject must contact any employee to clarify requirements and consequences.

The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee.

The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

CONTACT POSSIBILITY VIA WEBSITE

Our website contains information that enables quick electronic contact to our enterprise, as well as direct communication with us via an email address. If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties

NEWSLETTER SUBSCRIPTION

On our website, users are given the opportunity to subscribe to our enterprise\s newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.

We inform our customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise\s newsletter may only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter shipping. A confirmation email will be sent to the email address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation email is used to prove whether the owner of the email address as the data subject is authorized to receive the newsletter.

During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the email address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by email, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.

NEWSLETTER TRACKING

Our newsletters contain tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if an email was opened by a data subject, and which links in the email were called up by data subjects.

Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke their declaration of consent to receive newsletters.

After a revocation, these personal data will be deleted by the controller. We automatically regard a withdrawal from the receipt of the newsletter as a revocation.

REGISTRATION ON WEBSITE

The data subject has the possibility to register on the website of the controller with the indication of personal data. Which personal data are transmitted to the controller is determined by the respective input mask used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller, and for his own purposes. The controller may request transfer to one or more processors (e.g. a parcel service) that also uses personal data for an internal purpose which is attributable to the controller.

By registering on the website of the controller, the IP address—assigned by the Internet service provider (ISP) and used by the data subject—date, and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution.

The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.

The data controller shall, at any time, provide information upon request to each data subject as to what personal data are stored about the data subject. In addition, the data controller shall correct or erase personal data at the request or indication of the data subject, insofar as there are no statutory storage obligations. The entirety of the controller’s employees are available to the data subject in this respect as contact persons.

PAYMENT METHOD: PAYPAL

On this website, the controller has integrated components of PayPal. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there are no classic account numbers. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also accepts trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject chooses "PayPal" as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.

The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to PayPal, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between PayPal and the controller for the processing of the data will be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks.

PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed in the order.

The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.

The applicable data protection provisions of PayPal may be retrieved under https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

SMS Marketing

We value your privacy and the information you consent to share in relation to our SMS marketing service. We use this information to send you text notifications (for your order, including abandoned checkout reminders), text marketing offers, and transactional texts, including requests for reviews from us.Opt-in data and consent for text messaging will not be shared with any third parties except for messaging partners,for the purpose of enabling and operating our text messaging program.

Opt-in data and consent for text messaging will not be shared with any third-parties except for messaging partners, for the purpose of enabling and operating our text messaging program.

Our website uses cookies to keep track of items you put into your shopping cart, including when you have abandoned your checkout. This information is used to determine when to send cart reminder messages via SMS.