Thank you for visiting our website and for your interest in the services of Es Solo Holdings Ltd (Es Solo). The protection and security of our clients’ and users’ data is important to us. We, in accordance with the EU-General-Data-Protection-Regulation, have therefore designed our business processes and the services offered on this website in such a way that as little personal data as possible is collected or processed. The following data protection declaration explains what personal data this is, for what purpose this data is used and how we protect it against unauthorized or unlawful use. By using this website and/or ordering the services offered, you agree to the data practices described in this data protection declaration.
We, Es Solo, are the provider of this website and controller of the personal data we collect on this website or in connection with the services offered on this website within the meaning of EU General Data Protection regulatory guidelines. Our company is located at 3-8 Bolsover Street London W1W 6AB United Kingdom (“UK”).
If you have any questions, suggestions or complaints regarding data protection, please write to our corporate data protection officer/compliance at the above address, or by email to email@example.com.
WHICH DATA DO WE COLLECT?
When you open a web page:
• IP address,
• Time stamp of the access,
• Requested resource,
• Name and version of the browser software (browser data)
When you use our contact form:
• E-mail address
• Content of your request in text form (contact details)
When you order prepaid cards or codes:
• First name and surname
• If necessary, also a company name
• Deviating recipient name, if applicable
• e-mail address
• Deviating delivery email address, if applicable
• Postal address
• Deviating delivery address, if applicable
• Telephone number (ordering data)
If you make a payment to us, we additionally store:
• Invoice/booking number
• Account details (IBAN) (payment details)
When you contact our customer service, we store your:
• Telephone number
• E-mail address (if applicable)
• Content of your request in text form (customer service data)
If you register as a customer in order to be able to complete future orders without re-entering all order data, we additionally record a personal password, which is immediately encrypted so that only you know your password in plain text.
We may collect further data if and insofar as you have expressly given us your consent in individual cases.
FROM WHICH SOURCES DO WE COLLECT THIS DATA?
Usually we collect browser, contact, customer service and order data directly from you when you open our website and enter data in the respective order or contact form or in conversation with our customer service.
We also offer the possibility to deliver gift cards and gift codes directly to the recipient. Therefore, you may receive a gift card from us that was purchased for you by a third party rather than you. Your name and (e-mail) address were then given to us by this third party. In this case, we assume that you accept the gift and agree to the direct delivery. If this is not the case, please contact us at the above address.
When placing an order, do not identify any third parties as recipients if they do not agree to the gift or direct delivery.
FOR WHAT PURPOSES AND ON WHAT LEGAL BASES?
We use your data to answer your inquiries, execute and fulfil orders and carry out payment transactions including issuing invoices; on the legal basis of Art 6 Para. 1 b) and c) GDPR, in connection with the respective donation or purchase contract.
In addition, we use your data within the scope of the necessary balancing of interests to protect legitimate interests within the meaning of Art. 6 para. 1 f) GDPR and to fulfil legal obligations within the meaning of Art. 6 para. 1 c) GDPR; in particular to guarantee IT security and IT operation, to assert legal claims and defense in legal disputes, to prevent criminal offences, to comply with due diligence and risk management under anti money laundering law and to fulfil legal retention obligations. The legal basis for such use is Articles 6 Paragraph 1 c) and f) GDPR, where applicable in connection with further legal provisions, in particular Art 32 GDPR, §§ 4 – 17 of the Anti-Money-Laundering Act, § 257 of the Trade Act, § 147 Tax Act and § 14b VAT Act.
If and to the extent that you have expressly given your consent for further purposes in individual cases, we will use your data for these purposes on the legal basis of Article 6 a) GDPR in connection with the respective consent.
NO USE FOR ADVERTISING PURPOSES AND NO PROFILING
We do not use your data for advertising purposes unless you have expressly and separately requested us to inform you about our products, services and prices. In no case we pass your data on to third parties for their own advertising purposes.
The data collected by us on this website or in connection with the services offered on this website will not be used for automated individual decision-making including profiling within the meaning of Art 22 GDPR.
TRANSFER TO THIRD PARTIES
For the purpose of delivering ordered gift cards, we transmit your address to the commissioned forwarder (e.g. Deutsche Post AG).
PROCESSING IN THIRD COUNTRIES
As part of an international group of companies with operations in various countries worldwide, we also use the facilities of our affiliated companies within the Es Solo network to provide
our services. However, we remain controller within the meaning of the GDPR. Your data may therefore also be processed at locations in third countries outside the European Economic Area. Es Solo protects all facilities in accordance with the high data protection level of the GDPR, as we have provided appropriate guarantees at all sites, which can be effectively enforced by the parties concerned.
During your visit to this website, data may be stored on your computer in the form of so-called “cookies”. Our cookies serve the user-friendliness and the smooth navigation through our web pages. With the exception of a web analysis cookie, all our cookies are so-called session cookies, which are deleted at the end of your visit to our website. We do not use so-called “targeting” or “advertising cookies”, which serve advertising purposes, on this website.
You have the option of managing the storage of cookies via the settings of your web browser. If you refuse or block the storage of cookies by our websites, you can still access our websites, but many functions will not function or will not function correctly.
DURATION OF STORAGE
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. As a rule, we store order data until all claims arising from the respective contractual relationship become statute-barred. As far as your personal data is concerned, our retention period is seven years.
RIGHTS OF THE USER
You have the right to access the personal data stored about you pursuant to Article 15 GDPR, the right to rectification of your personal data if we have stored them incorrectly pursuant to Article 16 GDPR, the right to erasure if there is no longer any right to storage pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. The restrictions according to §§ 34 and 35 of the Federal Data Protection Act (BDSG) apply to the right to information and the right of deletion. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 DSGVO in conjunction with § 19 BDSG).
You can revoke your given consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018. To exercise the rights under Articles 16-18, 20 and 21 GDPR, or any other questions, suggestions or complaints relating to data protection, please contact our corporate data protection officer at the above physical address:
Es Solo Holdings Ltd
3-8 Bolsover Street London W1W 6AB
Or by email to:
To exercise your right of appeal, please contact the competent data protection supervisory authority. Your competent supervisory authority depends on your country of residence or where the alleged infringement has occurred.