the EU`s Regulation (EU) 2016/679 (General Data Protection Regulation);
California`s Consumer Privacy Act of 2018
Who we are
We are PrepShipHub (“we”, “our”, “us”) of 110 Brittany Way, Bear DE 19701, USA. We operate to the highest standards when protecting your personal information and respecting your privacy.
If you have any questions about your personal information, or how we use it, you can contact us via email at email@example.com.
Personal data in this regard shall mean any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
Processing shall mean any operation which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
What data do we process?
- Inventory data (e.g., names, addresses).
- Contact details (e.g., e-mail, telephone numbers).
- Content data (e.g., text input, photographs, videos).
- Contract data (e.g., object of contract, duration, customer category).
- Payment data (e.g., bank details, payment history).
Our website and Platform is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
What are the categories of data subjects?
Customers, interested parties, visitors and users of the online offer, business partners. Visitors and users of the online offer. In the following, we refer to the data subjects collectively as “users”.
What are the purposes for processing?
- Provision of the online offer, its contents and shop functions.
- Provision of contractual services, service and customer care.
- Answering contact enquiries and communication with users.
- Marketing, advertising and market research.
- Security measures.
What are the relevant legal bases for processing your data?
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
Contract – This is where we process your information to fulfil a contractual arrangement we have made with you.
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.
Vital interests – This is where we process your information for communications about security, privacy, and performance improvements of our services. Or for establishing, exercising, or defending our legal rights.
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them.
- information about the processing of your personal data.
- obtain access to the personal data held about you.
- ask for incorrect, inaccurate or incomplete personal data to be corrected.
- request that personal data be erased when it’s no longer needed or if processing it is unlawful.
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
- request the restriction of the processing of your personal data in specific cases.
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’).
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
- You also have the right in this case to express your point of view and to contest the decision
- Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
When do we disclose your Personal Data?
We may share your information with organizations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support this website and our services. This will only be done on the basis of a legal authorization.
Also, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g., when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively). If we commission third parties to process data on the basis of a so-called “processing agreement”.
We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users
Our main operations are based in the USA and your personal information is generally processed, stored and used within the USA. In some instances, your personal information may be processed outside the USA. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the USA.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing. If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
How do we protect your Personal Data?
We protect your data using state of the art technical, and physical safeguards and operate a firm system of policies, confidentiality agreements, digital safeguards and procedures to ensure the highest level of administrative protection.
In more detail to access our database the user must be authorized. Also, the removal of Personal Data from our location is forbidden and made by using a complex encryption system very difficult. We use cutting edge antivirus and anti-malware software and up-to-date firewall protection. Moreover, authorized personnel must have a legitimate need to know interest such as being your point of contact or service your user account.
The data we collect from you may be stored, with appropriate technical and organizational security measures applied to it, on our Amazon Web Services servers in the USA. In all cases, we follow generally high data protection standards and advanced security measures to protect the personal data submitted to us, both during transmission and once we receive it.
To exercise any of your rights, or if you have any questions or complaints about our use of your Personal Data and this policy, please contact us using our contact form.
Economic Analyses and Market Research
In order to run our business economically, to identify market trends, customer and user wishes, we analyze the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer. The analyses are carried out for the purposes of business management evaluations, marketing and market research.
In doing so, we may take into account the profiles of registered users with details, for example, of their purchasing transactions. The analyses serve us to increase user-friendliness, to optimize our offer and business efficiency and are not disclosed externally, unless they are anonymous analyses with summarized values.
If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.
Furthermore, the storage of cookies can be influenced by deactivating them in your browser settings. Please note that in this case not all functions of this online offer can be used.
Collection of access data and log files
On the basis of our legitimate interests, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the website previously visited), IP address and the requesting provider.
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes are excluded from deletion until the respective incident has been finally clarified.
California Specific Privacy Rights
Sources and Categories of collected personal information
(you can find all sources and categories of collected personal information above)
Business or commercial purpose for collecting information
(you can find all purposes of processing personal information above)
Categories of third parties with whom the business shares personal information
(you can find all categories of recipients of personal information listed above)
In addition to the rights as explained, under California’s “Shine the Light” law, California residents who provide personal information to obtain products or services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediate prior calendar year (e.g., requests made in the current year will receive information about the prior year).
To obtain the information about data we hold about you or to effect the opt out, please write to us at the below email address.
Do Not Track
Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.
Do Not Sell My Personal Information
We do not sell information that directly identifies you, like your name, address, banking information, or phone records.
Secure data transmission
The transmission of your personal information during an order transaction in the online shop is encrypted using industry standard Secure Socket Layer (“SSL”) technology, (SSL encryption version 3).
Credit card information
Any credit card information you provide will not be stored by PrepShipHub, but will be encrypted and collected directly from the payment service provider Stripe via hypertext transfer protocol secure (“https”).
You should never disclose your password for accessing our customer portal to any third party and you should change it regularly. If you want to leave your customer account in the online shop, you should press the logout and close your browser to prevent anyone from gaining unauthorized access to it.
Personal Data Statement
Commercial Partners: Individual(s) or companies that have been approved by us as a recipient of organizational Personal Data and from which PrepShipHub has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to PrepShipHub and include proposed Commercial Partners. No Personal Data can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.
Personal Data Training: All new hires entering PrepShipHub who may have access to Personal Data are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to Personal Data or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of Personal Data and shall receive annual training regarding the security and protection of Personal Data and company proprietary data
Personal Data Audit(s): PrepShipHub conducts audits of Personal Data maintained by PrepShipHub in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of Personal Data. Where the need no longer exists, Personal Data will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction.
Data Breaches/Notification:Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, PrepShipHub will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible and in no event be later than the commencement of the payroll period after which the breach was discovered.
Confirmation of Confidentiality: All company employees must maintain the confidentiality of Personal Data as well as company proprietary data to which they may have access and understand that that such Personal Data is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgement reminders annually attesting to their understanding of this company requirement.
Violations of Personal Data Policies and Procedures: PrepShipHub views the protection of Personal Data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under PrepShipHub’s discipline policy and may include suspension or termination in the case of severe or repeat violations. Personal Data violations and disciplinary actions are incorporated in PrepShipHub’s Personal Data on boarding and refresher training to reinforce PrepShipHub’s continuing commitment to ensuring that this data is protected by the highest standards.
In addition to the above the following applies to the use of our Platform
In order to use the Platform, you may need to grant PrepShipHub access to information that, directly or indirectly, either alone or in combination with other data, identifies or uniquely relates to an individual employed or otherwise retained by you or your agents or subcontractors or contractors.
You are responsible for compliance with all municipal, provincial, and federal laws or regulations in the area of protection of privacy and personal data including where you provide PrepShipHub with or put at PrepShipHub’s disposal Personal Data.
PrepShipHub Services are provided on the basis that you have obtained any required consents under applicable municipal, provincial, and federal laws or regulations relating to data privacy legislation for collection, use, disclosure and processing to PrepShipHub of Personal Data.
If you give PrepShipHub access to any Personal Data, PrepShipHub shall be allowed to process Personal Data to perform the Services, and such processing shall adhere to the data privacy legislation applicable to the Services in the jurisdiction where the processing occurs.
You warrant that the transfer of Personal Data to PrepShipHub complies with all applicable laws and regulations on protection of Personal Data. If the processing of Personal Data by PrepShipHub is conducted in accordance with your instructions as agreed with PrepShipHub, you shall indemnify, defend and hold PrepShipHub harmless from and against any and all claims, liabilities, losses and reasonable expenses incurred by or asserted against PrepShipHub in connection with any third-party claim related to the processing of the Personal Data. You understand and accept that you bear the sole and full responsibility for the backup and redundancy of any Personal Data.
The PrepShipHub Platform processes personal data. Depending on the section of processing, this data is processed in the Platform. You and PrepShipHub determine the sections in which personal data are processed under joint controllership (Article 26 GDPR).
For the other sections of processing, where the parties do not jointly determine the purposes and means of data processing, each contracting party is a controller pursuant to Article 4 No. 7 GDPR. As far as the contracting parties are joint controllers pursuant to Article 26 GDPR, it is agreed as follows:
Each party shall ensure compliance with the legal provisions of the GDPR, particularly in regards to the lawfulness of data processing under joint controllership. The parties shall take all necessary technical and organisational measures to ensure that the rights of data subjects, in particular those pursuant to Articles 12 to 22 GDPR, are guaranteed at all times within the statutory time limits.
The Parties shall store personal data in a structured, commonly used, and machine-readable format.
You and PrepShipHubshall ensure that only personal data which are strictly necessary for the legitimate conduct of the process are collected and for which the purposes and means of processing are specified by Union or national law”. Moreover, both contracting parties agree to observe the principle of data minimisation within the meaning of Article 5 (1) lit. c) GDPR.
You and PrepShipHub commit themselves to provide the data subject with any information referred to in Articles 13 and 14 of the GDPR in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. The information shall be provided free of charge. You and PrepShipHub agree that PrepShipHub provides the Platform and you provide the information on the processing of personal data in the operating range of your Business.
You and PrepShipHub shall inform each other immediately if they notice errors or infringements regarding data protection provisions during the examination of the processing activities.
You and PrepShipHub undertake to communicate the essential content of the joint controllership agreement to the data subjects (Article 26 (2) GDPR).
Within their operating range, the parties shall ensure that all employees authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality in accordance with Articles 28 (3), 29, and 32 GDPR for the duration of their employment, as well as after termination of their employment. The parties shall also ensure that they observe the data secrecy provisions prior to taking up their duties and are familiarised with the data protection legislation and rules relevant to them.
The parties shall independently ensure that they are able to comply with all existing storage obligations with regard to the data. For this purpose, they must implement appropriate technical and organisational measures (Article 32 et seq. GDPR). This applies particularly in the case of termination of the cooperation/agreement.
The implementation, default-setting, and operation of the systems shall be carried out in compliance with the requirements of the GDPR and other regulations. In particular, compliance with the principles of data protection by design and data protection by default will be achieved through the implementation of appropriate technological and organisational measures corresponding to the state of the art.
This Data Protection Policy and our commitment to protecting the privacy of your personal data can result in changes to this Data Protection Policy. Please regularly review this Data Protection Policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us using the following contact details.
110 Brittany Way Bear, DE 19701 USA
+1 (302) 300-7466
If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.