fastfileservice

1. Information you provide to us when you interact with us

Account information:
- Your name, customer number, login ID, username, password, and/or security question and answer, and other registration information. Your customer number may be generated by us and then sent to you. We only collect (or create for you) unique login information for those activities that require an account. Your unique login information, especially your password, should always be kept confidential and should never be shared with anyone else.
- The legal basis for this processing is contractual necessity in order to comply with our contractual obligations.
- Contractual necessity means that we process your Personal Data in order to comply with our contractual obligations to deliver products to you or to take steps at your request prior to an order being finalised.
Personal contact information:
- This includes your name, home or postal address, phone number and email address. This could include information that you give us about someone else (for example, if you ask us to ship a product to someone else). We collect personal contact information in connection with account registration, product orders, customer service.
- The legal basis for this processing is contractual necessity in order to comply with our contractual obligations.
Order and product information:
- This includes details of the products you have ordered and searched for on our Site, and the time, date of orders and searches. We use this information to send you ordered products and (with your consent when required) promotional emails for products and offers tailored to your interests, to make personalised recommendations of products when you return to the Site, to advertise to you when you visit social media platforms like Facebook or other websites and to better understand our customers so we can improve our products and our users' experience of our Site.
- The legal basis for this processing is contractual necessity in order to comply with our contractual obligations, or your consent when required, or otherwise our legitimate interest to inform you about our products and services similar to products or services you already purchased and to improve our products and our users’ experience of our Site.
Demographic information and preferences:
- This includes any information that describes demographic characteristics and preferences, such as age, gender, preferences, interests, date of birth, age or age range, general geographic location (e.g., post code or city and state), favorite products, or lifestyle information. We use this information to send you promotional emails and communications to make personalised recommendations of products when you return to the Site, to advertise to you when you visit social media platforms like Facebook or other websites and to better understand our customers so we can improve our products and our customer's experience of our business both offline and online. We may also use this information to make our business more responsive to the interests of like-minded consumers. For example, we may aggregate your email address together with the email addresses of others who place orders on our Site, locally hash such data, and transmit the resulting hashed data to social media platforms like Facebook for the purpose of creating “Custom Audiences” (where targeted ads are sent to people on social media platforms like Facebook who have already been on our Site), and “Lookalike Audiences” (where targeted ads are sent to people on social media platforms like Facebook who have similar characteristics to people on our Custom Audience list). See “Online advertising” below for more detail in relation to the collection and processing of your Personal Data in this regard.
- The legal basis for this processing is your consent when required, our otherwise our legitimate interest to inform you about our products and services similar to products or services you already purchased and to better understand our customers so we can improve our products and our customer's experience of our business both offline and online.
Your feedback:
- Examples include comments and suggestions, testimonials, or other feedback you send us about what you may have liked (or disliked) about your experience in using our products or services. We typically collect this information in the form of customer surveys, for example, post purchase pop-up questionnaires, feedback forms, and email correspondence. We use your feedback to understand what our customers think of our products and the experience they have of us, to improve our products and the customer experience and – if you agree – to discuss your feedback with you. We may also use the information we learn from your purchase to help improve our products, develop new products, or inform our marketing campaigns. Often, we collect feedback separately to your order, for example, through a pop-up window on our Site, but we may be able to associate your feedback with your personal and order information. We may use cookies and other similar technologies when we gather your feedback. Please see our Cookie Statement for further information.
- The legal basis for this processing is either contractual necessity (when just providing you with the respective service), or otherwise our legitimate interest to process your feedback to understand what our customers think of our products and the experience they have of us and to improve our products and the customer experience. Exceptionally, especially in case of email surveys, the legal basis is your consent.
User-generated content and posts:
- Any content, posts, requests that you create and then share with us (and perhaps others) by uploading it to our Site or applications, including our company webpages on social media platforms such as our Facebook fan page ("Company Webpage"). Examples include requests, photos, videos, personal stories, or other similar media or content. Usually, to provide user-generated content and posts will also require the processing of your account information.
- With regard to our Site, we will process the account information. With regard to a Company Webpage, the respective social media platform provider will process the account information. With regard to our Site, the legal basis for this processing is either contractual necessity (when just providing you with the respective Service, which contains sharing user-generated content and posts), or otherwise our legitimate interest to provide you with the opportunity to share such data.
- With regard to processing of Personal Data when you visit our Company Webpages, please find detailed information in Section 4 hereunder.
Payment and Transaction-related information:
- This includes any information that you use to make a purchase (your payment card details, gift card information, other forms of payment we make available). We only collect payment information for purchases. If you create an account with us, your payment information (along with your purchase history and other related preferences) may be stored under your account profile. We use this information to process your payments when you order products from us, to enable you to redeem or to give gift vouchers and to record your payment information for faster checkout if you choose to do that. Where we allow you to buy products from the Site, payments made on the Site are made through the payment gateway provider you select. You will be providing credit or debit card information directly to them, encrypting your credit/debit card information and authorising payment.
- The legal basis for this processing is contractual necessity in order to enable you to order products via our Site.
- Under certain circumstances, the credit or debit card information may be transmitted by the payment gateway provider to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment gateway providers hereunder. The terms and conditions and data protection information of the respective payment gateway providers apply to the payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information and other Data Subject rights.
- Services used and payment gateway providers:
  - Shopify Payments: https://www.shopify.com/legal/privacy/customers
  - Paypal: https://www.paypal.com/us/legalhub/privacy-full
  - Klarna: https://www.klarna.com/international/privacy-policy/
- With regard to gift cards, Personal Data will be processed in order to provide the gift card and to track the debiting of value on the gift card. The Personal Data processed is contact information, address, email address, name of the beneficiary and name of the donor and payment data.
- In addition to contractual necessity, the legal basis besides that may be, our, as well as the donor’s and beneficiary’s legitimate interest to use the gift card.

2. Automatically collected information

When you use the website, we use various technologies (including cookies, web beacons, JavaScript and pixel tags) to collect certain information about how you use the website, e.g. the pages you view, how often you visit the website or certain pages, the items you add to your shopping cart, your participation in the emails we send you (if permitted) and the items that you buy. We use this information to better understand your interests, to improve our website, to provide personalized pages and customized messaging on our website, to serve, measure, and optimize our advertising on social media and other websites, and for security and anti-fraud purposes.

Whenever you visit our Site, we store certain information about the browser and operating system you are using, the date and time of your visit, the access status (e.g. whether you were able to access a website or received an error message), the usage of features on the website, whether by clicking links on our Site or by entering a domain directly in the input field of the same tab (or window) of your browser in which you opened our Site. In addition, we store your IP address and the name of your internet service provider for seven days for security reasons, in particular to prevent and detect attacks on our Site or attempts at fraud.

The legal basis for this processing is our legitimate interest in being able to display our Site as well as data protection organization and data security.

3. Cookies and similar technologies

When you use the Site, we use various technologies (including Cookies and pixel tags) to collect certain information (meaning Personal Data) about how you use the Site. These are categorized as "Strictly necessary Cookies", "Functional Cookies", "Performance/Analytical Cookies" and "Retargeting/Advertising Cookies". We use this information to understand your preferences better so we can improve our Site and for security and anti-fraud purposes. The legal basis for the use of "Strictly necessary Cookies" is our legitimate interest to use strictly necessary cookies for the purposes of operating our Site; the use of all other categories of Cookies is based on your consent.

Cookies and similar technologies enable you to be remembered when using that computer or device to interact with websites and online services and can be used to manage a range of features and content as well as storing searches and presenting personalised content, and enable you to use your social media accounts in conjunction with the Site and enable us to advertise to you (i.e. retargeting or online advertising) on our Site, social media platforms (like Facebook) and other sites and apps.

With regard to the retargeting or online advertising we work with social media platforms and digital advertising platforms to:

Show you advertising for our products on other websites and social media platforms. For instance, if you show an interest or buy a product on our Site, we may advertise that or other products we think may be of interest and you may see them on other websites and on your Facebook or other social media feeds. To do this we will share information with our social medial and digital advertising partners about you, including your age, gender, interests, and the information described in Section 2 so that they can better understand what you are interested in and so we can measure the optimize our advertising. Our partners may also keep this information about you and use it to help other companies, unrelated to Ruggable, show you adverts online. For more information about how to turn this feature off see below or visit http://www.youronlinechoices.eu.

For more details, see our Cookie Statement.

To the extent the providers of the Cookies/similar technologies are considered as our processors or joint controllers, we have entered into the according agreements with these providers to the extent available. Upon request, we will provide you with a description of the material provisions of any joint controller agreements we have entered into with a Cookie provider to the extent required by law.

4. Company Webpages

As described in Section 1, we maintain publicly accessible Company Webpages on various social media platforms, i.e. Facebook, Instagram, LinkedIn, Pinterest, TikTok and YouTube.

The individual processing of Personal Data by the respective social media platform providers differ. It is likely that, in addition to the storage of Personal Data specifically provided by you on a certain social media platform, the social media platform provider will also process further information. When you visit one of our Company Webpages on a social media platform, Personal Data may be transferred to providers in countries outside the European Economic Area, which, from the perspective of the European Union (“EU”), do not ensure an “adequate level of protection” for the processing of Personal Data in line with EU standards. Please bear this in mind before clicking on a link or visiting directly a Company Webpage and thereby triggering a transfer of your data.

For details about the collection and storage of your Personal Data as well as the type, scope and purpose of their use by the provider of the respective social media platform, please refer to their respective privacy policy:

The privacy policy for Facebook, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, can be found at https://www.facebook.com/privacy/policy/.
The privacy policy for Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA, can be found at https://help.instagram.com/155833707900388 or https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
The privacy policy for LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, can be found at https://www.linkedin.com/legal/privacy-policy.
The privacy policy for Pinterest, which is operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, can be found at https://policy.pinterest.com/en.
The privacy policy for TikTok, which is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/en.
The privacy policy for YouTube, which is operated by Google. Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland, can be found at https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/.

In the following, we set out our processing activities regarding your visit of our Company Webpages. Based on the type of Personal Data processed, we explain for which purposes and on which legal basis we process your Personal Data.

Visiting our Company Webpages

When you visit our Company Webpages, your Personal Data is also collected, used and stored by the providers of the respective social media platform. This may happen even if you do not have a profile in the respective social media platform. If you are logged in with your personal user account of the respective social media platform while visiting this social media platform, this social media platform provider can link the visit to your account. If you do not wish such a linking, you must log out of your account before visiting our Company Webpage and delete the cookies if necessary. You can find details in the privacy policies of the providers of the social networks linked above.
As the owner of the Company Webpage, we can view the information stored in your respective public profile when you visit our Company Webpages. However, we can only do this if you have such a profile on the relevant social media platform and are logged in to it when you access our respective social media profile. Accordingly, you can also visit our Company Webpages without us having access to the aforementioned information. If we view the information stored in your public profile, we do so in order to be able to offer you and the rest of our target group the most interesting content possible.
In addition, certain providers of the social media platforms provide us with anonymous usage statistics to various extents, which we use to improve the user experience when visiting our Company Webpages. However, we do not have access to the usage data (Personal Data) that the providers of the social networks collect to compile these statistics. The providers of the social media platforms are therefore always to be considered as controller with regard to the processing of this data. Depending on the social media platform provider and on the Personal Data that this social media provider provides to us, we might be qualified as joint controller in this regard with the social media platform provider. To the extent that the providers of the social media platforms are considered joint controllers, please see for more information the description in the last paragraph of Section 3 with regard to joint controllers, which applies accordingly.
Our own data processing in connection with our social media profiles serves our (and your) legitimate interest (legal basis) in improving the user experience when visiting the respective Company Webpage.

Contact via the messenger of a social media platform

If you communicate with us via the messenger of a social media platform or contact us by linking in your own posts or by reacting (e.g. likes or comments) to one of our posts, in connection with this, we process Personal Data in the form of:

your respective profile name
your first and last name, insofar as this is publicly visible
if applicable, further information stored as public in your profile
your message or the statement of your post or your reaction
the date and time of your interaction
customer reactions to your post or comment (Facebook only)
the date and time of the reactions to your post or comment (Facebook only)

Furthermore, when contacting us via messenger, you can voluntarily provide additional information that you believe is necessary to process your request.

If your contact contains an enquiry, we process the aforementioned Personal Data to process your enquiry and the associated technical administration and also store it in the event that follow-up questions arise. Otherwise, we only process the aforementioned Personal Data to understand whether visitors to our Company Webpage like our content.

The processing of the aforementioned Personal Data takes place if you express interest in our products on the basis of contractual necessity, i.e. in the initiation of a contractual relationship. Otherwise, it takes place on the basis of mutual interest in good support for visitors to our social media profiles and is therefore based on our legitimate interest.

There is no obligation to provide the aforementioned Personal Data, but it is not possible for us to process enquiries or for you to interact with us without it.

5. Other purposes

We use all of the information described above for the following general purposes:

To protect against or deter fraudulent, illegal or harmful actions and maintain the safety, security and integrity of our Services.
To comply with our legal or contractual obligations, resolve disputes, and enforce our Terms of Service.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

The legal basis for this processing is our legitimate interest in protecting our Site or compliance with law.

As noted in the list above, we may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us, which helps us improve our Services. If you do not want to receive marketing communications from us, you may also indicate your preference by emailing us at support@ruggable.eu.

The legal basis for this processing is your consent or otherwise our legitimate interest to inform you about our products and services similar to products or services you already purchased.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.

How Personal Data May Be Disclosed

1. Your Personal Data (as listed above) may be disclosed with the following categories of third parties:

to our third-party service providers who provide services such as website hosting, data analysis, payment processing, product delivery, fraud detection, email delivery services, customer relationship management, survey and feedback collection services, credit card processing, staff augmentation and contract personnel, auditing services and other services, to enable them to provide services and for purposes described in this Privacy Policy. Certain of these vendors process Personal Data on our behalf in the United States, the United Kingdom, the Philippines, and other countries outside the European Economic Area (as further detailed in our Cookie Statement). For example, we work closely with Shopify to deliver this Site and provide our products to you. For some categories of data, Shopify also handles your data for their own limited purposes such as for risk and fraud screening and related uses. For information about how Shopify handles your Personal Data visit https://www.shopify.com/legal/privacy.
if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to establish, exercise, defend, enforce or apply our terms of service or sale and other agreements or legal claims; investigate or prevent actual or suspected unlawful activity, loss or harm and to protect the rights, property, or safety of our customers, or others; or as otherwise required or permitted by law. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
to the extent permitted, to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.
to other companies in the Ruggable group from time to time and for purposes set out in this Privacy Policy (in the main case of forwarding Personal Data to Ruggable group companies for fulfilling product orders, the legal basis is contractual necessity).

2. Your name and contact information (and other information you make public) may further be disclosed with the following categories of third parties:

to third-party strategic partners with whom we may enter into a special relationship for promotional activities, where permitted by law.
to third parties in connection with certain promotions or sweepstakes you may participate in; to the extent that the promotion’s rules concerning the treatment of your Personal Data are stricter than this Privacy Policy, the promotion’s rules apply

3. Information that is automatically collected when you use the Site and your email and phone number may be disclosed with the following categories of third parties:

our online and email advertisers, social media partners or other third-party vendors we use who may provide Cookies or other similar technologies for use on our Site to manage and improve our online and email advertising campaigns, where permitted by law.

4. With recipients in so called "third countries" within the meaning of the GDPR and where applicable, we agree to apply EU standard contractual clauses or binding corporate rules to provide an "adequate level of protection" in accordance with legal requirements. We will be happy to provide you with more specific information on this via the contact details below.

No obligation to provide

The provision of Personal Data by you is generally voluntarily. In principle, there is neither a legal nor a contractual obligation on the part of you to provide such data. However, in the event of non-provision of Personal Data, it may be that individual Services or parts thereof cannot be provided or cannot be provided properly.

Data Security and Retention

We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. For example, the Site uses industry standard Transport Layer Security (TSL) technology to allow for the encryption of Personal Data you provide to us. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account.

We retain Personal Data about you for as long as necessary to provide you with our Services or as necessary to fulfill the purpose(s) for which it was collected. In some cases, we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

Where we process personal data with your consent, we process the data until you withdraw your consent and for a short period of 30 days after this (to allow us to implement your requests), unless we have a different legal basis for which we are processing your personal data, as set out in this Policy. Where we process your data for direct marketing purposes, we keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.

Personal Data of Children

As noted in the Terms of Service, we do not knowingly collect or solicit Personal Data from children under 18; if you are a child under 18, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us Personal Data, please contact us at support@ruggable.eu.

Information on Legal Basis and Data Subject Rights, Transfer of Personal Data

Lawful basis under GDPR

We will only process your Personal Data if we have a lawful basis under the GDPR for doing so.

The specific legal bases for the different processing of Personal Data we conduct are set out above.

For explanation purposes, these lawful bases for processing, i.e. consent, contractual necessity, our “legitimate interests” or the legitimate interest of others as well as compliance with law, are described in general below:

Contractual Necessity: We process Personal Data (such as your account information or personal contact information) in order to comply with our contractual obligations to deliver products to you or to take steps at your request prior to an order being finalised. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of our Site that require such data, for instance the ability to order products.
Legitimate Interests: This is a technical term in data protection law which really means we have a good and fair reason to use your data and we do so in ways which does not hurt your interests and rights. We use your data in our legitimate interests where it is reasonably expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, even if you have not given your consent, we may send you promotional communications about products and services similar to products or services you already purchased, subject to your legal rights to control this. We also analyse via Cookies/similar technologies how users interact with our Site so we can understand how different elements of the Site are working so we can improve and develop the Site. We also process your data to guard against fraud and security threats and may do so in the completion of corporate transactions for the sale or part or all of our business. Where we process personal data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals and to determine whether individuals interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details below.
Consent: In some cases, we process Personal Data (such as your personal contact information or your demographic information) based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
Compliance with law: for instance, we keep Personal Data (such as your account information or personal contact information) in the form of order and transaction records to comply with our tax record obligations under legislation.

Data Subject Rights

You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please:

Email us at: privacy@ruggable.com
Submit a form at this address: ruggable.com/privacy

In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging on to your account.
Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging on to your account.
Erasure: You can request that we erase some or all of your Personal Data from our systems.
Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. The lawfulness of the processing of your Personal Data until withdrawal is not affected by the withdrawal. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
Fate of your data after your death: You can ask us to set out particular guidelines defining how you want the rights abovementioned to be exercised after your death.
Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Data with a data protection authority in the country that you reside in, the country of your place of work or the country where the alleged infringement took place or with the competent supervisory authority.

Wherever we rely on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. We may however have other legal grounds for processing your data for other purposes, such as those set out above.

For purchases of any products offered on our Site, the provision of information is mandatory: if relevant data is not provided, then we will not be able to process the transaction. The provision of all other information is optional. Not providing such information may prevent our ability to optimize your customer experience or protect against fraudulent or illegal actions.

Transfers of Personal Data

Your Personal Data will processed by us in accordance with this policy in the U.S., the U.K. and the EEA.

By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, will be processed in other countries, including in the U.S. and United Kingdom and will be hosted on U.S., UK and EEA servers and processed in the U.S. and you acknowledge that Ruggable will store and process your information to and in the U.S., and possibly other countries. The laws in the U.S. and UK may differ from the laws in the EEA. A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.

We will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism including standard contractual clauses, and that it is treated securely and in accordance with this Privacy Policy.

Examples of when we may transfer your personal information outside the EEA include:

In order to store it.
In order to enable us to provide goods or services to you and fulfil our contract with you. This includes displaying our products to you, in order fulfilment and the provision of customer support services.
Where we are legally required to do so.

Automated Decisions

We will not use your Personal Data to make automated decisions (including profiling) about you that have legal effect on you or similarly significantly affect you.

Changes to this Privacy Policy

We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.

Contact Information and representative in the EU