Privacy Policy

PRIVACY POLICY www.sorrymom.dk

 

Date of Last Update: December 14, 2019

 

By accessing or using the website www.sorrymom.dk including its sub-domains or mobile optimized version, if any, (the “Website”) and/or using Services as set out hereinafter, you consent to the information collection, disclosure and use practices described in this Privacy Policy. The Website is operated by Sorry Mom ApS registered in Denmark bearing Company Registration No. DK35233970 and having its registered address located at Torvegade 17E, 1, 7100 Vejle, Denmark (hereinafter referred to as “Company”, “we,” “us” or “our”). This Privacy Policy also applies to all Services provided by us and sets out how we may collect, use and disclose information in relation to Users of the Website.

 

The Website is a platform for selling tattoo aftercare products to other businesses/resellers as well as directly to clients. It aims at helping tattooed clients with a guide for the perfect aftercare, through its blog and a variety of aftercare products, which includes information ranging from the tattooing process to the healing and maintenance of tattoos. The Website provides guidance to its users and tattooists on how to reach a perfect result, using various products. Through the Website we also sell our products to tattoo studios and suppliers worldwide (hereinafter referred to as “Services”).

 

1. Information We Collect

   1. Your privacy is important to us and we have taken steps to ensure that we do not collect more information from you than is necessary for us to provide you with our services and to protect your account.

   2. We may process the following categories of personal data about you:

      1. Personal Data means any information relating to an identified or identifiable natural person. This information may include, in particular by reference to an identifier, such as individual’s name, age, gender, e-mail address, shipping details, Shopify related information (only for payment processing for which separate terms of Shopify may be applicable), and such other information, data and materials as we may deem necessary for provision of Services. When you contact us through any of the communication modes as mentioned below, your email address may be added to our mailing list from which you can unsubscribe at any time using the unsubscribe link in each email or by contacting us at rasmus@sorrymomshop.com.

      2. Communication Data may include any communication that you send to us whether that be through the Consultation/Contact Form on our Website, through email, call or any other mode of communication that you use to contact us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.

      3. Technical Data may include data about your use of our Website and Services. We may collect this Technical data through Facebook pixel and google analytics. We process this data to analyse your use of our Website and other online services, to administer and protect our business and Website, to offer relevant products and advertisements for you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our Website and our business and to grow our business and to decide our marketing strategy.

      4. Marketing Data may include data about your preferences in receiving marketing from us and our third parties and your communication preferences. Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our services, to develop them, to grow our business and to decide our marketing strategy.

 

3. We may use Personal Data, Communication Data, Technical Data and Marketing Data (the “Data”) to provide you with Services. We may also use such data to send other marketing communications to you.

 

2. Name and Address of the Data Controller

   1. Data Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

 

Individual’s Name: Rasmus Cort Hansen

Address: Torvegade 17E, 1, 7100 Vejle, Denmark

Phone: +45 60851828

Email: rasmus@sorrymomshop.com

Website: www.sorrymom.dk

 

3. Consent and its Withdrawal

   1. When you visit our Website, you provide us consent to use your Data as per this Privacy Policy. In order to provide you with the Services, it is necessary for us to collect all relevant and necessary Data about you from you. In addition, by signing up and filling the Forms available on the Website, you give us your express consent and permission to use your Data.

   2. We will process the Data only after taking written instructions/consent from you mostly in electronic form in the form of Clickable button, a checkbox or through an email.

   3. If you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at rasmus@sorrymomshop.com.

4. Promotional Emails

   1. You agree that the Website may from time to time send e-mail messages to you which offer products and services, promotions, subscriptions or registration-based services or other material. If you wish to discontinue receiving such email, you may opt-out by writing us through email at rasmus@sorrymomshop.com. Your preferences will then be updated.

5. How We Use and Process the Data

   1. The Data collected by us from you may be used to provide you with Services and better understand your needs related services and programs, to correspond with you and reply to your questions with about our services.

   2. We will not rent or sell your Data to others. We may store the Data in locations outside our direct control (for instance, on servers or databases co-located with hosting providers).

   3. If you provide any Data to us, you are deemed to have authorized us to collect, retain and use that data for the following purposes:

1. verifying your identity;

2. providing you with customer service and responding to your queries, feedback, or disputes;

3. making such disclosures as may be required for any of the above purposes or as required by law, regulations and guidelines or in respect of any investigations, claims or potential claims brought on or against us;

4. provide and maintain the Services;

5. notify you about changes to our Services;

1. We shall ensure that:

1. The Data collected and processed for and on our behalf by any party is collected and processed fairly and lawfully;

2. You are always made fully aware of the reasons for the collection of Data and are given details of the purpose(s) for which the data will be used;

3. The Data is only collected to the extent that is necessary to fulfil the purpose(s) for which it is required;

4. No Data is held for any longer than necessary in light of the purpose(s) for which it is required.

5. Whenever cookies or similar technologies are used online by us, they shall be used strictly in accordance with the law;

6. You are informed if any data submitted by you online cannot be fully deleted at your request under normal circumstances and how to request that the we delete any other copies of that data, where it is within your right to do so;

7. Appropriate technical and organizational measures are taken to protect the Data;

8. Data is transferred securely, whether it is transmitted electronically or in hard copy.

9. You can fully exercise your rights with ease and without hindrance.

6. Disclosure of Data

   1. We shall not be able to keep your Data private in response to legal process i.e., a court order or a subpoena, a law enforcement agency’s request. If, in our view, it is deemed appropriate to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law, we may be compelled to disclose the Data and Personal Data. Moreover, in case of takeover, merger or acquisition, we reserve a right to transfer your data to new platform.

   2. We may disclose the Data in the good faith belief that such action is necessary to:

10. comply with a legal obligation

11. protect and defend our rights or property

12. prevent or investigate possible wrongdoing

13. protect the personal safety of users of the Service or the public

14. protect against legal liability

 

1. When necessary, we may also disclose and transfer your Data to our professional advisers, law enforcement agencies, insurers, government and regulatory and other organizations.

1. Data Storage

   1. Your Data may be stored and processed at the servers in United Kingdom, Canada, United States, Europe, or any other country in which the Website or its subsidiaries, affiliates or service providers maintain facilities.

   2. The Website may transfer Data to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

   3. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

   4. We will only retain your Data preferably for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, see section regarding insurance requirement and reporting requirements. When deciding what the correct time is to keep the Data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.

2. How We Protect Your Information

   1. We store all the Data submitted by you through Website at a secure database.

   2. We are concerned with protecting your privacy and data, but we cannot ensure or warrant the security of any data you transmit to or guarantee that your Data may not be accessed, disclosed, altered or destroyed by breach of any of our industry standard physical, technical or managerial safeguards.

   3. No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. If you have any questions about security of our Website, you can contact us at rasmus@sorrymomshop.com.

   4. Any Data supplied by you will be retained by us and will be accessible by our employees, any service providers engaged by us and third parties.

3. Compliance with the GDPR

   1. For users based in the European Union (EU), the Website shall make all reasonable efforts to ensure that it complies with The General Data Protection Regulation (GDPR) (EU) 2016/679 as set forth by the European Union regarding the collection, use, and retention of Data from European Union member countries. Website shall make all reasonable efforts to adhere to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement.

4. The Rights of Users

You may exercise certain rights regarding your Data processed by us. In particular, users based in the EU may do the following:

1. Right of confirmation

You shall have the right granted by the European legislator to obtain from us the confirmation as to whether or not personal data concerning you are being processed.

2. Right of Access

You shall have the right granted by the European legislator to obtain from us free information about your personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant you access to the following information:

• the purposes of the processing;

• the categories of personal data concerned;

• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

• the existence of the right to request from us rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;

• the existence of the right to lodge a complaint with a supervisory authority;

• where the personal data are not collected from you, any available information as to its source;

• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.

Furthermore, you shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, you shall have the right to be informed of the appropriate safeguards relating to the transfer.

3. Right to rectification

You shall have the right granted by the European legislator to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4. Right to erasure (Right to be forgotten)

You shall have the right granted by the European legislator to obtain from us the erasure of personal data concerning you without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

• You withdraw consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.

• You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.

• The personal data have been unlawfully processed.

• The personal data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject.

• The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

Where we have made personal data public and are obliged pursuant to Article 17(1) to erase the personal data, we, while taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. We will arrange the necessary measures in individual cases.

5. Right of restriction of processing

You shall have the right granted by the European legislator to obtain from us restriction of processing where one of the following applies:

• The accuracy of the personal data is contested by the data subject, for a period enabling us to verify the accuracy of the personal data.

• The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.

• We no longer need the personal data for the purposes of the processing, but we are required by the data subject for the establishment, exercise or defence of legal claims.

• You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether our legitimate grounds override those of yours.

If one of the aforementioned conditions is met, and you wish to request the restriction of the processing of personal data stored by us, you may at any time contact us.

6. Right to data portability

You shall have the right granted by the European legislator, to receive the personal data concerning you, which was provided to us, in a structured, commonly used and machine-readable format. You shall have the right to transmit those data to another data controller without hindrance from us to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

7. Right to object

You shall have the right granted by the European legislator to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If we process personal data for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you object to us to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

8. Automated individual decision-making, including profiling

You shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between you and us, or (2) is not authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between you and us, or (2) it is based on your explicit consent, we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and contest the decision.

9. Right to withdraw data protection consent

You shall have the right granted by the European legislator to withdraw your consent to processing of your personal data at any time. You may initiate request with us at rasmus@sorrymomshop.com. to exercise any of the above mentioned rights. We shall review your request and, in our own discretion, honour your request, if deemed necessary by us, within reasonable time.

11. Cookies

    1. We use technologies, such as cookies, to make better user experience, customise content, to provide social media features and to analyse traffic to the Website. Where applicable the Website uses a cookie control system allowing the user on their first visit to the Website to allow or disallow the use of cookies on their computer / device.

    2. Cookies are small files saved to the user's computers’ or mobile devices’ hard drive or memory that track, save and store information about the user's interactions and usage of the Website. This allows the Website, through its server to provide the users with a tailored experience within this Website.

    3. Users are advised that if they wish to deny the use and saving of cookies from this Website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this Website and its external serving vendors.

    4. We may gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and click stream data. We may use this information, which does not identify individual users, to analyse trends, to administer the Website, to track users’ movements around the Website and to gather demographic information about our user base as a whole.

    5. We may track the referring URL (the web page you left before coming to the Website) and the pages, links, and graphics of the Website you visited. We do so because it allows us to evaluate the reputation and responsiveness of specific web pages and any promotional programs we may be running.

    6. Managing Cookies: Many web browsers allow you to manage your preferences. You can set your browser to refuse cookies or delete certain cookies. You may be able to manage other technologies in the same way that you manage cookies using your browser’s preferences.

    7. Please note that if you choose to block cookies, doing so may impair the Website Services or prevent certain elements of it from functioning.

12. Third-Party Service Providers

    1. We may employ third party companies and individuals to facilitate our Service ("Third Party Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.

    2. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

13. Changes to this Privacy Statement

    1. We may modify these this Privacy Policy from time to time, and any such change shall be reflected on the Website with the updated version of the Privacy Policy and you agree to be bound to any changes to the updated version of Privacy Policy when you use the Website or its services.

    2. You acknowledge and agree that it is your responsibility to review this Website and this Policy periodically and to be aware of any modifications. Updates to this Policy will be posted on this page.

    3. Also, occasionally there may be information on the Website that contains typographical errors, inaccuracies or omissions that may relate to service descriptions, pricing,