Privacy policy

 

Snuggle Bunny

(Version 1)

Updated April 2021

 

We appreciate your interest in our website. The protection of your privacy is a particularly high priority for our business. For that reason, we have taken technical and organizational measures to ensure that we as well as our partners and external service providers observe the rules of data protection. Nevertheless, we draw your attention to the fact that the transmission of data on the internet may involve security holes and cannot be fully protected from access by third parties.

We treat your personal data as confidential and in accordance with the statutory data protection regulations such as the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to our company. 

 

General Information

 

1. The following privacy policy is particularly intended to inform you about the type, scope,  purpose, and duration of as well as the legal basis for the processing of personal data when using our website. Personal data is all data that is personally available concerning you, e.g. name, address, email addresses and user behavior. Personal data will only be processed by us to the extent necessary and with the purpose of providing a functional and user-friendly website including its contents and the services offered there.
   
   
   
2. The party responsible for this website for the purpose of data protection law (Art. 4 VII  GDPR) is:

 

Company Zibo Group d.o.o., Trnovska ulica 2, 1000 Ljubljana, Slovenia.

 

1. If you contact us via email or contact form, the data you provide (email address as well as name) will be used for the purpose of processing your request. We delete the data that is transferred in this context, if the storage is no longer necessary and if there are no further legal obligations such as statutory storage requirements. There is no transfer of this personal data to third parties. Legal basis is Art. 6 Para 1 lit. b. and f. GDPR.
   
   
   
2. Since we rely on contracted service providers for individual functions of our offers, we inform you about these third-party components and explain which data they collect and control in the section below.

 

Rights

 

1. With regard to the data processing to be described in more detail below, you have the
   
   right to information (Art. 15 GDPR),
   
   to rectification or erasure (Art. 16, 17 GDPR),
   
   to restriction of processing (Art. 18 GDPR),
   
   to object to the processing (Art. 18, 21 GDPR),
   
   to data portability (Art. 20 GDPR).
   
   
2. You also have the right to complain to the data protection supervisory authority about the processing of your personal data.

 

Objection or revocation against the processing of your data

 

1. If you have given your consent to the processing of your data, you can revoke them at any time. Such revocation will affect the admissibility of the processing of your personal data after you have given it to us.
   
   
2. If we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if, in particular, the processing is not required to fulfill a  contract with you. This is described in each case in the following description of the functions. In the event of such disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.
   
   
3. Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your advertising conflict under the following contact details: 

 

Information about the data processing

 

1. In the case of a solely informative use of our website, i.e. if you do not provide us with  information (for example, when contacting us via our contact form), we only collect the  personal data your browser transmits to our servers. For technical reasons, especially to ensure  a secure and stable website, these are the following data (so-called server log files):
   
   the type and version of your browser,
   
   the operating system,
   
   the previous that linked to our website (referrer URL),
   
   the web pages visited on our site,
   
   the date and time of your visit,
   
   as well as your IP address.
   
   We do not draw any conclusions about you. This information is needed in order to deliver the content of our website correctly, optimize the content and advertisement of our website, ensure the long-term viability of our information technology systems and website technology, and provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber attack. The anonymous data of the server log files are stored separately from all personal data provided by you.
   
   The legal basis for the collection of these data is Art. 6 Para. 1 lit. f. GDPR. The data will be deleted within no more than seven days unless continued storage is required for evidentiary purposes.

 

1. In addition to the aforementioned data, we use cookies on our website. Cookies are small text files stored on your hard drive and are associated with the browser you use. They only give us certain information. Cookies cannot run programs or transmit viruses to your computer. This processing makes our website more user-friendly, efficient and secure. The legal basis is Art. 6 Para. 1 lit. b. and f. GDPR.
   
   
2. Our website uses transient cookies and persistent. Transient cookies are automatically  deleted when you close the browser. Transient cookies include session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can also delete cookies in the security settings of your browser at any time. In addition, you can configure your browser setting according to your wishes and decline the acceptance of third-party cookies or all cookies. We point out, that as a result, you may not be able to use all features of our website.
   
   If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analyzing, or improving the features of our website.

 

Hosting

 

Within the framework of a processing on our behalf, a third-party provider provides the services for hosting and displaying our website. All data collected as part of the use of this website will be processed on its servers. This service provider is located in a country outside the European  Union, for which the European Commission has determined by decision an appropriate level of data protection.

 

SSL-Encryption

 

To guarantee the security of your data during transmission, we use encryption techniques such as  SSL or TLS. You can recognize an encrypted connection in your browser when your browser address changes to HTTPS and the lock icon is displayed in your browser's address bar.

 

Features and other offers of our website

 

1. In addition to the purely informational use of our website, we also provide you with special enterprise services. To do so, you will generally need to provide us with other personal information that we use to provide the service and for which the aforementioned data processing principles apply.
   
   
2. We partly use external service providers to process your data. These external service  providers have been selected carefully. They are bound to our instructions and regularly monitored.
   
   
3. Insofar as our service providers or partners are based in a country outside the European  Economic Area (EEA), we inform you about the consequences of this circumstance in the description of the offer.

 

Order processing

 

1. Our online shop uses the platform Shopify Inc., 126 York Street, Suite 200, Ottawa, ON,  Canada, K1N 5T5 ("Shopify"). Shopify provides an e-commerce platform, which allows us to sell our goods. If you place an order in our online-shop, you agree to the storage and processing of  your personal data by Shopify. The data provided during the ordering process is stored on a  secure server. If you are located in the European Economic Area (EEA) or Switzerland, your data will be processed and stored in Ireland through Shopify International Ltd.. However, Shopify notes that as part of a smooth service, data can also be transferred to other regions, including the US and Canada. Shopify strictly adheres to the agreement between the EU and the USA and the agreement between Switzerland and the USA for data collection and use (EU - US  Privacy Shield Framework.
   
   This data is stored and processed for the purpose of supporting and processing your orders,  your authentication, the processing of payment transactions and the improvement of Shopify's services. For more information on Shopify's terms of use and privacy, please visit http://www.shopify.com/legal/privacy or https://help.shopify.com/pdf/gdpr-whitepaper.pdf.
   
   
2. The data you submit when ordering goods will have to be processed to fulfill your order.  Please note that orders cannot be processed without providing this data. The legal basis for this processing is Art. 6 Para. 1 lit. b. GDPR. After your order has been completed, your personal data will be deleted according to applicable legal regulations such as tax and commercial law.
   
   
3. By using our online shop, you also agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (for more information please see section  § 4; a session cookie is a temporary cookie that gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your local currency. Legal basis is Art. 6 Para 1 lit. b and f. GDPR.
   
   
4. With the purpose of processing your order, we will first share your data with the shipping company responsible for delivery to the extent required to deliver your order and second with the payment service provider to the extent required to process your payment.
   
   
5. If you wish to order goods in our online shop, it is necessary for the conclusion of the  contract that you provide us with your personal data that we need for the processing of your order. Required entries are marked separately. We process the data provided by you to process your order. To complete the process, we can also pass on your payment data to our house bank. The legal basis for this is Art. 6 Para 1 lit. b GDPR. We may also process the information to inform you about other interesting products from our portfolio or to send you an email with technical information. Due to commercial and tax regulations, we are obliged to store your address, payment data and order data for a period of ten years.
   
   
6. In order to prevent unauthorized access by third parties to your personal data, in particular  to financial data, the order process is encrypted using TLS technology.

 

Payment Service Provider

 

1. Operating companies are:
   
   PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg;
   
   Stripe, Inc., 510 Townsend Street San Francisco, CA 94103 United States.
   
   
2. If you select one of the two payment service providers during the ordering process in our online shop as a payment option, your data will be automatically transmitted to the service provider. By selecting this payment option, you agree to the transfer of personal data required for payment processing.
   
   
3. Personal data processed by PayPal and Stripe include inventory data, such as your name, address, email address, IP address or bank details as well as other data necessary for payment processing. This information is required to complete the transactions and to perform an identification check. The data entered will only be processed and stored by PayPal and Stripe.  We do not receive any information related to your account or credit card. The data may be transmitted to credit reporting agencies. The payment service providers may also collect and use data and information on your previous payment behavior as well as probability-values for your  behavior in the future in order to decide on the reasoning, implementation or termination of a  contractual relationship. The calculation of scoring is carried out on the basis of scientifically recognized mathematical-statistical methods.
   
   
4. For the payment transactions, only the terms and conditions and the privacy policy of PayPal and Stripe apply.
   
   
5. You have the possibility to revoke your consent for the handling of personal data at any time from PayPal and Stripe. A revocation will not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.

 

Social Media

 

1. We have integrated components of the service Instagram on our website. Instagram is a  service, which allows us to share photos and videos. The operating company of the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, United States.
   
   
2. The services are integrated by an Instagram button on our Website. We do not use any  plugins. By integrating buttons, linked graphics prevent Instagram from automatically  establishing a connection to the Instagram server when you visit our website. Only if you click on the linked graphic, you will be forwarded to the service of Instagram. In this case, information about the use of our website will be recorded by Instagram. This information may include your IP address, the date and time you visited our site, as well as the pages you viewed.
   
   
3. If you are logged in to your Instagram account while clicking on the linked graphic,  Instagram matches this information with your personal Instagram account and stores the personal data. To prevent this, you must either log out of your Instagram account before clicking the linked graphic or make the appropriate settings in your Instagram account.
   
   
4. Further information and the applicable data protection provisions of Instagram may be  retrieved under https://www.instagram.com/about/legal/privacy/.

 

Newsletter

 

1. With your consent, we give you the opportunity to subscribe to our newsletter, which informs you about our current offers.
   
   
2. You can revoke your consent to receive our newsletter at any time. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter. The information will be stored as long as you have subscribed to the newsletter. After your deregistration we will store the data purely statistically and anonymously. In general, tracking is not possible if you have turned off the image display by default in your email client. In this case the newsletter will not be displayed completely and you may not be able to use all features.

 

Information regarding data processing pursuant to Art. 13 and 14 of the EU General Data Protection Regulation (GDPR)

 

The following information is intended to give you an overview regarding our processing of your  personal data and your rights derived from the GDPR. The specific data processed and the  purpose for which it is employed relate directly to the services offered and received. Data  Privacy is important – we therefore kindly ask you to familiarize yourself with the Data  Protection Information found below. 

 

This data privacy information is provided in connection with our Privacy Policy, which you can  find at the end of this page.

 

Contact details of the controller

 

The responsible controller is: 

Zibo Group d.o.o.

Trnovska ulica 2

1000 Ljubljana, Slovenia

hello@snugglebunny.eu 

 

Purpose of and legal basis for processing

 

We process personal data that we obtain from you in the context of our business relationship.  We also process, insofar as necessary to provide our service, personal data that we obtain from publicly accessible sources (e.g. debt registers, commercial and association registers, press,  internet) or that is legitimately transferred to us by other third parties (e.g. credit agencies). 

Relevant data is personal information (e.g. name, address and other contact details, date and  place of birth and nationality), identification data and authentication data (e.g. passport data).  Furthermore, this can also be order data (e.g. payment orders); data from the fulfillment of our  contractual obligations (e.g. sales data in payment transactions); information about your  financial situation (e.g. creditworthiness data); marketing and sales data, including advertising  data; documentation data (e.g. consultation protocol) and other data similar to the categories  mentioned. 

In the context of our business relationship, you must provide all personal data that is required  for accepting and carrying out a business relationship and fulfilling the accompanying  contractual obligations or that we are legally obliged to collect. Without this data, we are, in  principle, not in a position to close or execute a contract with you. So if you do not provide us  with the necessary information, we cannot enter into or continue the business relationship you  desire. 

We solely process personal data in accordance with the provisions of the European General  Data Protection Regulation (GDPR).

As long as you have granted us consent to process your personal data for certain purposes, this processing is legal on the basis of your consent. You may withdraw your given consent at any time with effect for the future. This shall have no effect upon the legality of the data processed prior to this withdrawal.

 

Within the scope of the balancing of legitimate interests

 

Where necessary, we will process your data beyond the actual fulfillment of the contract for the  protection of the legitimate interests of our business or third parties. Examples in this regard  include: 

- the assertion of legal claims and their defense during litigation; 

- the guaranteeing of the IT security and operation of our business; 

- crime prevention and solution.

 

Recipient or categories of recipients of the personal data 

 

Within our company, every unit that requires your data to fulfill our contractual and legal  obligations will have access to it. Service providers and vicarious agents appointed by us can  also receive access to data for the purposes given if they maintain confidentiality. These are  companies in the categories of IT services, logistics and payment. The basis for this is an order data processing agreement. 

With regard to transferring data to recipients outside our business (third parties), we may pass  on information about you only if legal provisions demand it or if you have given your consent.  Under these requirements, recipients of personal data can be for example:

Public entities and institutions upon providing a legal or official obligation. Other companies to which we transfer your personal data in order to carry out a business relationship with you. Other recipients of data can be any units for which you have given us your consent to transfer data.

 

Transmission of personal data to a third country

 

Your data is transmitted by means of a web-based application on the Internet. The  confidentiality, integrity, authenticity and availability of the personal data can, as such, not be  guaranteed. Your data can also be retrieved by means of the web-based application in third  countries that do not observe any data protection regulations comparable with those of the  European Union. 

If it is necessary for the purpose of carrying your orders (e.g. payment orders) or if you have  granted us your consent, we also transfer data to units in states outside the EU.

 

Storage period of the personal data

 

After your data has been collected by us, we will process and store your personal data as long  as it is necessary in order to fulfill our contractual and statutory obligations.

If personal data is no longer required in order to fulfill contractual or statutory obligations, it is  deleted, unless further processing is required. Purposes can be the fulfilling of obligations to  preserve records according to commercial and tax law.

 

Your rights 

 

Pursuant to the European General Data Protection Regulation (GDPR), you have the right:

to access according to Art. 15 GDPR;

to rectification according to Art. 16 GDPR;

to erase according to Art. 17 GDPR;

to data portability according to Art. 20 GDPR;

to restrict processing according to Art. 18 GDPR;

to object according to Art. 21 GDPR.

Furthermore, there is also a right to lodge a complaint with an appropriate data privacy  regulatory authority (Art. 77 GDPR).

To exercise your rights, please contact us via the contact details given in the imprint.

If you have consented to the processing of your data by us you may withdraw this consent at  any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of  any data processing for which consent was given and which was carried out prior to the  withdrawal of said consent.