Thank you for your interest in our website. In the following, we will inform you in detail about the processing of personal data when using this website. Personal data means all data that can be personally related to you, e.g. name, address, telephone number, email address or user behavior.
1. Who is responsible for data processing?
The service provider and party responsible for processing personal data (“controller”) is Kanorshop, Inc., 1687 Primrose Lane, Milwaukee, WI 53213 (“Kanorshop”).
If you have any questions about the collection, processing, or usage of data; if you have requests for information, correction, disabling or deletion of data; or if you want to revoke a previously given consent; or if you want to object to the usage of your information for advertising purposes, please use the settings provided in your account’s user area, or else contact us at one of the following addresses:
Postal Mail: 1687 Primrose Lane, Milwaukee, WI 53213
2. To what extent is personal data processed?
2.1 Collection of personal data when you visit our website
a) Log files
If you visit our site for informational purposes but don’t register with us, create an account, order something, or otherwise deliberately transfer information to us, we collect information from your browser to help us serve our websites to you. In particular, we collect
- IP address,
- date and time of the request,
- time zone difference to Greenwich Mean Time (GMT),
- name of the requested file,
- access status/HTTP status code,
- volume of data transferred,
- the page from which you came to visit us,
- your operating system and its interface,
- your browser type and the language and version of the browser software,
- a report of successful retrieval
The data is technically necessary for us to display our website to you. It is also evaluated to make the website user-friendly and to ensure stability and security. For this purpose, we partly use the external web hosting service providers Akamai Technologies, Inc. and Amazon Web Services, Inc.
b) Cookies and similar technologies
We also use “cookies” on our sites. Cookies are small text files that are assigned to your browser and stored on your device. Through them, certain information flows to the place that sets the cookie, such as settings or data for exchange with the system. This helps us to make our website more user-friendly and effective overall. The legal bases for this are your consent and our legitimate interests. Cookies cannot execute programs or transmit viruses to your device.
We use session cookies, persistent cookies, and third-party cookies.
Session cookies store what’s called a session ID, which can be used to assign different requests of your browser to a common session. This allows your device to be recognized when you return to our website. For example, this lets you store certain information you have entered (such as log-in information, language settings) in such a way that you do not have to repeat it constantly. Session cookies are automatically deleted when you log out or close your browser.
Persistent cookies remain on your device for the time being, so that we can recognize your browser on your next visit and we can, for example, assign your preferred information and settings. Long-term cookies are automatically deleted after a specified period, which may vary depending on the cookie.
When you visit our website, our partner companies also store third-party cookies on your device. The cookies contain information about how our website is used, e.g. which pages and products were visited. The data is collected in a pseudonymized form by assigning an identification number, which is not combined with any other personal data you may have provided to us.
2.2 Ordering from Kanorshop / User Account
a) If you want to order something in our online shop, it is necessary for the conclusion of the contract that you give us the personal data we need to process the order. The mandatory data required to process the contract is marked as such; all other data you provide is voluntary. You can either enter your data only once for the order or use your email address to set up a password-protected user account with us, in which your data can be stored for later purchases until you revoke your consent. You can deactivate or delete the data and the user account at any time via the account.
To prevent unauthorized access to your personal data by third parties, the order process is encrypted using TLS technology.
When we process the data provided by you to process your order, this includes, for example, individual customer service. In the course of order processing, we pass on personal data to one of our production companies within the group, to a shipping company commissioned by us and (with the exception of PayPal) to our bank, ADYEN B.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands (“Adyen”). The payment data is encrypted and transmitted directly to Adyen.
In the case of trackable parcels, we also pass on your order and address data to various service providers, depending on your delivery choices, shipping rates, and your chosen delivery destination.
The legal bases for the processing of personal data as part of order processing are to perform under a contract and our legitimate interests. Due to commercial and tax regulations, we are obliged to store your order, address and payment data for a period of ten years.
b) During the order process we also conduct a fraud prevention check via our bank Adyen, which involves using your IP address to carry out a geolocalization and compare your data with previous experience. This may mean that an order cannot be placed with the selected payment method. Our aim in this regard is to prevent any abuse of your chosen payment method by third parties and to protect ourselves from payment defaults. The legal basis for the processing is our legitimate interests.
Since this involves automated decision-making, you have the right to challenge the decision (in this case the refusal of a certain payment method) and have the decision reviewed by a person. In such cases we ask that you contact us using the contact details mentioned in Section 1. Please note that the payment method may have been rejected due to a typing error and you should, therefore, check what you have entered again during the order process if necessary.
The legal basis for the processing is our legitimate interests.
d) After you place an order, we will process your order and address data to send you a personalized email asking you to rate our products. By obtaining ratings, our aim is to improve our services and adapt them to our customers’ wishes. We use the feedback software of eKomi Ltd, Markgrafenstraße 11, 10969 Berlin, Germany (“eKomi”). For the purpose of sending the feedback email (and in the event that a moderation or conciliation procedure is conducted via eKomi following negative feedback), we pass on your email address, name, order number, product types and a unique ID to eKomi for identification purposes and in order to generate a feedback link.
The legal basis for the processing is our legitimate interests. If you no longer want your data to be used for this purpose, you can object to this at any time. Just click on the unsubscribe link included with each email or send a message using the contact details provided under Section 1.
2.3 Kanorshop Partners: Shop Partners and Marketplace Designers
a) If you want to offer designs on our marketplace or operate a shop, it is necessary for the conclusion of a contract with us that you use your email address to open a password-protected user account and store your name and address there. For the payout of earnings, it is necessary that you additionally provide your bank details or your PayPal information as well as information about your tax status. Any other information you may provide to us when using the account is voluntary. You do not have to enter a real name when choosing your username. You can manage and change this information in your account. You can also deactivate or erase it – or the entire user account. If this affects data necessary for the performance of the contract, we may retain that data for a longer period in accordance with commercial and tax regulations (standard period of ten years). We process this data to conduct the contractual relationship that exists with you; the legal bases are to perform under a contract and our legitimate interests.
b) Within the scope of the contractual relationship, we also process the email address provided by you in order to send you emails at irregular intervals containing information and tips about the Marketplace and your shops (“Partner Newsletter”). We use your name to allow us to personalize these emails. To this end, the data is passed on to the software company Emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, 80339 Munich, Germany (“Emarsys”), which handles the technical side of the mailing on our behalf. You can unsubscribe from the Partner Newsletter at any time by clicking on the unsubscribe link provided in each email, informing us via the contact details specified in Section 1, or changing your newsletter settings in your user account (“Account Settings” – “Newsletter subscriptions”).
When sending the Partner Newsletter, we use Emarsys to statistically evaluate your user behavior in order to optimize the design. To enable this evaluation, the emails contain what are called web beacons or tracking pixels. These are single-pixel image files that establish a connection to our website und thus permit a log file analysis. The web beacons are linked with the data mentioned in Section 2.1 a and an individual ID. The links contained in the email also contain this ID. For example, we can see if and when an email has been opened and which links have been clicked on. The data is stored on the Emarsys servers for 13 months and collected pseudonymously, meaning the IDs are not linked to other personal data at this point, thus ruling out any possibility of direct personal reference. You can object to the recording of your usage behavior at any time by clicking on the unsubscribe link provided in each email, informing us via the contact options listed in Section 1, or changing the newsletter settings in your user account (“Account settings” – “Newsletter subscriptions”). Recording is not possible if you have disabled the display of images in your email settings. In this case, the newsletter will not be displayed to you in full and you may not be able to use all functions. If you choose to display the images manually, recording will take place as described above.
The legal bases for the processing are your consent, to perform under a contract, and our legitimate interests.
The legal basis for the processing is our legitimate interests.
2.4 Communication with Kanorshop
a) Establishing contact
If you contact us via a contact form, letter, fax, email, social media or telephone, we process the data provided by you for the purpose of processing your inquiry and for advertising purposes. We use the software of Sematell GmbH, Neugrabenweg 1, 66123 Saarbrücken, Germany, to coordinate and process emails, which means that Sematell GmbH gains access to the data. We use the management software of Hootsuite Media, Inc, 5 East 8th Avenue, Vancouver, BC, Canada to coordinate and process enquiries via our social media channels Twitter, Facebook and Instagram. The legal basis for the processing is our legitimate interests. If the aim of establishing contact is to conclude a contract, then an additional legal basis is to perform under a contract.
In our blog, where we publish various articles on topics related to our activities, you can post public comments. Your comment will be published along with your chosen username. We recommend using a pseudonym instead of your real name. It is necessary to provide a username and email address, while all other information is voluntary. The necessary information is processed to run the blog. We need your email address to contact you if a third party should complain that your comment is unlawful. We reserve the right to delete comments if third parties complain that they are unlawful. The legal basis for the processing is our legitimate interests.
With the exception of a few sections, our Forum can be read without the need to register. If you wish to actively participate in the Forum under your chosen username, you must log in using your Kanorshop user account access data. To open a Kanorshop user account, only your email address and a password are required. We process your activities (public posts, private messages, likes, profile information, activity logs) and your IP address in order to operate the Forum. The legal basis is our legitimate interests. If you deactivate or delete your user account, your public posts will continue to be visible. If you would like your public posts to be deleted, please contact us using the contact details provided in Section 1. When writing a comment and in the Forum settings (under “Preferences” – “Emails” and “Notifications”), you can specify in which cases and to what extent you would like to be notified by email about new activities in the Forum. You can unsubscribe again at any time, either in the Forum settings or by clicking on the unsubscribe link contained in the respective notification email.
The legal bases for the processing are your consent and our legitimate interests.
3. What are my rights?
If you have given your consent to the processing of your data, you can revoke this consent with future effect at any time. This does not affect the lawfulness of processing carried out on the basis of the consent before you revoke your consent.
If we base the processing of your personal data on our legitimate interests, you are entitled to object to the processing. This is the case if the processing is not necessary in particular for the performance of a contract with you, which was described by us in each case with the description of the individual functions. When exercising such a right of objection, we ask that you explain the reasons why we should not process your personal data as carried out by us. In the event that your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing.
However, you can of course object to the processing of your personal data for advertising or web analytics purposes at any time without giving reasons.
As described in the relevant sections, we sometimes use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
The personal data processed by us is generally erased or blocked as soon as the purpose of storage ceases to apply. Data may be stored for a longer period if this has been provided for by laws or other rules to which we as the controller are subject. The data will also be blocked or erased once a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Further processing operations may be required for contests and other promotional campaigns. In such cases we will inform you in the context of the respective promotional campaign.
4. We Will Share Your Information with Third Parties in Specific Circumstances
a) Legal Compliance and Safety
There are a few times when we must share your information either to protect our rights or to obey the law. We will share your personal information when we believe in good faith that:
- a subpoena or warrant is duly issued, or we receive any other legitimate government agency request to produce information;
- we need to share the information in order to enforce or protect our own rights, for example, to respond to and resolve third-party claims or complaints, or with respect to contracts with our users and third parties;
- we need to address a security or technical issue within our website;
- sharing the information is necessary to prevent harm to others or others’ property, especially in an emergency situation;
b) Corporate Change in Control Events
If we sell all or part of our business, or make a sale or transfer of assets, or are otherwise involved in a similar event, we may transfer your information as part of that transaction.
5. Is My Information Secure?
We use reasonable measures to secure our website and any private information you submit to us against loss, tampering, unauthorized access, and other malicious acts. For example, we use SSL connections when possible to protect your data while it is in transit (for example login data and customer orders). However, no data transmission over the Internet is completely secure, so we cannot completely guarantee the security of any data. You use our services at your own risk, and are responsible for taking reasonable measures to secure your password, information, and account.
6. Do-Not-Track (“DNT”) Requests
Due to lack of technical standards across browsers, we do not respond to DNT signals.
7. California Eraser Button Law
To the extent it is technically feasible and provided for and allowed by applicable law, you may email email@example.com anytime to ask for access to information held about you in order to have it corrected, disabled, or deleted, when possible.
California Eraser Button Law (Business and Professions Code §§ 22581): Note that removal or deletion of your information does not ensure complete or comprehensive removal of the content or information posted on our website and service, or on the internet generally.
8. Children’s Online Privacy Protection
Our website is not intended or directed at individuals under the age of 13. We do not knowingly collect or keep any information of children under the age of 13. If we discover it, we will delete it as soon as possible.
9. Effective Date and Changes