Privacy Policy of Al Fakher Tobacco FZE trading as SPARCSMIX (the “Company”)

INTRODUCTION

We, Al Fakher Tobacco FZE and our affiliates (being other companies in our group) take the protection of your personal data very seriously and set out here in this Privacy Policy, information about the data we collect, how we use such data, the measures we take to protect such data and your rights in relation to such data.

To the extent applicable, we protect your personal data in accordance with the legal data protection provisions, including especially EU directive 2016/679 (“GDPR”), and this Privacy Policy. Where the GDPR is not directly applicable to you, we aim to apply the same standards of protection to your personal data. However, we would like to make you aware that any data transfer in the internet is subject to possible gaps.

1. DEFINITIONS

Personal Data (Art. 4(1) GDPR) means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification tool such as an identification number, an online identification number, location data or information concerning his or her physical, physiological, genetic, mental, economic, cultural or social identity. Identification may also be provided by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant.

Processing (Art. 4(2) GDPR) is any operation that involves the handling of Personal Data, whether or not with the aid of automated (i.e. technology-assisted) procedures. This includes in particular the collection (i.e. procurement), recording, organisation, filing, storage, adaptation or modification, reading, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison, interconnection, restriction, deletion or destruction of Personal Data, as well as the change of a target or purpose on which a data processing was originally based.

Controller (Art. 4(7) GDPR) is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of Personal Data.

Third Party (Art. 4(10)GDPR) is any natural or legal person, public authority, agency or body other than the person concerned, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the Personal Data, including other legal persons belonging to the group.

Processor (Art. 4(8) GDPR) is a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, in particular in accordance with the latter's instructions (e.g. IT service provider). In the sense of data protection law, a Processor is in particular not a Third Party.

Consent (Art. 4(11) GDPR) of the person concerned means any freely given specific, informed and unequivocal expression of his or her wishes in the form of a declaration or other unequivocal affirmative act by which the person concerned signifies his or her Consent to the Processing of Personal Data relating to him or her.

2. HOW TO CONTACT US

The Controller for the collection and use of Personal Data on this website is:

Al Fakher Tobacco FZE trading as Sparcsmix (a company incorporated in Ajman Free Zone, the UAE with trade licence number 20005 and registered office address at Ajman Free Zone, Gate 4, PO Box 20037, Ajman)

For further information regarding our company please refer to our website www.sparcsmix.com.

If you have any queries regarding how we process your data, please contact our Digital Marketing Manager by email at [email protected] or by or by telephone on: +971 6 740 0366 and we will try our best to resolve it.

3. INFORMATION ON DATE COLLECTION AND USE

When you access our website, create an account or enter into a purchase contract for our products, your Personal Data are processed in order to ascertain the proper function of our website and for the implementation of the contract as legally permitted.

You have various rights which you can assert against us. These include the right to object to selected Data Processing, in particular Data Processing for advertising and/or marketing purposes. The possibility of objection is highlighted in print.

4. COLLECTION OF PERSONAL DATA WHEN ACCESSING OUR WEBSITE

When you access the Company's website/application, various information is exchanged between your terminal and our server. This may also involve Personal Data. The information collected in this way is used, among other things, to optimise our website or to display advertising in the browser of your terminal device.

4.1 Access to Website (Log-in/hosting)

Log-in

When accessing our website www.sparcsmix.com we collect only the Personal Data which your browser transmits to our server during the log-in process. These are:

 

  • IP address of the requesting internet-capable device,
  • Date and time of request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of request (specific page),
  • Access status/HTTP- status code
  • Data volume transmitted
  • the website/application from which the access was made (referrer URL),
  • Operating system and its interface,
  • Language and browser software version.

 

The data are being processed pursuant to Art. 6(1)(f) GDPR (our legitimate interest). Our legitimate interest follows from the purposes of data collection, namely to guarantee a smooth connection establishment and a comfortable user experience on our website/application as well as the evaluation of system security and stability.

The data are stored for a period of 1 year and then automatically deleted, unless we are required to retain the data for longer periods by law.

Hosting

For the provision of our online presence we need to process the above-mentioned data. The data are being processed pursuant to Art. 6(1)(f) GDPR (our legitimate interest) as required for the services of our website. In this context we use the services of web hosting providers, to whom we transfer the above-mentioned data. Furthermore, subject to your Consent we use so-called cookies, tracking tools, targeting methods and social media plug-ins for our website/application. The exact nature of these procedures and how your Personal Data are used for this purpose is explained in detail under Section 5 below.

If you have agreed to so-called geolocation in your browser or operating system or other settings of your terminal device, we use this function to offer you individual services related to your current location (e.g. the location of the nearest branch). We process your location data processed in this way exclusively for this function. If you terminate the use, the data will be deleted.

4.2. Order Process

4.2.1 Data Processing at conclusion/for implementation of contract

Contact for ordering

The object of our Company is the distance selling of tobacco and non-tobacco products, retail trade and the development and manufacturing of the goods to be offered. When you visit our website and set up an account for ordering, we process the data required for the conclusion, execution or termination of a contract with you. Some external service providers are also involved in the implementation of the contract, e.g. logistics companies and payment service providers, and your data will be passed on to them to the extent necessary in each case. Details of the external service providers we currently use are available on request by emailing: [email protected] The data processed include:

 

  • first name, surname
  • Invoice and delivery address
  • E-mail address
  • Billing and payment data
  • date of birth/age (see note on age-restricted products below)
  • telephone number

 

The legal basis for this is Art. 6(1)(b) GDPR, i.e. you provide us with data which we process so that we can fulfil the contract between you and us.

The data collected for the processing of the contract are stored until the expiry of the statutory or possible contractual warranty and guarantee rights. After expiry of this period, we shall store the information required under commercial and tax law for the contractual relationship for the legally specified periods on the basis of Art. 6(1)(c) GDPR in a blocked form. For this period (usually 6 to 10 years after the end of the year in which the contract is concluded), the data will be reprocessed solely in the event of a review by the tax authorities.

Age-Restricted Products

Our products are only available to customers over the age of 18, and we may be required by law to verify compliance with the age limit. Therefore, we verify your age information when you order such age-restricted products by using information from service providers. The legal basis for this is Art. 6(1)(b) and (f) GDPR (processing is necessary for the fulfilment of the contract between you and us and for our legitimate interests, which are to ensure our products are only sold to customer of an appropriate age).

Payment

If you have chosen a different payment method than prepayment or cash on delivery (which may not be available in your location), we will pass on the necessary payment data to a payment service provider commissioned by us. These data include:

 

  • name as on credit card
  • credit card/bank account/payment method
  • CVV code.

 

Delay in Payment

In the event of a delay in payment, we transmit the necessary data to a company commissioned with the assertion of the claim, provided that the other legal requirements are met. The legal bases for this are both Art.°6(1)(b) and Art.°6(1)(f) GDPR. The assertion of a contractual claim is to be regarded as a legitimate interest. If the other legal requirements are met, we will also forward information about the delay in payment to credit agencies cooperating with us. The legal basis for this is Art.°6(1)(f) GDPR. Our legitimate interest results from our and third parties' interest in reducing contractual risks for future contracts.

Delivery

We will pass on your name, delivery address and your phone number to a third party logistics company engaged by us. We will transmit your name, e-mail address and, if applicable, your phone number to the logistics company to ensure that the goods are delivered according to your wishes. The logistics company will contact you in advance of the delivery to inform you of the delivery time or to agree details of the delivery with you. The data will be transmitted solely for this purpose and deleted after delivery. The legal basis for this is Art. 6(1)(b) GDPR (processing is necessary for the fulfilment of the contract between you and us).

Customer Service/Returns/Refunds

We may pass on your name, address, phone number, e-mail address and information on products returned as well as reasons for return to our third party service provider(s) in order to ensure proper handling of your complaints and prompt returns and refunds. The legal basis for this is Art. 6(1)(b) GDPR (processing is necessary for the fulfilment of the contract between you and us).

Confirmations

Certain of the Personal Data required to confirm proper implementation of your order (confirmation of order, confirmation of payment, confirmation of delivery) require the processing of the respective data by us or a third party service provider as applicable. The legal basis for this is Art. 6(1)(b) GDPR (processing is necessary for the fulfilment of the contract between you and us).

4.2.2 Customer account

In order to place an order with us on our website and to ensure that we can carry out the necessary age verification checks, we ask you to create a password-protected customer account, which allows your Personal Data to be stored until it is deleted. We will continue to store such data whilst you are actively using your account. If you have not accessed your account for more than 6 months, we will send you an email asking you to login within 30 days. If no login attempt is made within 30 days, we will delete your account and all data related to it. The creation of an account is voluntary (although required to place an order) and takes place on the basis of your Consent in accordance with Art.°6(1)(a)°GDPR. After setting up an account, no new data entry is required. In addition, you can view and change the data stored in your account at any time.

In addition to the data requested when placing an order, you must enter a password of your own choice in order to set up an account. Together with your e-mail address, this password is used to access your account. Please treat your personal access data confidentially and do not make them available to unauthorized third parties. We cannot accept liability for misused passwords unless we are responsible for the misuse. Please note that even after leaving our website you will remain logged in automatically unless you actively log out. You can also delete your account at any time by following the steps below, unless there if an order, refund or return in progress, in which case your account can only be deleted after the outstanding transaction is resolved. Once you have deleted your account, we will not be holding any data related to your account.

How to delete your SPARCSMIX account?

Step1: Login to your account
Step2: Click on my account
Step3: Click on privacy tools
Step4: Delete account

4.2.3 Identity

If necessary, we will verify your identity (name, address, date of birth) using a third party service provider. The legal basis for this is Art. 6(1)(b) and (f) GDPR (processing is necessary for the fulfilment of the contract between you and us and for our legitimate interests). Our legitimate interests are the protection of your identity, compliance with legal requirements (age restrictions) and the avoidance of any fraudulent transactions. The existence and result of any such check will be noted on your account and kept for the periods set out in section 4.2.2.

You can revoke your consent at any time with effect for the future by sending a declaration to the email address given under the "How to Contact Us" section. The revocation of your Consent does not affect the legality of the processing of Personal Data until the revocation. If you do not wish to give the above consent, you will not be able to continue with an online order but can continue to browse our website. 4.2.4 Scoring

If you have already made a purchase with us, your data stored by us can be supplemented by so-called score values. By Scoring, we mean the creation of a prognosis of future events based on collected information and experience from the past. Such processing is based on Art.°6(1)(f)°GDPR (our legitimate interests). Our legitimate interest in this case is to better understand and ultimately improve our business offering and customer journey using a well-established mathematical-statistical method for forecasting risk probabilities that has been in practice for a long time.

4.3. Processing of Personal Data for Advertising Purposes for Al Fakher Tobacco FZE and Affiliates

We may also use the email address and phone number you provide in the course of setting up an account and placing an online order with us for the purpose of informing you from time to time about new products, offers and, campaigns we are running and also market research activities (such as surveys) that we carry out to better understand our customers and products. We will obtain your prior consent for such processing when you create an account.

You can unsubscribe from our mailing list by following the steps below:

If you wish to unsubscribe from our subscription, please follow the steps below;
Step1: Login to your account
Step2: Click on subscription
Step3: Click on unsubscribe

We will continue to store such data whilst you are actively using your account. If you have not accessed your account for more than 6 months, we will send you an email asking you to login within 30 days. If no login attempt is made within 30 days, we will delete your account and all data related to it

4.3.2 Advertising in line with your interests

To ensure that you only receive advertising information that is of interest to you, we categorize and supplement your customer profile with additional information. Both statistical information and information about you personally (e.g. basic data of your customer profile) are used for this purpose. The aim is to provide you with advertising that is solely oriented towards your actual or supposed needs and not to bother you with useless advertising.

4.3.3 Right of objection

You can object to data processing for advertising purposes at any time free of charge, separately for the respective communication channel and with effect for the future. For this purpose, an e-mail to the contact data mentioned under section 2 (How to Contact Us) is sufficient.

If you file an objection, the contact address concerned will be blocked for further advertising data processing. We would like to point out that in exceptional cases, even after receipt of your objection, advertising material may still be sent temporarily. This is technically due to the necessary lead time of advertisements and does not mean that we will not implement your objection.

5. ONLINE PRESENCE AND WEBSITE OPTIMISATION – COOKIES AND ANALYSIS TOOLS

We use cookies on our website. If these cookies are Personal Data, they are used on the basis of Art.°6(1)(f)°GDPR (our legitimate interest). Our interest in optimising our website and addressing you in advertising on the basis of your visit to our website is considered to be a legitimate interest.

Cookies are small files which are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our website. Information is stored in the cookie that is related to the specific terminal device used. This does not mean, however, that we obtain direct knowledge of your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website or that you have already logged into your customer account. These are automatically deleted when you leave our site. In addition, we also use temporary cookies for the purpose of user-friendliness, which are stored on your end device for a certain defined period of time. If you visit our site again to use our services, it will be automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

If you have a customer account with Al Fakher Tobacco FZE and are logged in or activate the "stay logged in" function, the information stored in cookies will be added to your customer account.

On the other hand, we use cookies to record the use of our website statistically and to evaluate it for the purpose of optimising our offer for you. These cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website. The duration cookies are stored depends on their intended use and is not the same for every cookie.

Google Analytics

We use Google Analytics, a web analysis service by Google Inc. (https://www.google.de/intl/de/about/) of Google Inc. ("Google"). In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this website such as

 

  • Browser-Typ/-version,
  • Operating system,
  • Referrer-URL,
  • Hostname of accessing computer (IP-address),
  • Time of server request,

 

are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and the design of these Internet pages in line with requirements. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The Processing serves the purpose of designing and continuously optimizing our pages for optimized offering of our products which is a legitimate interest under Art.°6(1)(f)°GDPR.

The IP addresses are made anonymous, so that an allocation is not possible (so-called IP masking).

You may prevent the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing this browser add-on. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie is set to prevent future collection of your information when you visit this website. The opt-out cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again. You can find further information on data protection in connection with Google Analytics on the Google website

Google is certified under

For further information on data protection with Google Analytics please refer to

6. OBJECTION/ OPT-OUT POSSIBILITY

In addition to the deactivation methods described above, you can also generally prevent the targeting technologies described above by making the appropriate cookie settings in your browser.

7. RECIPIENTS OUTSIDE THE EU

With the exception of the processing described under Sections 4.2, 4.3 and 5 above, we do not pass on your data to recipients based outside the European Union or the European Economic Area. The processing described under Sections 4.2, 4.3 and 5 causes a data transfer to the servers of the companies we work with (including for example, Magento Inc, Rocket Science Group t/a MailChimp and LiveChat). These servers are located, principally, in the United States and these data transfers are carried out according to the principles of so-called standard contract clauses of the EU Commission. Whilst we try to work with external service providers in respect of which an EU Commission adequacy decision has been made with regards the transfer of data outside the EEA, there may be occasions where this is not achievable in the circumstances.

8. YOUR RIGHTS

8.1 Overview

In addition to the right to revoke your Consent, you are entitled to the following further rights if the respective legal requirements are met:

 

  • Right to information on your Personal Data stored with us (Art. 15 GDPR); in particular, you can obtain information about the purposes of Processing, the category of Personal Data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it was collected directly from you,
  • Right to correct incorrect data or to complete correct data (Art. 16 GDPR),
  • Right to delete your Personal Data stored with us (Art. 17 GDPR) insofar as no legal or contractual retention periods or other legal obligations or rights to further storage must be observed,
  • Right to limit the processing of your Personal Data (Art. 18 GDPR), if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete it; if the Controller no longer needs the data, but you need it to assert, exercise or defend legal claims or if you have lodged an objection to the processing (Art. 21 GDPR),
  • Right to data transferability (Art. 20 GDPR), i.e. the right to have selected data stored by us transferred in a common, machine-readable format, or to demand transfer to another Controller
  • Right to appeal to a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.

 

8.2 Right of objection

Under the conditions of Art.°21(1)°GDPR, data processing may be objected to for reasons arising from the specific situation of the person concerned.

The general right of objection applies to all processing purposes described in this Data Protection Information which are processed on the basis of Art.°6(1)(f)°GDPR (our legitimate interest). In contrast to the special right of objection aimed at data processing for advertising purposes (see 4.3.1 above), we are only obliged under the GDPR to implement such a general right of objection if you give us reasons of overriding importance (e.g. a possible danger to life or health). In addition, there is the possibility of contacting the supervisory authority responsible for Al Fakher Tobacco Trading FZE or the relevant contact in section 2 (How to Contact Us).

If you assert one or more of the above listed data subject rights against us, we will store this circumstance in anonymised form on the basis of Art.°6(1)(f)°GDPR (our legitimate interest). The fact that we can also prove that we have duly complied with your request in cases of doubt is to be regarded as a legitimate interest within the meaning of this provision. We will not delete this anonymous information, i.e. information that can no longer be associated with your person.

9. DURATION OF STORAGE/ DATA SECURITY

As a general rule, Personal Data are being stored by us only for so long as required by the purposes for which such data have been processed or until you have objected processing, as applicable. under certain legal requirements data storage can last for up to 10 years.

All data transmitted by you personally, including your payment details, are transmitted using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used, for example, in online banking. You can recognise a secure SSL connection by, among other things, the attached s at http (i.e. https://...) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organisational security measures to protect your Personal Data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties and our security measures are continuously improved in line with technological development.

10. CHANGES TO OUR PRIVACY POLICY

This Privacy Policy is valid as of [September 2020].

The further development of our website, processes and/ or a change in legal provisions may require a change of the Privacy Policy.