CONFIDENTIALITY POLICY

1. INTRODUCTION

Type of personal data we collect

This policy applies to company websites and domains.

This statement doesn't apply to third-party applications, websites, products, services or platforms that may be accessed through (non our company) links that we may provide to you. These sites are owned and operated independently from us, and they have their own separate privacy and data collection practices. Any personal data that you provide to these websites will be governed by the third-party's own privacy policy. We cannot accept liability for the actions or policies of these independent sites, and we are not responsible for the content or privacy practices of such sites.

The term "personal data" includes all data that can be attributed to a digit of your personal identification. It typically encloses first and last name, nickname, email address, and phone number but may also include facts such as IP address.

Pay attention that any breach of confidentiality is prohibited.

Appliance of General Data Protection Regulation on website

We collect, use and are responsible for certain information about your actions. When we do so, we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including the United Kingdom) and we are responsible as controller of that personal information for the purposes of those laws.

The GDPR basics

The General Data Protection Regulation affects businesses around the world when it comes to their data processing activities. An alternative look at the GDPR exists when you consider it from the perspective of EU residents for the user rights it offers. The GDPR concerns itself less with endlessly controlling the way companies process data and more with the rights of the people whose personal data gets processed. These rights help the owner's of personal data hold businesses accountable by providing streamlined processes that hand back control of personal data to the people who own it.

We collect your data when you enter content yourself or fill in your data in our contact form. Other data will be recorded by our IT systems automatically or after your consent to their recording when you visit the website. This data mainly includes technical information (such as web browser, operating system or site access time). That is, some information is processed and recorded automatically when you visit this website.

The user rights to be informed

Remember that you always have the right to get and obtain information about the source, recipients and purposes of your archived personal data free of charge at any time. If you have now given consent to data processing, you have the option to cancel this consent at any time, which will affect all further data processing. In addition, you have the right to request the restriction of the processing of your data in certain circumstances. Therefore, please do not hesitate to contact us anytime if you have any questions about this or any other data protection point.

Analytics tools' functions and influence

During your visit to this website, there is a certain probability that your browsing patterns will be statistically analyzed. Such analyzes are performed mainly with the help of programs that we call analytical tools. They don't accept the influence or risk of loss of information arrays.

2. HETZNER AND HOSTING FUNCTIONS

A content delivery/distribution network (CDN) is a network of interconnected servers that accelerates the loading process of high-load application web pages. As a rule, CDN is used by all online stores whose visitors can be located throughout the country or the world, as well as streaming services.

Hosting is needed to store files with the site in round-the-clock access, manage these files and change their properties. For this, hosting providers install special equipment — control panels. We are always ready to provide information about where and how we host the content of our website and with which providers we work.

We have entered into a formal data processing agreement — DPA for the use of the above services. It's a standardized contract under data privacy laws that ensures they only process the personal data of our website visitors based on our instructions and in agreement with the GDPR.

The provider is the Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter referred to as Hetzner).

For details, please view the data privacy policy of Hetzner: https://www.hetzner.com/de/rechtliches/datenschutz.

We use Hetzner on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable depiction of our website possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Cloudflare

We use the "Cloudflare" service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as "Cloudflare").

Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.

The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

For more information on Cloudflare’s security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy/.

Data processing service

The administration of a contract includes procurement, background and reference checks, payments, renewal, dispute, enforcement, and other processes related to the entering and performance of a contract. We assemble information directly from you face to face if you come to our site for information or to sign a storage agreement and over the telephone if you ring us to enquire. We collect personal information via our website and mobile applications and other technical systems. We collect this when you use our website or apps to sign up for, participate in or receive a service from us, such as requesting a quote online or entering a live chat. Our website also uses cookies and collects IP addresses (which means a number that can uniquely identify a specific computer or another device on the internet). We also collect personal information when you contact us, send us feedback, post material to our website or social media, complete customer surveys, or participate in competitions.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned actions. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

3. JURIDICAL RESPONSIBLE PARTIES AND FULL COMPLIANCE

TRENDSHOPS DATA LTD data controller

The data controller determines the purposes for which and the means by which personal data is processed. Joint controllers must enter into an arrangement setting out their respective responsibilities for complying with the GDPR rules. The main aspects of the arrangement must be communicated to the individuals whose data is being processed.

The data processor processes personal data only on behalf of the controller. The data processor is usually a third party external to the company.

The duties of the processor towards the controller must be specified in a contract or another legal act. For example, the contract must indicate what happens to the personal data once the contract is terminated. A typical activity of processors is offering IT solutions, including cloud storage. The data processor may only subcontract a part of its task to another processor or appoint a joint processor when it has received prior written authorisation from the data controller.

Controllers are responsible for the strictest levels of GDPR compliance. According to Article 24 of the GDPR, they must actively demonstrate full compliance with all data protection principles.

They are also responsible for the GDPR compliance of any processors they might use to process the data. They must demonstrate fairness, lawfulness and transparency, accuracy, data minimization, integrity and storage, and full confidentiality of personal data.

According to Article 24 of the GDPR, data controllers must perform the following functions.

— Bring into understanding the purpose, nature, context, and scope of any data processing activities.

— Consider the possibility of any severe risk to the freedoms and rights of any natural persons.

— Enforce appropriate administrative and technical measures and security measures that demonstrate that the data processing activities have been performed in accordance with GDPR regulations.

— Check and update these measures where necessary.

The main data controller is:

INGA LYSSAKOVA

Phone: +491742877537

[email protected]

Personal data disclose

We may use or disclose your personal data in order to comply with a legal obligation, in connection with a request from a public or government authority, or in connection with court or tribunal proceedings, to prevent loss of life or injury, or to protect our rights or property. Where possible and practical to do so, we will tell you in advance of such disclosure.

Service providers and other third parties

We may use a third party service provider, independent contractors, agencies, or consultants to deliver and help us improve our products and services. Service providers may be within or located outside. We may share your personal data with marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others but only to maintain and improve our products and services. For further information on the recipients of your personal data, please contact us by using the contact information of the data controller.

Data portability

The right to data portability needs to be seen in the scope of the higher degree of control that the GDPR gives to data subjects with stricter rules and principles that aim to ensure that the control of personal data is handed to the data subject with an accountability duty for the controller with regards to the principles of personal data processing.

The data subject can receive the data in a structured, commonly used and machine-readable format whereby he or she can store or use them (which is pretty obvious given the fact that the GDPR in principle hands over control of personal data to the data subject) but also can transfer those data to another data controller if so desired. Where data are provided to third parties for research purposes, written confidentiality protection agreements are put in place to ensure continued compliance with the Code of Practice. Electronic data transfers will take place in a strictly controlled encrypted environment, and in accordance with departmental rules.

The data subject has a right to have the personal data which fall under the right to data portability transmitted directly from one controller to another, when this is technically feasible.

Users' right to request the restriction

You have the right to request restrictions on the processing of your personal data at any time. For example, this happens if you dispute the correctness of your data; if the processing of your personal data was/is carried out in an illegal way; if we no longer need your personal data and you need it to exercise, protect or assert legal rights.

If you object to the situations described above in accordance with Art. 21 of GDPR, your rights and our rights must be weighed against each other. We remind you that you have the right to request the restriction of the processing of your personal data. If you have restricted the processing of your personal data, this data (with the exception of its archiving) may only be processed with your consent or to claim, exercise or defend legal rights or to protect the rights of other natural or legal persons or for reasons of important public interest referred to The European Union or an EU member state.

SSL and TLS encryption

Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used.

You can easily differentiate an encrypted connection by checking out whether the address line of the browser switches from "http://" to "https://" format.

4. DATA RECORDING

Cookies' functioning and checkouts

Every website needs cookies in order to function. Some cookies are essential for the general running of the website and some cookies combined with unique identifiers, are used to identify the website visitor for marketing purposes and to track the activity of the user during and after their visit to the website.

We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they've collected from your use of their services.

When you visit a TRENDSHOPS DATA LTD website, we automatically collect and store information about your visit using browser cookies (files which are sent by us to your computer), or similar technology. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Most browsers will provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. If you do not accept cookies, you may not be able to use some features of our service and we recommend that you leave them turned on.

We also process information when you use our services and products.

Some cookies are required. For example, if you're shopping online, you couldn't purchase anything unless you could save items in your virtual cart. You'd lose the item as soon as you moved to the "checkout" page. So, in some cases, cookies are essential to a website's functionality.

Users can manage cookies by opening their web browser (such as Chrome, Firefox, Safari) and finding where cookies are stored. For example, cookie storage can be enabled/disabled in Google Chrome by clicking "settings", then "cookies and other site data" and selecting "block all third-party cookies".

According to the law, all website users have the right to decide their cookie preference settings, this gives the user more control of their personal data privacy online and how the personal information collected from them will be used.

Cookie banner essentials

TRENDSHOPS DATA LTD uses consent technology from Cookiebot to obtain your consent to store certain cookies on your end device or to use certain technologies and to document this in accordance with data protection requirements.

The banner will alert the users of the TRENDSHOPS DATA LTD website that here is admitted the use of cookies and enable them to choose their cookie preferences by an affirmative action, such as accepting, declining, choose their own preferences, or another method that requires the user to proceed to use the site.

The EU cookie law sets specific guidance in relation to privacy and electronic communications around the use of cookies, whereas the GDPR gives guidance on the general collection of personal data. The EU cookie law takes into account GDPR’s standards for consent, which means that cookie explicit consent is needed for certain cookies that are put onto a users browser and you are required to maintain a record of the consent given by the user.

Complianz's consent technology

TRENDSHOPS DATA LTD uses consent technology of Complianz's to obtain your consent to store certain cookies on your device.

Complianz is hosted on our servers, so there is no connection to Complianz provider's servers. Complianz stores a cookie on your browser in order to be able to distribute the consents given to you or their withdrawal. The data collected in this way is stored until you ask us to delete it, delete the Complianz cookie yourself or until the purpose of data storage no longer applies. Mandatory legal storage obligations remain unaffected.

The legal basis for this is Art. 6(1)(c) GDPR.

5. LEADING MARKETING ANALYTICS TOOLS

Matomo platform

Matomo is an open-source web analytics application that helps to track online visits to one or more websites and display reports. With help of it, we analyze the traffic usage of our website by visitors to each website. For example, when and from which city the steps were taken, which pages attracted clicks, purchases, etc. For analysis with Matomo, we use IP anonymization. Your IP address is shortened before analysis so that it can no longer be uniquely assigned to you.

Please, note that we have configured Matomo so that Matomo will not store cookies in your browser. This means that we host Matomo exclusively on our own servers, so all analysis data remains with us and is not transferred.

6. AFFILIATE PROGRAMS OVERVIEW

TRENDSHOPS DATA LTD partners

We actively participate in affiliate programs. If you click on one of these affiliate ads, you will be taken to the promoted offer. If you subsequently make a certain transaction (conversion), the webmaster will receive the affiliated commission in exchange for the service. This is how the principle of operation of these platforms works. You can calculate the amount of the commission when tracking an ad, for example, as a result of which you saw an offer and completed a predefined transaction. To make this possible, cookies or similar recognition technologies are used.

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

You may consult us to find the Privacy Policy for each of the advertising partners. Third-party ad servers or ad networks use technologies like cookies, JavaScript, Web Beacons and others that are used in their respective advertisements and links that appear, which are sent directly to users' browsers. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit. Note that we have no access to or control over these cookies that are used by third-party advertisers.

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

Data collection is a core marketing activity and it always has been. The GDPR targets this very first step, and as a result, some of the biggest responsibilities as a marketer of any type rest within the initial collection mechanism.

Affiliate programs TRENDSHOPS DATA LTD participate

Amazon

Provider — Amazon Europe Core S.à.r.l.

You can find detailed information on the privacy check at: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.

AWIN

AWIN AG, Eichhornstraße 3, 10785 Berlin.

AWIN and the publishers have taken joint responsibility for data processing under the affiliate program. These duties have been documented in collaboration agreements. In this agreement, you have the option of contacting both data controllers with access to your data protection rights. Each partner will take protective measures as necessary to protect data which is found in every GDPR in the enterprise.

Follow the link to learn more details about data processing based on AWIN's privacy policy: https://s3.amazonaws.com/docs.awin.com/Legal/Publisher+Terms/2020/DE+Publisher+Terms +GDPR+Annex.pdf.

7. PRIVACY POLICY CHANGES

Understanding your role in relation to the personal data processing is crucial in ensuring compliance with the GDPR and the fair treatment of individuals.

We should always update our TRENDSHOPS DATA LTD privacy policy from time to time. We perform it in order to be compliant with the data protection laws and to inform users of their rights and how their data is collected, stored and used. We will notify you of any changes by posting the new privacy policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the effective date at the top of this privacy policy. You are advised to review this privacy policy periodically for any changes. Changes to it are effective when they are posted on this page.