Personal Data (Art. 4(1) GDPR) means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification tool such as an identification number, an online identification number, location data or information concerning his or her physical, physiological, genetic, mental, economic, cultural or social identity. Identification may also be provided by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant.
Processing (Art. 4(2) GDPR) is any operation that involves the handling of Personal Data, whether or not with the aid of automated (i.e. technology-assisted) procedures. This includes in particular the collection (i.e. procurement), recording, organisation, filing, storage, adaptation or modification, reading, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison, interconnection, restriction, deletion or destruction of Personal Data, as well as the change of a target or purpose on which a data processing was originally based.
Controller (Art. 4(7) GDPR) is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Third Party (Art. 4(10)GDPR) is any natural or legal person, public authority, agency or body other than the person concerned, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the Personal Data, including other legal persons belonging to the group.
Processor (Art. 4(8) GDPR) is a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, in particular in accordance with the latter's instructions (e.g. IT service provider). In the sense of data protection law, a Processor is in particular not a Third Party.
Consent (Art. 4(11) GDPR) of the person concerned means any freely given specific, informed and unequivocal expression of his or her wishes in the form of a declaration or other unequivocal affirmative act by which the person concerned signifies his or her Consent to the Processing of Personal Data relating to him or her.
2. HOW TO CONTACT US
The Controller for the collection and use of Personal Data on this website is:
Al Fakher Tobacco FZE trading as Sparcsmix (a company incorporated in Ajman Free Zone, the UAE with trade licence number 20005 and registered office address at Ajman Free Zone, Gate 4, PO Box 20037, Ajman)
For further information regarding our company please refer to our website www.sparcsmix.com.
If you have any queries regarding how we process your data, please contact our Digital Marketing Manager by email at [email protected] or by or by telephone on: +971 6 740 0366 and we will try our best to resolve it.
3. INFORMATION ON DATE COLLECTION AND USE
When you access our website, create an account or enter into a purchase contract for our products, your Personal Data are processed in order to ascertain the proper function of our website and for the implementation of the contract as legally permitted.
You have various rights which you can assert against us. These include the right to object to selected Data Processing, in particular Data Processing for advertising and/or marketing purposes. The possibility of objection is highlighted in print.
4. COLLECTION OF PERSONAL DATA WHEN ACCESSING OUR WEBSITE
When you access the Company's website/application, various information is exchanged between your terminal and our server. This may also involve Personal Data. The information collected in this way is used, among other things, to optimise our website or to display advertising in the browser of your terminal device.
4.1 Access to Website (Log-in/hosting)
When accessing our website www.sparcsmix.com we collect only the Personal Data which your browser transmits to our server during the log-in process. These are:
- IP address of the requesting internet-capable device,
- Date and time of request,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of request (specific page),
- Access status/HTTP- status code
- Data volume transmitted
- the website/application from which the access was made (referrer URL),
- Operating system and its interface,
- Language and browser software version.
The data are being processed pursuant to Art. 6(1)(f) GDPR (our legitimate interest). Our legitimate interest follows from the purposes of data collection, namely to guarantee a smooth connection establishment and a comfortable user experience on our website/application as well as the evaluation of system security and stability.
The data are stored for a period of 1 year and then automatically deleted, unless we are required to retain the data for longer periods by law.
For the provision of our online presence we need to process the above-mentioned data. The data are being processed pursuant to Art. 6(1)(f) GDPR (our legitimate interest) as required for the services of our website. In this context we use the services of web hosting providers, to whom we transfer the above-mentioned data. Furthermore, subject to your Consent we use so-called cookies, tracking tools, targeting methods and social media plug-ins for our website/application. The exact nature of these procedures and how your Personal Data are used for this purpose is explained in detail under Section 5 below.
If you have agreed to so-called geolocation in your browser or operating system or other settings of your terminal device, we use this function to offer you individual services related to your current location (e.g. the location of the nearest branch). We process your location data processed in this way exclusively for this function. If you terminate the use, the data will be deleted.
4.2. Order Process
4.2.1 Data Processing at conclusion/for implementation of contract
Contact for ordering
The object of our Company is the distance selling of tobacco and non-tobacco products, retail trade and the development and manufacturing of the goods to be offered. When you visit our website and set up an account for ordering, we process the data required for the conclusion, execution or termination of a contract with you. Some external service providers are also involved in the implementation of the contract, e.g. logistics companies and payment service providers, and your data will be passed on to them to the extent necessary in each case. Details of the external service providers we currently use are available on request by emailing: [email protected] The data processed include:
- first name, surname
- Invoice and delivery address
- E-mail address
- Billing and payment data
- date of birth/age (see note on age-restricted products below)
- telephone number
The legal basis for this is Art. 6(1)(b) GDPR, i.e. you provide us with data which we process so that we can fulfil the contract between you and us.
The data collected for the processing of the contract are stored until the expiry of the statutory or possible contractual warranty and guarantee rights. After expiry of this period, we shall store the information required under commercial and tax law for the contractual relationship for the legally specified periods on the basis of Art. 6(1)(c) GDPR in a blocked form. For this period (usually 6 to 10 years after the end of the year in which the contract is concluded), the data will be reprocessed solely in the event of a review by the tax authorities.
Our products are only available to customers over the age of 18, and we may be required by law to verify compliance with the age limit. Therefore, we verify your age information when you order such age-restricted products by using information from service providers. The legal basis for this is Art. 6(1)(b) and (f) GDPR (processing is necessary for the fulfilment of the contract between you and us and for our legitimate interests, which are to ensure our products are only sold to customer of an appropriate age).
If you have chosen a different payment method than prepayment or cash on delivery (which may not be available in your location), we will pass on the necessary payment data to a payment service provider commissioned by us. These data include:
- name as on credit card
- credit card/bank account/payment method
- CVV code.
Delay in Payment
In the event of a delay in payment, we transmit the necessary data to a company commissioned with the assertion of the claim, provided that the other legal requirements are met. The legal bases for this are both Art.°6(1)(b) and Art.°6(1)(f) GDPR. The assertion of a contractual claim is to be regarded as a legitimate interest. If the other legal requirements are met, we will also forward information about the delay in payment to credit agencies cooperating with us. The legal basis for this is Art.°6(1)(f) GDPR. Our legitimate interest results from our and third parties' interest in reducing contractual risks for future contracts.
We will pass on your name, delivery address and your phone number to a third party logistics company engaged by us. We will transmit your name, e-mail address and, if applicable, your phone number to the logistics company to ensure that the goods are delivered according to your wishes. The logistics company will contact you in advance of the delivery to inform you of the delivery time or to agree details of the delivery with you. The data will be transmitted solely for this purpose and deleted after delivery. The legal basis for this is Art. 6(1)(b) GDPR (processing is necessary for the fulfilment of the contract between you and us).
We may pass on your name, address, phone number, e-mail address and information on products returned as well as reasons for return to our third party service provider(s) in order to ensure proper handling of your complaints and prompt returns and refunds. The legal basis for this is Art. 6(1)(b) GDPR (processing is necessary for the fulfilment of the contract between you and us).
Certain of the Personal Data required to confirm proper implementation of your order (confirmation of order, confirmation of payment, confirmation of delivery) require the processing of the respective data by us or a third party service provider as applicable. The legal basis for this is Art. 6(1)(b) GDPR (processing is necessary for the fulfilment of the contract between you and us).
4.2.2 Customer account
In order to place an order with us on our website and to ensure that we can carry out the necessary age verification checks, we ask you to create a password-protected customer account, which allows your Personal Data to be stored until it is deleted. We will continue to store such data whilst you are actively using your account. If you have not accessed your account for more than 6 months, we will send you an email asking you to login within 30 days. If no login attempt is made within 30 days, we will delete your account and all data related to it. The creation of an account is voluntary (although required to place an order) and takes place on the basis of your Consent in accordance with Art.°6(1)(a)°GDPR. After setting up an account, no new data entry is required. In addition, you can view and change the data stored in your account at any time.
In addition to the data requested when placing an order, you must enter a password of your own choice in order to set up an account. Together with your e-mail address, this password is used to access your account. Please treat your personal access data confidentially and do not make them available to unauthorized third parties. We cannot accept liability for misused passwords unless we are responsible for the misuse. Please note that even after leaving our website you will remain logged in automatically unless you actively log out. You can also delete your account at any time by following the steps below, unless there if an order, refund or return in progress, in which case your account can only be deleted after the outstanding transaction is resolved. Once you have deleted your account, we will not be holding any data related to your account.
How to delete your SPARCSMIX account?
Step1: Login to your account
Step2: Click on my account
Step3: Click on privacy tools
Step4: Delete account
If necessary, we will verify your identity (name, address, date of birth) using a third party service provider. The legal basis for this is Art. 6(1)(b) and (f) GDPR (processing is necessary for the fulfilment of the contract between you and us and for our legitimate interests). Our legitimate interests are the protection of your identity, compliance with legal requirements (age restrictions) and the avoidance of any fraudulent transactions. The existence and result of any such check will be noted on your account and kept for the periods set out in section 4.2.2.
You can revoke your consent at any time with effect for the future by sending a declaration to the email address given under the "How to Contact Us" section. The revocation of your Consent does not affect the legality of the processing of Personal Data until the revocation. If you do not wish to give the above consent, you will not be able to continue with an online order but can continue to browse our website. 4.2.4 Scoring
If you have already made a purchase with us, your data stored by us can be supplemented by so-called score values. By Scoring, we mean the creation of a prognosis of future events based on collected information and experience from the past. Such processing is based on Art.°6(1)(f)°GDPR (our legitimate interests). Our legitimate interest in this case is to better understand and ultimately improve our business offering and customer journey using a well-established mathematical-statistical method for forecasting risk probabilities that has been in practice for a long time.
4.3. Processing of Personal Data for Advertising Purposes for Al Fakher Tobacco FZE and Affiliates
We may also use the email address and phone number you provide in the course of setting up an account and placing an online order with us for the purpose of informing you from time to time about new products, offers and, campaigns we are running and also market research activities (such as surveys) that we carry out to better understand our customers and products. We will obtain your prior consent for such processing when you create an account.
You can unsubscribe from our mailing list by following the steps below:
If you wish to unsubscribe from our subscription, please follow the steps below;
Step1: Login to your account
Step2: Click on subscription
Step3: Click on unsubscribe
We will continue to store such data whilst you are actively using your account. If you have not accessed your account for more than 6 months, we will send you an email asking you to login within 30 days. If no login attempt is made within 30 days, we will delete your account and all data related to it
4.3.2 Advertising in line with your interests
To ensure that you only receive advertising information that is of interest to you, we categorize and supplement your customer profile with additional information. Both statistical information and information about you personally (e.g. basic data of your customer profile) are used for this purpose. The aim is to provide you with advertising that is solely oriented towards your actual or supposed needs and not to bother you with useless advertising.
4.3.3 Right of objection
You can object to data processing for advertising purposes at any time free of charge, separately for the respective communication channel and with effect for the future. For this purpose, an e-mail to the contact data mentioned under section 2 (How to Contact Us) is sufficient.
If you file an objection, the contact address concerned will be blocked for further advertising data processing. We would like to point out that in exceptional cases, even after receipt of your objection, advertising material may still be sent temporarily. This is technically due to the necessary lead time of advertisements and does not mean that we will not implement your objection.
5. ONLINE PRESENCE AND WEBSITE OPTIMISATION – COOKIES AND ANALYSIS TOOLS
If you have a customer account with Al Fakher Tobacco FZE and are logged in or activate the "stay logged in" function, the information stored in cookies will be added to your customer account.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website. The duration cookies are stored depends on their intended use and is not the same for every cookie.
We use Google Analytics, a web analysis service by Google Inc. (https://www.google.de/intl/de/about/) of Google Inc. ("Google"). In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this website such as
- Operating system,
- Hostname of accessing computer (IP-address),
- Time of server request,
are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and the design of these Internet pages in line with requirements. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The Processing serves the purpose of designing and continuously optimizing our pages for optimized offering of our products which is a legitimate interest under Art.°6(1)(f)°GDPR.
The IP addresses are made anonymous, so that an allocation is not possible (so-called IP masking).
Google is certified under
For further information on data protection with Google Analytics please refer to
6. OBJECTION/ OPT-OUT POSSIBILITY
In addition to the deactivation methods described above, you can also generally prevent the targeting technologies described above by making the appropriate cookie settings in your browser.
7. RECIPIENTS OUTSIDE THE EU
With the exception of the processing described under Sections 4.2, 4.3 and 5 above, we do not pass on your data to recipients based outside the European Union or the European Economic Area. The processing described under Sections 4.2, 4.3 and 5 causes a data transfer to the servers of the companies we work with (including for example, Magento Inc, Rocket Science Group t/a MailChimp and LiveChat). These servers are located, principally, in the United States and these data transfers are carried out according to the principles of so-called standard contract clauses of the EU Commission. Whilst we try to work with external service providers in respect of which an EU Commission adequacy decision has been made with regards the transfer of data outside the EEA, there may be occasions where this is not achievable in the circumstances.
8. YOUR RIGHTS
In addition to the right to revoke your Consent, you are entitled to the following further rights if the respective legal requirements are met:
- Right to information on your Personal Data stored with us (Art. 15 GDPR); in particular, you can obtain information about the purposes of Processing, the category of Personal Data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it was collected directly from you,
- Right to correct incorrect data or to complete correct data (Art. 16 GDPR),
- Right to delete your Personal Data stored with us (Art. 17 GDPR) insofar as no legal or contractual retention periods or other legal obligations or rights to further storage must be observed,
- Right to limit the processing of your Personal Data (Art. 18 GDPR), if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete it; if the Controller no longer needs the data, but you need it to assert, exercise or defend legal claims or if you have lodged an objection to the processing (Art. 21 GDPR),
- Right to data transferability (Art. 20 GDPR), i.e. the right to have selected data stored by us transferred in a common, machine-readable format, or to demand transfer to another Controller
- Right to appeal to a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.
8.2 Right of objection
Under the conditions of Art.°21(1)°GDPR, data processing may be objected to for reasons arising from the specific situation of the person concerned.
The general right of objection applies to all processing purposes described in this Data Protection Information which are processed on the basis of Art.°6(1)(f)°GDPR (our legitimate interest). In contrast to the special right of objection aimed at data processing for advertising purposes (see 4.3.1 above), we are only obliged under the GDPR to implement such a general right of objection if you give us reasons of overriding importance (e.g. a possible danger to life or health). In addition, there is the possibility of contacting the supervisory authority responsible for Al Fakher Tobacco Trading FZE or the relevant contact in section 2 (How to Contact Us).
If you assert one or more of the above listed data subject rights against us, we will store this circumstance in anonymised form on the basis of Art.°6(1)(f)°GDPR (our legitimate interest). The fact that we can also prove that we have duly complied with your request in cases of doubt is to be regarded as a legitimate interest within the meaning of this provision. We will not delete this anonymous information, i.e. information that can no longer be associated with your person.
9. DURATION OF STORAGE/ DATA SECURITY
As a general rule, Personal Data are being stored by us only for so long as required by the purposes for which such data have been processed or until you have objected processing, as applicable. under certain legal requirements data storage can last for up to 10 years.
All data transmitted by you personally, including your payment details, are transmitted using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used, for example, in online banking. You can recognise a secure SSL connection by, among other things, the attached s at http (i.e. https://...) in the address bar of your browser or by the lock symbol at the bottom of your browser.
We also use suitable technical and organisational security measures to protect your Personal Data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties and our security measures are continuously improved in line with technological development.