Summer sale discount off 50%! Shop Now
Cart My Cart
Privacy Policy

Privacy Policy

Last modified: September 2020

This Privacy Policy describes the way Duodecad IT Services Luxembourg S.à r.l. (hereinafter, “DDITS”, “we”, “our” or “ us”) collects, uses, shares and stores the personal information of visitors and customers (hereinafter “you”) of www.jasminshop.com (hereinafter the “Website ”).

We operate our site and our services in compliance with applicable data protection laws, including the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"). For more information, please see Section 6 "YOUR RIGHTS UNDER GDPR". If you are a California resident, please also see section 7 "INFORMATION FOR CALIFORNIA RESIDENTS."

Your privacy is important to us. We provide you with this Privacy Policy, so that you can make informed choices about the use of your data.

As used in this Privacy Policy, the term "personal data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. For example, under CCPA Personal Data includes identifiers such as your real name, alias, or postal address; commercial information, including records of products or services purchased; Internet or other electronic network activity information, including, but not limited to, browsing history, and search history. CCPA § 1798.140(o)(1).

Please read this Privacy Policy carefully. This Privacy Policy forms a part of and is incorporated into the JasminShop Terms and Conditions. By using the Website, you agree that the Terms and Conditions, including this Privacy Policy, forms a binding legal contract with you.

You can contact us if you have any question about our privacy practices. We will be happy to provide you any assistance you may need.

1. WHO DECIDES “HOW” AND “WHY” YOUR PERSONAL DATA IS PROCESSED?

The following company decides how and why your personal data is processed, and for GDPR purposes is the “Data Controller”:

Duodecad IT Services Luxembourg S.à r.l., a Luxembourg-law governed private limited liability company with registered address at 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand-Duchy of Luxembourg, registered with the Luxembourg Trade and Companies’ Register under number B 207.016.

2. WHAT PERSONAL DATA DO WE PROCESS?

The data we collect and use varies depending on the products, services and features you are looking for. The personal data we collect or that you decide to provide to us includes the following categories of data:

- Personal data you provide when you open an online customer’s account If you choose to create an online customer’s account on our Website, we will ask you to provide the following information:

  • • First name and last name
  • • Email address
  • • Password

Additional information in relation to your purchases, your payment method or delivery address might be stored in your account.

- Personal data you provide to us in relation to your purchase(s) on the Website

  • • Identification data and contact information, such as your first name, last name, company name, postal address (street, city, postal code, country), phone number, email address.
  • • Data about your purchases (e.g. type, quantity, size and price of the products purchased), orders and returns. At no time during the purchase procedure we will have access to your full credit card information (such as the full number of the credit card and expiration date), which is sent directly to the entity that manages the electronic payment (i.e., bank or PayPal) over a connection protected by an encryption protocol.

- Personal data from site use

We collect and process information about you when you are using our Website. This means that, when you visit our Website or place an order, even if you have not created an account or logged in, we collect data, including:

• Log data, device and usage information:

  • - Your IP address;
  • - Your time zone;
  • - The date, time and duration of your visit;
  • - The type of device you use (e.g. iPad);
  • - The type of your device’s operating system (e.g. iOS 3.1) and internet browser (e.g., Mozilla Firefox, Opera, etc.);
  • - Your activity history and how you interact with the pages/features of the Website;
  • - Data about your tastes and preferences, such as your preferences regarding our products, colours, and size.
  • - Identifiers associated with cookies or other technologies that may uniquely identify your device or browser.

If you are using a mobile device, we might also collect:

  • - data that identifies your mobile device
  • - device-specific settings and characteristics
  • - location details
  • - app crashes and other system activity

• Information collected by cookies and other technologies

Like many websites and applications, we use cookies and other technologies (e.g., web beacons, web storage, and unique advertising identifiers) to collect information about your activity, browser, and device.

Most web browsers are set to accept cookies by default. If you prefer, you can usually remove or reject browser cookies through the settings on your browser or device. Keep in mind, though, that blocking cookies may negatively affect your use of the services on our site.

We are also using the services of Hotjar and other third party service providers to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g., how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices, such as a device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and preferred language used to display our website. Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out of the creation of a user profile, Hotjar’s storing of your usage data and Hotjar’s use of tracking cookies by following this opt-out link.

To learn more about how we use cookies and your choices, please check out our Cookie Policy.

3. WHY DO WE PROCESS YOUR PERSONAL DATA?

We use the information we collect for the following purposes:

- Customer’s account activation

We process this information to perform the contract that we have with you. We use the personal data you provided us when creating your online account to open and administer this account. The account allows you to exercise control over your personal data, manage your purchases, your profile and account settings (e.g. delivery address, etc.).

- Process payment, proceed to the delivery and organize any returns

The use of your personal data in strictly necessary in this instance to perform the contract we have with you. We use the data you provided to process the payment of the products you purchased on the Website, proceed to their delivery and organize any return after the purchase.

However, please note that certain data processing operations associated with the purchase process, such as the storage of your payment card data for future purchases, only applies when you give your consent to such processing.

- Website management and optimization

To understand how we can improve our Website services and/or find better ways to promote our services to others, we collect your personal data for analytical and statistical purposes.

To better understand your needs and how we can improve our Website, we compile the information you gave to us or that we collected about you when visiting pages on our site or while placing an order, to detect general trends regarding the preferences/habits of our users. This helps us, for example, to generate statistics reports on our customers’ activity based on the countries, or products purchased. The information in these reports is in aggregate form, and cannot be used to identify individuals.

We also use limited information to tailor our services for you. For example, when you visit and/or log in on our Website we use your IP address to determine the country where you are from, and display our webpages in your language (within the limits of the languages available on the site), so if you visit or login on our site from the United States, our site will automatically display content in English.

We process this information given our legitimate interest in developing and improving our Website and our users’ experience, as well as promoting the Website. When we use cookies or similar technologies for the same purpose (i.e., product enhancement and improvement), we rely on your consent to the use of cookies, including third-party cookies. To learn more about how we use cookies and your choices, please check out our Cookies Policy.

- Customer relationship management

Customer relationship management is key to any service and included in this term is any contact we have with you.

Our Customer Support team operates 24/7. By sharing your personal details and your questions, requests or claims with our Customer Support team, we will be able to provide you with your answers, and any help you may require, more efficiently.

All your communications with our Customer Support team and any information you provide are stored and reviewed so that we may respond to your request.

Some of the recorded communications with you will be used for training purposes within the Customer Support so that we can provide you with excellent customer service.

Please be aware that our Customer Support team will have access to all information that has been collected about you. By having this access, we ensure that they have everything they need to give you an appropriate and efficient response.

Please note that Customer Support team will use various means to contact you including email and phone, as appropriate.

We may also communicate with you through emails or any other appropriate means, to inform you of any changes regarding our site or announcements relating to your account activation or purchases, (e.g., successful account creation, shipping information, etc...).

Please be advised that the processing and use of your personal data is necessary given our legitimate interest to deliver appropriate customer support to you and to provide you with relevant information as regards the Website and your account.

- Sending of our newsletter

If you subscribe to the newsletter, you consent to the processing of your data to manage your subscription and/or to send you information about our products and/or services. You can, of course, unsubscribe from receiving our newsletter at any time, using a link contained within the emails themselves or by contacting us as provided in Section 9 “How to Contact Us?”.

- Ensure a safe and Trusting Environment

To protect you and our business, we use your personal data to detect and prevent fraud/illegal activities, and for security & risk assessment (e.g., authentication & verification of identity).

We have a legitimate interest in keeping you and our business safe.

- Comply with any legal requirements and enforce our legal rights

We may rely on a legal obligation to process your personal data. For example, we must retain your transaction information to maintain legally required accounting records.

We may also use your information to respond to requests of competent authorities or given our legitimate interest to establish, exercise or defend legal claims. If necessary, we would use your data to investigate issues with the bank processing your payment, or with a debt collector, in cases of unpaid transactions, or refunds.

4. WITH WHOM DO WE SHARE YOUR DATA?

We share a portion of your personal data with the following parties:

- Entities of our Companies’ Group

We share your personal data with the following companies of our group based in Luxembourg and Hungary, as they are helping us to deliver the services to you:

  • Jasmin IP S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg
  • Docler Services S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg
  • Docler IP S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg
  • Docler SSC Kft, Expo tér 5-7, H-1101, Budapest, Hungary
  • Jasmin IP S.à r.l. Hungary Branch, Expo tér 5-7, H-1101, Budapest, Hungary
  • Escalion S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg

- Service providers

We use carefully selected and trusted third parties, who act as service providers to our site. We ensure that they are bound by contractual obligations to process information we share with them in accordance with our instructions, this Privacy Policy and all applicable data protection laws.

As we constantly work on the development and enhancement of the technology to support our site, our third party service providers may regularly change. Such entities mainly belong to the following areas:

  • Business intelligence and analytics
  • Customer care
  • Fraud prevention

- Payment providers and financial institutions

When you purchase products on our Website, depending on your choice of payment method, a third party bank or a payment processor may process your payment. If this is the case, you may need to share personal data with them in order to complete the transaction.

You may receive transactional emails from this party confirming the order, including dispatch, possible refunds, and follow-up invitations to leave feedback for this party.

This Privacy Policy does not govern the processing of your personal data by these third parties if it was shared directly with them.

If you choose to pay by credit/debit card, your transaction will be handled by Escalion S.à r.l., which is one of our affiliated companies located in Luxembourg. You can find its Privacy Policy here.

We may share information with relevant financial institutions, if we consider it strictly necessary for fraud detection and prevention purposes.

- Law enforcement agencies or governmental authorities

To the extent permitted by applicable laws, we may also share information with law enforcement agencies or authorities, if such disclose is reasonably necessary for the following:

  • • to comply with our legal obligations
  • • to respond to information requests for fraud investigations and other alleged illegal activities
  • • to enforce and administer our Terms and Conditions
  • • to protect our rights or defend ourselves against any claims

- Business transfers

Your information may be transferred to another entity of our group (i.e. reorganization, restructuring, etc.) or third party (i.e. sale, merger and/or acquisition, etc.) if part (more than 50%) or whole of the business (or related assets) is either directly or indirectly transferred or falling under the control of the new owner.

This would be the case providing the new owner operates in the same or similar line of business as ours and commits to comply with this Privacy Policy.

5. HOW DO WE PROTECT AND HOW LONG WE RETAIN YOUR PERSONAL DATA?

We implement various security measures, technical and organizational, to grant protection to your personal data against unauthorized access, modification, disclosure or deletion.

We implement data loss prevention systems against leakage, theft and data breach. We periodically test our IT systems and do penetration tests. Our Website incorporates reasonable security technologies available to ensure safety of its users and the safekeeping of their related information.

We do not normally retain personal data of visitors, who did not place any order, for more than ten to fifteen days, though this period is typically shorter (depending on traffic volume). Any information collected to verify your identity in connection with a request (e.g., a request to access your data) will only be kept for a short time, typically no more than five days. Otherwise, we will retain personal data for as long as we consider it necessary to:

- Process and track your orders and maintain your customer’s account

To enable us to process and track your order(s), organize any return, and maintain your customer’s account.

- Legal Obligation Compliance

For example, we may keep some of your information for tax, legal reporting and auditing obligations. Please note that in accordance with Luxembourg legislation, financial information will be kept for a minimum period of 10 years.

- Legitimate Interests and Business Conduct

Including:

  • • Establishing, exercising or defending legal claims
  • • Fraud/illegal activity detection and prevention
  • • Enhancing Safety

For example, if we suspend or close your account due to fraud or illegal activities, we may retain certain information about you to prevent you from opening a new account in the future. Such information will also be kept available in case of ongoing judicial proceedings and/or investigations.

- Security

As we have said, the protection of your information and our Website from accidental or malicious loss and destruction is one of our top priorities.

Residual copies of some of your personal information will be kept on our backup systems for 30 days.

Some anonymized copies of your information may also remain in our database.

If you have a question about any specific retention periods of certain personal data, please contact us via the contact details provided in clause 8: "How to contact us?".

6. YOUR RIGHTS UNDER GDPR

- Information on the transfer of your personal data outside of the European Economic Area?

As we are a Luxembourg based company, we comply with the EU Data Protection Regulation, “GDPR.” Regardless of whether you are located in Europe or elsewhere, our own location in Europe requires us to comply with GDPR. You can read the entire Regulation here.

During the course of the operation and exploitation of the site and the provision of the services, your personal data may be transferred outside of the European Economic Area (“EEA”) to third parties data processors located in the United States and other countries outside of where you live, for the purposes specified in this Privacy Policy.

If we transfer your personal data outside of the EEA, we endeavor to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected. For this purpose, we utilize the Standard Contractual Clauses approved by the European Commission that you can find here.

- What are Your Rights Regarding Your Personal Data?

We have done our best below to explain what your rights are under GDPR and how you can exercise them. If, despite of our below explanations, you are still unsure about the actions you can take or the conditions of exercise of your rights, do not worry, our Support Team will provide you with all the assistance you need when exercising your rights. You may also contact us, at any time, before exercising any of your rights, and we will reply to your request as quickly as possible.

Our Support Team will provide you with information on actions taken within one month of the day of receipt of your request. Only in exceptional circumstances, when we face complex and a high number of requests, we may extend this period of response up to two further months.

Please note that rights may be exercised free of charge. However, unfounded or excessive requests, in particular because of their repetitive character, will lead to the payment of a fee.

Please also understand that, because your privacy is so important for us, our Support Team may need to duly verify your identity and ask you to provide additional information before executing your request.

• Data access and data portability

You have the right to access the personal data that we hold about you by requesting a copy of your personal data, free of charge, sending us an email to [email protected].

Upon verification of your identity, your request will be sent to our Support Team.

If we consider that your request is manifestly unfounded or excessive (e.g., due to multiple requests in a short period), we may refuse to act or charge a reasonable fee taking into account the administrative costs for providing you with the information.

In certain cases, you are also entitled to request copies of personal data that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible). To exercise this right, you can send an email to [email protected].

• Rectification of inaccurate or incomplete data

You have the right to request that we correct any inaccuracies in your personal data. For this purpose, you can contact our Customer Support or send an email to [email protected].

• Data Erasure

If you no longer want us to use your information, you can request that we erase your personal data and close your account, if any. Requests for account cancellation or closure will be considered as a request for erasure of your personal data.

Your request will be sent to our Support Team who will contact you. However, if you face any difficulties, please contact us at any time.

When the erasure process starts, you will not be able to log into your account.

Please note that even if you request the erasure of your personal information, we will retain some of it for as long as we consider it necessary for compliance with our legal obligations or other legitimate interests as explained above in section 5 “How do We Protect And How Long Do We Retain Your Personal Data?”.

• Right to object

We process your data for a variety of reasons as explained in section 3 “Why do We Process Your Personal Data?”.

Applicable law may entitle you to require us not to process your personal data for some specific purposes where such processing is based on legitimate interest. If you object to such processing we will stop processing your personal data for those purposes.

In specific situations, we may have to refuse the execution of your request. This would be the case where we have legitimate grounds to continue such processing or if we have to establish, exercise or defend legal claims.

• Right to restriction of processing

You have the right to request that we stop processing your personal data, while we resolve any issues. This is only possible in the following four cases:

  • • Accuracy: If you contest the accuracy of your personal data, processing would be stopped while we verify your claim.
  • • Legitimate Interest: If you object to a processing activity based on legitimate interest, you can require the processing operation to be put on hold while we verify your grounds for objecting.
  • • Unlawful Processing: You can request the restriction of data processing if you consider your data is being processed unlawfully, but do not wish your data to be immediately erased.
  • • Data Storage: We have no further need for the data but you require it to establish, exercise, or defend legal claims.

Despite your request, we may continue to process your data if we have to establish, exercise, or defend legal claims. We will notify you before lifting a restriction.

• Right to lodge a complaint with a supervisory authority

If you consider that our processing of your personal data infringes the GDPR or any other applicable national laws, you have the right to lodge a complaint with a supervisory authority (e.g. your local authority or the CNPD).

7. INFORMATION FOR CALIFORNIA RESIDENTS

If you are a California resident, you have the following special rights under the California Consumer Privacy Act (“CCPA”) in addition to any other rights outlined in this Privacy Policy.

Please note that we do not “sell” your personal data, as that term is defined in CCPA.

- Your Right to “Know” and to Request Deletion

You have the right to know the categories and specific pieces of personal data we have collected about you. You have the right to know the categories of sources from which the personal data has been collected, the business or commercial purpose for collecting or selling personal data, and the categories of third parties with whom we share personal data.

You also have the right to request deletion of personal data we’ve collected or maintain. Please note this right is subject to certain exceptions, including without limitation our retaining information as necessary to protect against malicious, deceptive, fraudulent, or illegal activity, to comply with our legal obligations, and for other internal purposes.

To exercise these rights, you can contact us as provided in Section 9 “How to Contact Us?”. Please note that any requested disclosures in connection with a request to know will only apply to the 12-month period preceding the request, and you are entitled to request disclosure twice in any 12-month period.

- Personal Information Disclosed

You also have the right to know what categories of personal data we’ve disclosed for a business purpose, and the third parties to whom that information was disclosed. In the past 12 months, we’ve disclosed for a business purpose the following categories of information to the following parties: Usage/device information (including, without limitation, your IP address, as the case may be) to our business intelligence and analytics service providers (e.g., Hotjar, Google Analytics); Payment/transaction data to our customer/payment service providers; and identification information, contact information, device and usage information, payment information (as the case may be) to our antifraud service providers and auditing service providers.

- Your Right to Non-Discrimination

You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by CCPA, including but not limited to by denying you services, charging different prices or rates, or providing you with a different level or quality of services. Please note, however, that the exercise of some of your rights (e.g., to delete your data) may render it impossible for us to continue to deliver services to you.

- Your Right to Use an Authorized Agent

You have the right to designate an authorized agent to make a request under the CCPA on your behalf. To designate an authorized agent, please contact us as provided in Section 9 “How to Contact Us?” below. In order to verify you have authorized an agent we may require a signed, written authorization from you.

- Do Not Track

Some browsers have a “do not track” feature that lets you tell websites you do not want to have your online activities tracked. Because these features are not yet uniform, we do not presently respond to “do not track” signals. We will however treat any “do not sell” or similar signals as opt-out requests under CCPA.

8. CHANGES TO OUR PRIVACY POLICY

We may occasionally amend this Privacy Policy to reflect changes to our services and the way we are handling your personal data or changes in the applicable laws.

If we make any important changes, we will let you know by placing a notice on the relevant site and/or contact you directly, using other methods such as email.

To the extent permitted by applicable law, such changes will be applicable from the time they are published on our site, unless we specify a date of entry into force. Your continued use of our site from that day on will be subject to the new Privacy Policy.

9. HOW TO CONTACT US?

If you have any comments or questions about this privacy policy or generally about our privacy practices, please send an email to [email protected] or via mail to the address indicated below, and we will get quickly back to you. We are always glad to talk about our privacy practices.

DuoDecad IT Services Luxembourg S.À.R.L.,

44, Avenue John F. Kennedy

L-1855, Luxembourg

Grand Duchy of Luxembourg

We are also happy to inform you that we have an employee dedicated to ensuring your privacy, our Data Protection Officer. You can directly reach our Data Protection Officer via email at: [email protected] or mail to the following address:

To the attention of the DPO

DuoDecad IT Services Luxembourg S.À.R.L.

44, Avenue John F. Kennedy

L-1855, Luxembourg

Grand Duchy of Luxembourg