SANGI Europe GmbH : Privacy Policy

Thank you for your interest in our website. The protection of your privacy is very important to us. The legal basis for data protection can be found in the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications Digital Services Data Protection Act (TDDDG).
Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes, for example, the person's name, e-mail address or telephone number.
In the following we inform you in detail about our way of handling of your data. „If there are any differences between the German version and this English translation, the German version takes precedence.“
Responsible for the processing of your personal data is:
SANGI Europe GmbH (represented by Managing Director Roslyn Hayman), 
Register: AG Munich, HRB 256774 
Leopoldstrasse 244 
D-80807 Munich, Germany 
(hereinafter "SANGI Europe GmbH" or "we") 
Tel: +49 (0) 89 - 208 039 387 
Fax: +49 (0) 89 - 208 039 388 
Personal data is only collected, used and passed on by us if this is permitted by law or if the user agrees to the same.

1. Data transmission security

This website uses SSL encryption for security when transmitting personal data and other confidential content. Such secure connection can be recognized by the lock symbol in the address line of the browser.

2. Storage of access data in server log files

You can visit the web pages of this on-line store without giving any personal information.

In so-called server log files, only access data is stored, such as the name of the requested file, date and time of access, amount of data transferred and requesting provider, Internet Protocol (IP) address, website from which the request originates, browser used, and operating system used. (Legal basis : Art.6 para.1 p.1 lit.f GDPR).

The log files contain IP addresses and other data that allow an assignment to you as a user. This data will not be stored together with other personal data of the user.
These data are analysed exclusively to ensure the trouble-free operation of the site, in particular delivery of the website to the user's computer, and to improve our services. An evaluation of the data for marketing purposes does not take place in this context.
However SANGI Europe GmbH reserves the right to subsequently check the log data if there is a justified suspicion of illegal use based on concrete evidence.

3. Data collection and use for contract processing, opening a customer account and for contacting you

In accordance with Art.6 para.1 lit.b GDPR, we collect your personal data when you voluntarily provide us with this information in the context of your order, when you contact us (e.g. via contact form or e-mail) or when you open a customer account, insofar as this data is required for those purposes. Which data is collected can be seen from the respective input forms. Furthermore, when you send the message entered in the input form, the IP address of the source computer and the date and time of sending will be stored.
We use the data you provide us with to process contractual transactions between us and to handle your inquiries. After completion of processing or deletion of your customer account, your data will be blocked from further use, i.e. its handling will be restricted and deleted after expiry of the retention periods prescribed by tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to do so which is permitted to us by law and about which we inform you. (See Section 4 below). Your customer account can be deleted at any time, either by sending a message to the contact option described below or by using a function in your customer account intended for this purpose.
The transfer of your data to the following payment service providers is also based on and for the purpose of this contractual transaction (Art. 6(1)(b) GDPR):
SANGI Europe GmbH does not collect or store credit card information. Credit card payments are processed through the Dutch online payment service provider Mollie B.V. (Keizersgracht 126, 1015 CW Amsterdam, Netherlands; Privacy Policy: https://www.mollie.com/de/privacy), which also handles Sofortüberweisung and Giropay online transfers. In addition, payment via the payment service provider PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full) is also available. If you select the “Pay Later by Klarna” payment method, payment processing is handled by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. In addition to fulfilling the contract (Art. 6(1)(b) GDPR), we also transfer your personal data (first and last name, address, date of birth, email address, phone number, and shopping cart data) to Klarna based on our legitimate interest in preventing payment defaults pursuant to Art. 6(1)(f) GDPR. This is done for the purpose of identity and creditworthiness verification. Klarna may pass this data on to credit bureaus. Detailed information on this can be found at: https://www.klarna.com/de/datenschutz/. 
Among other options, you have the option to submit your cancellation using the cancellation button provided on our website. In this context, we process the data you have entered (e.g., name, contact information, order details) as well as technical information (e.g., the time the cancellation was submitted) in order to process your cancellation and rescind the contract.
The legal basis for this processing is Article 6(1)(b) of the GDPR (performance of a contract).
The data will be stored for as long as necessary to process the cancellation and to comply with statutory retention requirements.

4. Data transfer for contract fulfillment

In order to fulfill the contract, SANGI Europe GmbH shall pass on your data to the shipping company commissioned with delivery, insofar as this is necessary for the delivery of ordered goods. For the processing of payments, we will pass on the necessary payment data to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the payment service selected by you during the ordering process. (Legal basis : Art.6 para.1 p.1 lit.b GDPR).

If you provide us with your e-mail address, either in your customer account or in the case of a one-time guest order, we will forward your e-mail address to our logistics partner, so that they can provide you with a link to track your shipment.

5. Use of cookies

Cookies are small text files that are stored on your end device.
To make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages (e.g. during the ordering process to store the shopping cart or your login information). (See Section 6 below). Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device to enable us to recognize your browser the next time you visit us (persistent cookies). You can set your browser to inform you when cookies are set and to decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. If you do not accept our cookies, this may affect the functionality of our website.
In the case of a visiting user, no data will be assigned and no data stored, including personal data. However, we reserve the right to use the IP address or other information concerning respective visitors if this is necessary to ensure compliance with guidelines, to protect our services offered via the website, or to comply with legal obligations.
When you visit our website, an information banner informs you about the use of cookies for analysis purposes and refers you to this Privacy Policy statement.

You can find a link to the individual cookie settings at the end of this privacy policy.

6. Use of Social Plugins from Facebook and Instagram

Our website uses so-called social plugins (“plugins”) from the social network Facebook and the online service Instagram. These services are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).
The plugins are integrated exclusively via the so-called “two-click solution” or through a prior consent step (consent management system). This means that simply visiting our website does not result in the transmission of any personal data to Meta. The legal basis for the use of the plugins is your explicit consent in accordance with Art. 6(1)(a) of the GDPR and § 25(1) of the TDDDG.
An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins
An overview of the Instagram buttons and their appearance can be found here: https://about.instagram.com/blog/announcements/introducing-instagram-badges-for-webpage-embedding
Only when you actively activate the plugins by clicking on them—and thereby give your consent—does your browser establish a direct connection to Meta’s servers. The plugin’s content is transmitted directly from Meta to your browser and integrated into the page. Through this integration, Meta receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective service or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server operated by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, and stored there. Meta Platforms, Inc. is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection for transfers to third countries (Art. 45 GDPR).
If you are logged in to one of these services, Meta can directly associate your visit to our website with your profile on Facebook or Instagram. If you interact with the plugins—for example, by clicking the “Like” or “Instagram” button—the corresponding information is also transmitted directly to a Meta server and stored there.
For information on the purpose and scope of data collection, as well as the further processing and use of the data by Meta, and your related rights and privacy settings, please refer to Meta’s privacy policies. We have no influence whatsoever on the nature and scope of the data that the plugins transmit to Meta’s servers.
The Facebook Privacy Policy is available at: https://www.facebook.com/about/privacy
The Instagram Privacy Policy is available at: https://help.instagram.com/155833707900388/
If you do not want Meta to directly associate the data collected via our website with your profile on the respective service, you must log out of the relevant service before visiting our website and delete any cookies that may be present in your browser.
Please note that we are jointly responsible with Meta Platforms Ireland Limited, within the meaning of Article 26 of the GDPR, for the collection and transmission (but not the further processing) of so-called event data that Meta collects via the Facebook and Instagram plugins on our website (the so-called “Controller Addendum,” available at https://www.facebook.com/legal/controller_addendum). The agreement stipulates that Meta is specifically responsible for fulfilling information obligations and safeguarding the rights of data subjects; this means you may also direct requests for access or erasure directly to Meta. Your rights vis-à-vis us as the data controller are not restricted by this agreement.
You may revoke your consent at any time with future effect by accessing the cookie settings via our consent banner on the website and deselecting the corresponding option.

7. Use of Google Analytics and tracking tools for web analysis

This website uses the “Google Analytics 4” (GA4) service, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”), to analyze how users interact with the website. The legal basis for the use of this service is your explicit consent in accordance with Art. 6(1)(a) of the GDPR and § 25(1) of the TDDDG. Data collection does not begin until you have actively given this consent via our consent banner on the website.
The service uses “cookies”—text files that are stored on your device. The information collected by the cookies is generally sent to a Google LLC server in the United States and stored there.
When using Google Analytics 4, IP address anonymization is enabled by default and is technically enforced. Your IP address is automatically truncated by Google. Full IP addresses are neither collected nor stored. The truncation takes place on servers located within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. The IP address is used only temporarily in volatile memory to determine approximate location data (e.g., region or city) and is then immediately deleted before the analytics data is transmitted to or stored in third countries (such as the United States).
We have entered into a data processing agreement with Google in accordance with Article 28 of the GDPR. In cases where personal data is transferred to the United States, the parent company Google LLC is certified under the EU-U.S. Data Privacy Framework (DPF). An adequate level of data protection is thus ensured in accordance with Article 45 of the GDPR.
Under this data processing agreement, Google uses the collected information to analyze website usage and activity and to provide internet-related services to the website operator.
You may revoke your consent at any time with future effect by accessing the cookie settings via the consent banner on our website and disabling consent for Google Analytics. Alternatively, you can use a browser plugin to prevent the information collected by cookies (including your IP address) from being sent to Google LLC and used by Google LLC. The following link will take you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=de

8. Newsletter subscription

The website operator offers a newsletter to keep you informed about current events and special offers. If you would like to subscribe to the newsletter, you must provide a valid email address. Our newsletter is sent via the “Brevo” newsletter service, an application provided by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (data processing location: Germany/France). You will receive an email from Brevo to confirm your email address, and only after this confirmation (“double opt-in”) will we add you to our newsletter list. Only the data necessary for sending the newsletter (email address) is shared with Brevo. If you do not consent to receiving the newsletter from the outset, your data will not be forwarded to Brevo. 
You can unsubscribe from the newsletter at any time by either sending a message using the contact information provided below or by clicking the link provided for this purpose in the newsletter. After you unsubscribe, we will ensure that your email address is deleted from Brevo’s records.

9. Rights of the data subject

If your personal data is processed, you are a "data subject" within the meaning of the GDPR and have the following rights against us in our capacity as controller:

9.1 Right to information
You can request confirmation from us, as controller, as to whether personal data concerning you is being processed, and if processing is being carried out, you can demand from us the following information (if necessary, in writing and free of charge):
- processing purposes
- categories of personal data processed
- recipients or categories of recipients
- planned storage period of the personal data or specification criteria
- whether you have a right to rectification or erasure of the personal data concerning you, a right to have the processing limited by the responsible party, or a right to object to such processing
- all available data on the origin of the personal data, if it was not collected from you
- whether an automated decision-making process including profiling exists, in accordance with Art. 22 para.1, para.4 GDPR

9.2 Right of rectification
You have the right to request correction and/or completion from us as controller, if the personal data processed concerning you is incorrect or incomplete. We, as controller, must make the correction without delay.

9.3 Right to limit processing
Under certain conditions, specified in more detail in Art.18 GDPR, you may request that the processing of personal data concerning you be restricted.

9.4 Right of deletion
In addition to the regular deletion mentioned above, you can demand from us, as controller, that the personal data concerning you be deleted immediately, if one of the other reasons mentioned in Art 17 GDPR applies, with no exception.

9.5 Right to information
If you have asserted your right to rectification, erasure or limitation of processing of your personal data against us, as controller, we are obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by us, as controller.

9.6 Right to data transferability
You have the right to receive from us, as controller, the personal data concerning you that you provided to us, in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge, without hindrance by us, as controller, to whom the personal data has been provided, provided that
(1) the processing is based on a consent pursuant to Art.6 para.1 letter a GDPR, or Art.9 para.2 letter a GDPR, or on a contract pursuant to Art.6 para.1 letter b GDPR and
(2) the processing is being carried out by means of automated procedures.

9.7 Right to withdraw your declaration of consent under data protection law
You have the right to revoke at any time your declaration of consent under data protection law, for example your consent to use your order and address data. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.

9.8 Right of objection/removal
You have the right to object at any time to the processing of your personal data (which has been collected on the basis of art.6 paragraph 1 e or f GDPR).
Where you have the possibility to object to the collection or use of certain data, such as certain cookies, we have marked this at the relevant points.

9.9 Right to complain to a supervisory authority
As a rule, you can contact the supervisory authority in the place where your habitual place of residence or workplace or our company headquarters are located.

10. Possibility of contact

Please contact us directly, at the address below, if you have any questions regarding the collection, processing or use of your personal data, for information, correction or deletion of data, regarding the restriction of processing, for data transferability, as well as for the revocation of consents granted or objection to a specific use of data:
SANGI Europe GmbH
Leopoldstrasse 244 
80807 München 
Telephone: +49 (0) 89 - 208 039 387 
Fax: +49 (0) 89 - 208 039 388 
e-mail: info@sangi-eu.com 
Regardless of this option, you always have the right to contact the supervisory authority responsible for data protection directly or to use other ordinary legal remedies.
In particular, the supervisory authority within the state in which you have your permanent domicile or workplace is responsible for such complaints. Within the Federal Republic of Germany, this is the supervisory authority of the federal state in which you have your permanent residence or your job.