Last updated on October 26, 2024

Privacy policy

Important Notice for International Users

This Privacy Policy complies with both the EU General Data Protection Regulation (GDPR) and various international privacy laws, including the California Consumer Privacy Act (CCPA) and other US state privacy laws. Specific additional rights for California residents and other jurisdictions are detailed in Section 8 of this policy.

Contact Information of the Controller

ishoo
Matyas Heins
Lenaustr. 25, 40470, Germany
hi@ishoo.co

1. Collection of Personal Data

We collect your personal data primarily directly from you. The processing of your personal data - which includes all information that identifies you or makes you identifiable, such as name, address, contact details - is necessary for fulfilling our contractual obligations arising from the agreement between us.

Due to your cooperation obligations, it is essential to provide the personal data we request, as otherwise, we cannot fulfill our contractual obligations. The same applies to pre-contractual relationships, e.g., during inquiries, as we would otherwise be unable to process your request or provide the necessary data for a subsequent contract conclusion.

To fulfill our contract with you, it may be necessary to process personal data that we have received from third parties, such as authorities, business partners, or similar sources for the respective purpose. We may also process personal data from publicly accessible sources, e.g., websites, which we only use within the legal framework and solely for the respective contractual purpose.

We also process data for direct marketing purposes (advertising by mail or, only with appropriate consent, by email).

2. Purposes and Legal Bases for Processing

The legal bases are found in the provisions of the GDPR and applicable local privacy laws.

2.1. Consent (Art. 6(1)(a) GDPR) We process your data based on consent for the purpose communicated when obtaining consent. Consent can be withdrawn at any time, though processing remains lawful until withdrawal.

2.2. Fulfillment of Contractual Obligations (Art. 6(1)(b) GDPR) We process your personal data to fulfill our contractual obligations (e.g., billing, operation of the ishoo system) and during contract initiation (inquiries via email, quote preparation).

2.3. Compliance with Legal Requirements (Art. 6(1)(c) GDPR) We process your personal data to comply with legal obligations, such as tax requirements or retention periods.

2.4. Legitimate Interests (Art. 6(1)(f) GDPR) We process data to pursue our legitimate interests where your fundamental rights or interests in data protection do not override our interests.

3. Sharing of Personal Data

We only share your personal data with third parties where legally permitted or with your consent.

  • Authorized employees within our company have access to your personal data as needed for contractual and legal obligations.
  • Service providers necessary for contract fulfillment (e.g., banks, cloud services).
  • Public authorities requiring data for legal reasons (e.g., tax authorities).
  • Our data processors (e.g., cloud service providers) under appropriate data processing agreements.

4. International Data Transfers

We may transfer your data to countries outside the European Economic Area (EEA) or the United States, including to our service providers. When we do so, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Privacy Shield certification (where applicable)
  • Other appropriate data transfer mechanisms as required by law

5. Automated Decision Making

We do not use automated decision-making or profiling in processing your personal data.

6. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected and to comply with applicable laws:

  • Tax and accounting records: 10 years
  • Business correspondence: 6 years
  • Supply records: 3 years
  • Other records: As required by applicable law or justified business needs

7. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict processing
  • Data portability
  • Withdraw consent
  • Object to processing based on legitimate interests
  • Object to direct marketing

8. Additional Rights for US Residents

8.1. California Residents

Under the CCPA and CPRA, you have the right to:

  • Know what personal information is collected
  • Know whether your personal information is sold or disclosed
  • Say no to the sale of personal information
  • Access your personal information
  • Request deletion of your personal information
  • Equal service and price, even if you exercise your privacy rights

8.2. Other US State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, and other states may have additional privacy rights under their respective state laws. Please contact us for specific information about your state's privacy rights.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

10. Complaints

You have the right to lodge a complaint with a supervisory authority. For EU residents, you may contact your local data protection authority. For US residents, you may contact:

  • Federal Trade Commission (FTC)
  • Your state's Attorney General's office
  • California Privacy Protection Agency (for California residents)

Contact Us

For any privacy-related questions or to exercise your rights, please contact us at: hi@ishoo.co