Table of content

1. Who we are and how you can contact us
2. Changes to this policy and acceptance
3. How this Policy Applies
4. Why do we collect data in the first place?
5. What we collect and receive
6. How this information is shared
7. Data Retention
8. Data Transfer
9. Your rights
10. Data protection officer
11. Children

 

WHO WE ARE AND HOW YOU CAN CONTACT US

If you have any questions about our data policy, contact us: data@awesome-maps.com

Our full address is:

Awesome Maps GmbH

Niederbarnimstrasse 12

10247 Berlin

Germany

Awesome Maps is creating and selling awesome maps and travel products. As an e-commerce company that sells directly to consumers (b2c) via the website we are processing your data to understand user behaviour better and offer you a better experience (with tools like Google Analytics – see Section 5 for a complete breakdown of tools). We also need your data to fulfil your orders and for this we have to submit your data to our fulfilment partners and shipping companies like DHL (see again below for a complete breakdown). If you give your consent, we will also email you from time to time when we have something newsworthy to share like awesome content on our blog we think you might like, new products or tips what you can do with your awesome maps.

Changes to this Policy and Acceptance

We may update this Policy from time to time. If we do, we will inform you about any major changes, either by notifying you on the site or by sending you an email. Any chances we may do will never apply retroactively and we will let you know the exact date these will go into effect. If you purchase from our website, that means you accept this policy.

How this Policy Applies

This Policy describes the information we collect from you, how we use that information and what our legal basis is for this. We will also explain if/when/how we share this information and your rights and choices regarding any information about you that you give to us.

Please also refer to our Terms & Conditions.

We will specifically ask for your consent where it is required for processing your data. For other data processing activities, we rely on different lawful bases such as the performance of a contract, legal compliance, or our legitimate interests.

An exception of this rule is if a consent isn’t possible for technical reasons and the processing of your data is allowed or legally required.

Our Site may include links to other websites or services whose privacy practices may differ from ours. When you use a link to an external site or service, the privacy policy and data processing disclosures for that site or service governs.

If you do not understand this policy please email us under data@awesome-maps.com . If you agree to this policy and not contact us with any questions you’re acknowledging that you have read AND understood this privacy policy.

 

WHY DO WE COLLECT DATA IN THE FIRST PLACE?

We are collecting data in accordance with GDPR Article 6, in particular:

• Performing the contract we have with you: We need your personal data to comply with our contractual obligation to deliver our products to you. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. Signing up for our newsletter is an example of this.
• Legal compliance: Sometimes we have to collect and use your data required by law. Tax laws for example require us to retain records of purchases and payments.
• Legitimate interests: This is a technical term in data protection law which basically means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights. We sometimes require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and that does not materially impact your rights, freedom or interests. For example, we use identity, device, and location information to prevent fraud and abuse and to keep the Services secure. We also analyze how users interact with our Site so we can understand better what elements of the design are working well and which are not working so well. This allows us to improve and develop the quality of the online experience we offer all our users. 

 

WHAT WE COLLECT AND RECEIVE

In order for you to interact with us (like contacting us, purchasing from us, signing up for our newsletter, commenting on blogposts) we need to collect and process certain information.

Depending on your interaction with us, the data we collect may include:

1. LOGFILES

Every visit to our website triggers the automated collection of data. The following data is collected:

• Information about your device
• Information about your web browser
• IP address
• Time zone
• Some of the cookies that are installed on your device
• Information about the individual web pages or products that you view
• What websites or search terms referred you to the site
• Information about how you interact with the site

With this we create logfiles. The data from these can be attributed to a user. For example if a link that leads you to our website could include data that could be used to identify you. These data then will also be saved in our system in the logfiles. We do not save this data and link it to other data we gather from you (for example if you order a map).

The lawful basis for data processing is Article 6(1) of the GDPR.

 

2. COOKIES

A cookie is a small file of letters and numbers that we store via your browser.

Our website uses cookies to distinguish you from other users of our website. You will be informed about the use of cookies upon your first visit to our site, and you will have the option to accept or decline non-essential cookies. Essential cookies necessary for the operation of the site cannot be declined.

We use the following categories of cookies:

• Strictly necessary cookies. These are cookies which are needed to make the website work properly. They include, for example, cookies that enable you to log in, use a shopping cart or make secure payments.
• Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
• Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). These also allow us to tell if you’ve left any products in your basket without checking out.
• Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website relevant to your interests and for advertising and retargeting purposes. We may also share this information with third parties for this purpose.

Third parties we work with also store cookies via your browser. For example Shopify. Here is a list of the cookies they use:

_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).

_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits

_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.

cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.

_secure_session_id, unique token, sessional

storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

We use tools from the following third parties. These tools may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. We only work with third parties who value your privacy and comply with GDPR. We share specific types of data with these third parties for defined purposes. For instance, we share your email with Klaviyo for email marketing, and your purchase data with Shopify for order fulfillment.

These are the tools/services we work with and their respective privacy policies

Google Tools (https://policies.google.com/privacy):

• Google Analytics: to understand from where users are visiting us and how they navigate our site.
• Google Optimize: to test different versions of our website (like two different button colours) to see which version works better and to improve the experience for our users.
• Captcha (reCAPTCHA): we use captchas to make sure you are not a robot
• YouTube embedded videos: we want to show you videos of our products and other things and therefore use embedded YouTube videos.

 User behaviour tools:

• Hotjar (https://www.hotjar.com/legal/policies/privacy): to create heatmaps and analyse user sessions to see which elements on our website matter most to users
• GrowthBook: https://growthbook.io/legal/privacy

Social Sharing: to enable you to easily share our website with your friends and followers

• Facebook (https://www.facebook.com/about/privacy/update)
• Twitter (https://twitter.com/en/privacy)
• Pinterest (https://policy.pinterest.com/en/privacy-policy)

When you contact us:

• Via the contact form: We collect your email address so we can get back to you, we use Zendesk (https://www.zendesk.com/company/customers-partners/eu-data-protection/)
• Via Facebook messenger (https://www.facebook.com/about/privacy/update)

Advertising and Marketing:

• Active Campaign: https://www.activecampaign.com/legal/privacy-policy
• Klaviyo: https://www.klaviyo.com/legal/privacy-policy
• Facebook Pixel: https://www.facebook.com/about/privacy
• Pinterest Conversion Tracking: https://policy.pinterest.com/en/privacy-policy

Customer Support:

• Zendesk: https://www.zendesk.com/company/customers-partners/eu-data-protection/

Payment and E-commerce:

• Shopify: https://www.shopify.com/legal/privacy
• Amazon Web Services (AWS): https://aws.amazon.com/compliance/gdpr-center/

Embedded Media:

• YouTube: https://policies.google.com/privacy
• Customily: https://www.customily.com/privacy-policy

3. WHEN YOU SIGN UP FOR OUR NEWSLETTER

we will know your email address to send you updates when we release products we think you may find interesting. We may share bigger company news with you or when we release content on our website we think you could find interesting. 

5. WHEN YOU SEND US A MESSAGE VIA THE CONTACT FORM

The only thing we will have to ask for here is your email address so we can get back to you.

6. WHEN YOU BUY A MAP

• Know your full name, address, e-mail address and maybe phone number if you choose to provide it – the more details you provide the more ways we have to contact you regarding your order in case there are problems. We will also send you emails relating to your transactions on our website (order confirmation, tracking number).
• We will share your information with our fulfilment company/companies so they can pack your order and label the packages properly
• We will share your data with our shipping partners depending on the shipping option you choose this may be DHL, DHL Express or the National Post who then in turn will share the data with subcompanies they work with. They may use the data you provide to send you updates regarding your order status or contact you in case of any problems.
• We will also share the data necessary (Name, Address, Goods purchased and amount) with tax authorities

Payment:

Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Shopify’s Terms of Service or Privacy Statement.

 

HOW THIS INFORMATION IS SHARED

Your information isn’t shared publicly!

Information that’s shared with trusted third-party services

In order to deliver your goods, improve our website and promote our services we have to share your information with third-party services. Examples are payment processors, our shipping partners like DHL, our fulfilment company, email tools like Active Campaign, Google Analytics and more (see breakdown of what we collect above under section: WHAT WE COLLECT AND RECEIVE). We may also share information that’s aggregated and anonymized in a way that it doesn’t directly identify you.

Information that’s shared to protect Awesome Maps and comply with the law

We do reserve the right to disclose personal information when we believe that doing so is reasonably necessary to comply with the law or law enforcement, to prevent fraud or abuse, or to protect Awesome Map’s legal rights, property, or the safety of Awesome Maps, its employees, customers, or others.

Business Transfers

Awesome Maps may sell, transfer, or otherwise share some or all of its business or assets, including your Personal Data, in connection with a business deal (or the evaluation of a potential business deal) such as a merger, consolidation, acquisition, reorganization, or sale of assets or in the event of bankruptcy. You acknowledge that this may happen and that any acquirer or successor of Awesome Maps or its assets may continue to use your Personal Data as set forth in this Privacy Policy. If this happens, we will notify you via email and explain your choices you may have regarding your Personal Data.

 

DATA RETENTION

Generally, your data will be deleted when the purpose of saving it in the first place has been accomplished unless we have to keep your data on file for legal reasons.

We will save your email address for newsletter purposes until you opt-out of our newsletter. We will keep your personal information for tax authorities (your name, address, products ordered).

We also collect and maintain aggregated, anonymized or pseudonymized information which we may retain indefinitely to protect the safety and security of our Site, improve our Services or comply with legal obligations.

 

DATA TRANSFERS

Some of our third-party plugins (such as Google or Facebook) are US-based companies, which means data may be transferred from the EU & Switzerland to the USA. These providers use appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data is protected in accordance with EU data protection law.

 

YOUR RIGHTS

We give everyone who interacts with us the same rights. These include the right to request:

• Deletion (erasure) of your personal data
• Correction (rectification) of your data
• Access to your data
• An export of your data in a common (portable) format

To exercise your rights, you can contact us at data@awesome-maps.com. We will provide detailed instructions on how to proceed with your request. These requests will be addressed by us within one month, unless they are exceptionally complex or numerous."

Erasure

You have the right to request that your personal data be erased in certain circumstances. If we receive a request from you to delete your personal data, we will

• Verify that you are you (or in GDPR terms that the requester is the same as the data subject (that is, the requester is not asking to erase someone else’s personal data)
• Confirm there is no legal reason to preserve this data

 

If both conditions are satisfied, we will forward the request to Shopify and also delete the data in our system. In addition to that, we will also work with any relevant third parties to make sure that they delete or anonymise the personal data.

Timing

Personal data associated with an order cannot be erased while the order is pending or within 180 days after the order to account for potential chargebacks. We will re-submit the deletion request once this period has passed.

Scope

When processing a request for erasure, we (and Shopify) will anonymise the personal data of the buyer, but keep non-personal data such as revenue information and order details. Order details that are retained include the gateway used to process payment, time of sale, amount paid, currency, subtotal, shipping cost, taxes added, shipping method, item quantity, item name, SKU, and payment method.

Data portability

If you ask for it, we will provide you with your personal data upon request. This data will be provided in a commonly used and machine-readable format.

EXCEPTIONS APPLY - we may retain certain information as required by law or as necessary for our legitimate business purposes.

Opt-out

You can opt out of the collection of data. This includes:

• Cookies
• Social Sharing tools
• Google Tools
• Other user behaviour tools

Please note that you can opt out via different methods:

Our Cookies Management Tool

Using our own opt-out via https://awesome-maps.com/pages/webtracking-opt-out. Please note that you will need to opt-out of each browser (Chrome, Firefox, Safari, etc.) and device (computer, phone, etc.).

Web Browser Controls

You can prevent the use of certain Tracking Tools, such as cookies using the controls in your web browser. These controls can be found here: Tools > Internet Options (or similar). Through your web browser, you may be able to:

• Delete existing Tracking Tools
• Disable future Tracking Tools
• Set your browser to provide you with a warning each time a cookie or certain other Tracking Tools are being set

Mobile Opt Out

Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of mobile app information for Behavioral Advertising. You may also opt-out of certain Tracking Tools on mobile devices by installing the DAA’s AppChoice app on your mobile device (for iTunes, visit https://itunes.apple.com/us/app/appchoices/id894822870?mt=8, for Android, visit https://play.google.com/store/apps/details?id=com.DAA.appchoices&hl=en). For more information, please visit http://support.apple.com/kb/HT4228, https://support.google.com/ads/answer/2662922?hl=en or http://www.applicationprivacy.org/expressing-your-behavioral-advertising-choices-on-a-mobile-device, as applicable.

 

Please be aware of this: some opt-outs are cookie based. This means that when opting-out you will have a cookie placed on your device that lets us know you have opted-out. If you delete your cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.

 

Emails: We will give you the ability to opt-out of marketing-related emails via a link at the bottom of each such email. You cannot opt-out of receiving certain non-marketing emails regarding the Service. For example if we sell the company, we will also send you an order confirmation and tracking if applicable.

Please note this: Opting-out of Behavioral Advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads from us.

Security

We work with partners who encrypt data and adhere to high security standards, such as Level 1 PCI-DSS compliance for online stores powered by Shopify. While we have agreements in place to ensure GDPR compliance, please note that no method of transmission over the internet or electronic storage is entirely secure, and we cannot guarantee absolute security.

 

Data Protection Authority complaint

If you believe this privacy policy is not in accordance with the GDPR, you have the right to file a complaint with your local data protection authority in accordance with Article 77 of the GDPR.

 

DATA PROTECTION OFFICER

We are a small company and do not require a Data Protection Officer. However, we have appointed a contact person responsible for overseeing data protection matters. You can reach out to them at data@awesome-maps.com for any concerns.

 

CHILDREN

People under 18 (or the legal age in your jurisdiction) are not permitted interact with us on their own. Awesome Maps does not knowingly collect any personal information from children under the age of 13 and children under 13 are not permitted to interact with us or buy from us. We do not process personal data of children under the age of 16 without verifiable parental consent, in compliance with GDPR.

If you believe that a child has provided us with personal information, please contact us at data@awesome-maps.com. If we become aware that a child under age 13 has provided us with personally identifiable information, we’ll delete it.