Last Modification: 27/10/2023 09:35

 

Language Options for the Privacy Policy

Italiano: Per una lettura della privacy policy in italiano, cliccate qui.

Deutsch: Für eine Lektüre der Datenschutzrichtlinie auf Deutsch, klicken Sie hier.

Español: Para una lectura de la política de privacidad en español, haga clic aquí.

Français: Pour une lecture de la politique de confidentialité en français, cliquez ici.

简体中文: 要阅读简体中文版隐私政策,请点击这里.

IMPORTANT INFORMATION

We would like to inform our users that the present Privacy Policy has been drafted and is valid for both Sabriel E-commerce (“https://sabrielecommerce.com“) and Sabriel Agency (“https://sabrielagency.com“). Previously, all the services offered by Sabriel were hosted on a single website. To enhance our offerings and specialize our online presence, we decided to divide these services between two distinct sites.

Despite this division, Sabriel E-commerce and Sabriel Agency remain closely linked in terms of data management and privacy policies. The split is intended to optimize user experience and provide more targeted and specific access to the various services we offer. However, the security, protection of personal data, and respect for the privacy of our users remain an unchanged and constant priority across both sites.

Our Privacy Policy reflects this shared commitment to data protection and transparency. Therefore, any reference to personal data, privacy management, user rights, and other relevant regulations are equally and consistently applicable across both Sabriel websites.

For any questions or clarifications regarding our Privacy Policy and the handling of personal data across the two sites, we invite you to contact us through the communication channels provided on each site. We are committed to maintaining a high standard of transparency and openness in the management of your personal information on both platforms.

We thank you for your trust in Sabriel E-commerce and Sabriel Agency and are committed to continuing to offer you high-quality services while ensuring your online privacy and security.

Introduction

Welcome to Sabriel-Ecommerce! This Privacy Policy has been crafted to provide you with a clear understanding of how we collect, use, and protect your personal data when you interact with our website at https://sabrielecommerce.com. I am Sara Casciaro, the owner of Sabriel-Ecommerce. Our company, headquartered in Feldafing (82340), Germany, at Pöckinger Fussweg 12A, is committed to ensuring the security and confidentiality of your personal data in full compliance with data protection laws. Our company’s tax identification number is 161/209/12023, and our VAT identification number is DE362327736. Additionally, as the sole administrator, I also serve as the Data Protection Officer (DPO) of Sabriel-Ecommerce, responsible for overseeing and ensuring compliance with data protection laws within the company. Thank you for your trust in Sabriel-Ecommerce.

If you have any questions or concerns about how we handle your personal data, please do not hesitate to contact us. We are here to assist you. You can reach us personally through any of the following methods:

We strongly encourage you to carefully read this Privacy Policy to get a comprehensive overview of how we treat your data.

To get support for any issues or inquiries, we are at your service through the methods listed above. Additionally, we recommend you to carefully read our Cookie Policy and our Terms and Conditions to fully understand how our website operates. These tools are important for gaining a clear understanding of our operations.

Thank you again for your trust in Sabriel-Ecommerce. We are here to ensure you have a secure and satisfying experience.

We recognize the importance of your privacy and assure you that your personal data is treated with the utmost respect and protection. We have adopted appropriate measures to ensure the security of the data you provide to us. Additionally, we use the HTTPS protocol and SSL to enhance security during browsing. As you scroll below this Privacy Policy page, you will find further details about the security of our website and your information, including information about our choice of highly secure hosting.

Furthermore, it’s important to emphasize that we use the Jetpack plugin as additional layers of protection for our website.

Customer data is securely stored in our WordPress database, which constitutes the vital core of our website. This database is subjected to stringent protection measures, ensuring uninterrupted site operation and encompassing registration details, posted comments, and user interactions. Our commitment to data security is further reinforced by the deliberate selection of specific plugins, enhancing the site’s functionalities. These plugins collect data, which is also safeguarded within the WordPress database, often in separate tables dedicated to each plugin. Importantly, our database is hosted on SiteGround, an extremely secure hosting provider. This additional layer of security from SiteGround further enhances the protection of our data.

In compliance with applicable data protection laws, we are committed to adhering to the General Data Protection Regulation (GDPR) and privacy laws in the countries where we operate, ensuring the full protection of personal information and providing detailed explanations for clear understanding. We will retain the data for only as long as required for the stated purposes; for more information on data retention, please refer to our Cookie Policy.

Description of our E-Commerce

Sabriel-Ecommerce is a unique space where myself, Sara Casciaro, along with other registered vendors, offer a wide selection of products, including both physical and digital goods, to meet your needs. Our platform not only provides you with high-quality products but also extends to a comprehensive range of additional services, including:

  • Website Development: Customized website creation and development tailored to your specific requirements.
  • Creative Graphic Solutions: Designing captivating graphics for advertising, branding, and more.
  • SEO Optimization: Optimizing your website to enhance visibility on search engines.
  • Creation of Logos and Photographic Banners: Crafting distinctive logos and eye-catching photographic banners.
  • Assistance for Advertising with Facebook and Google Ads: Support for creating and managing advertising campaigns on these prominent platforms.
  • Ongoing Assistance for Website or Business Launch: Continuous support in launching your website or business endeavor.
  • Creation of Business Cards: Designing and producing professional business cards.
  • Graphics and Video for Advertising: Crafting appealing graphics and videos for your advertising campaigns.

We want your experience on Sabriel-Ecommerce to be comprehensive and rewarding. It’s important to note that we operate as a multivendor platform, allowing anyone to register as a seller and offer their products within our E-commerce space. However, certain requirements need to be met: sellers must possess a valid VAT number and have an open commercial activity. This criterion ensures that we maintain high standards of quality and professionalism across the range of products offered.

We warmly invite you to review our Terms and Conditions to fully understand the details of your interactions with our site. Your awareness of these aspects is crucial for a satisfying experience. Additionally, please take a moment to visit our Cookie Policy to learn about data retention periods.

Definitions

Seller/Supplier: This term refers to individual sellers or companies registered on the “Sabriel E-Commerce/Sabriel Agency” website to offer their products for sale to buyers.

Buyer/Client: This term is used to refer to individuals who purchase products or services from suppliers through the “Sabriel E-Commerce/Sabriel Agency” website.

User: This term collectively refers to any individual or entity accessing or using the “Sabriel E-Commerce/Sabriel Agency” website. Users can include both sellers and buyers, as well as any other person or entity visiting or interacting with the online platform.

Sabriel E-Commerce/Sara Casciaro/Administrators/Team: These terms collectively refer to the owner of the “Sabriel E-Commerce/Sabriel Agency” website, identified as Sara Casciaro. This team is responsible for providing the platform, graphic and web design services, and is also the main supplier of Sabriel brand products. Currently, the company is exclusively led by a single owner without any other administrators or team members.

Guest: This term refers to guests who visit and use the “Sabriel E-Commerce/Sabriel Agency” website without the need to register. Guests can browse the site, view products, and information without creating an account or accessing a registration.

“Website” or “My/Our website”: We refer to our website as a whole, encompassing all pages, content, and functionalities accessible through the specific domain or related web address. When we mention ‘Our website,’ we are referring to the website that we own or manage. By using the term ‘Website’ or ‘Our website’ in our Privacy Policy, we are referring to all constituent parts and content present on the platform.

Legal Bases for Processing Personal Data

Consent: We may process your personal data when you have provided your explicit consent for specific purposes. However, not for all data listed in this Privacy Policy.

Contractual Obligations: We may process your personal data when it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.

Legitimate Interests: We may process your personal data based on our legitimate interests or the legitimate interests of third parties, provided that such interests are not overridden by your rights, interests, or freedoms.

Compliance with Legal Obligations: The processing of your personal data may be necessary to comply with legal obligations to which the data controller is subject.

Rights Of Users

  • Access to Personal Data: Users have the right to request information about the personal data we collect, how it is used, and with whom it is shared. However, we may not be able to provide certain sensitive or protected information for security or confidentiality reasons.
  • Rectification of Personal Data: Users can request the correction of inaccurate or incomplete personal data. We will make every effort to make the requested corrections, but some information may be retained for legal or contractual purposes.
  • Erasure of Personal Data: In certain circumstances, users have the right to request the erasure of their personal data. However, there may be limitations if the data is required to comply with legal or contractual obligations.
  • Restriction of Personal Data Processing: Users can request the restriction of personal data processing when there are disputes about its accuracy or lawfulness. However, we may continue to store the data during the dispute period.
  • Data Portability: Users have the right to receive a copy of their personal data in a structured, machine-readable format to transfer it to another service provider. However, this right may not apply if there are legal or contractual obligations to retain the data.
  • Right to Object: Users can object to the processing of their personal data in certain circumstances, such as profiling, unless there are legitimate reasons for the processing. In such cases, we may continue processing the data in accordance with those legitimate reasons.
  • Right to Not Be Subject to Automated Decision-Making: Users have the right not to be subject to decisions based solely on automated processes if it has a significant impact on them. However, this right may not apply if the processing is necessary for the performance of a contract or is permitted by law.
  • Right to Lodge a Complaint: Users have the right to lodge a complaint with the competent data protection authority if they believe that the processing of their personal data violates applicable privacy laws.

For our users in Brazil

For users in Brazil engaging with our website and e-commerce platform, as well as all related activities, there may be a need for additional rights or information. While our privacy policy contains all the necessary details, here we will outline any additional rights they might have and clarify certain matters.

User Rights

In addition to the basic rights listed in our privacy policy, users from Brazil may have the following rights.

In accordance with the Brazilian General Data Protection Law (LGPD), users residing in Brazil have the following rights regarding their personal data:

Confirmation of Data Processing: Users have the right to receive confirmation of the existence of personal data processing activities.

Anonymization, Blocking, and Deletion: Users have the right to request the anonymization, blocking, or deletion of unnecessary or excessive personal data, or any data processed in violation of the LGPD.

Request for Review: Users have the right to request a review of decisions made based on automated data processing that impact their interests. This includes decisions used to define their personal, professional, customer, credit profile, or aspects of their personality.

We are committed to respecting and facilitating the exercise of these rights by our Brazilian users. For further details on how to exercise these rights or for questions related to personal data processing, please refer to the contact details provided in the initial description of this privacy policy.

For users in the United States of America

These represent the entirety of the data that our website, “Sabriel E-Commerce/Sabriel Agency,” will collect, use, and share. This privacy policy was formulated on 01/10/2023 and did not involve data collection in the preceding 12 months. We will update this information in the event of substantial changes. To gain a comprehensive understanding of the data we will collect, use, and share, it is necessary to consult the entire privacy policy. This section is specific to residents of the United States of America, including states such as California and Virginia, as well as all other territories falling under its jurisdiction.

In order to fully comprehend information regarding data sharing with third parties, data retention periods, and the nature of the data collected and utilized, it is imperative to refer to the complete privacy policy, rather than confining one’s attention to this dedicated section.

To avoid duplications and confusion on this page, the rights mentioned previously in the “Rights” section, as well as those relevant to Brazilian users, which also apply to users in the United States of America, can still be exercised. We have created a specific section for U.S. users with rights that have not been explicitly listed earlier. In cases where certain rights have not been mentioned here but are included elsewhere in the policy, they can still be exercised in accordance with the applicable laws in your country.

For users engaging with our website and e-commerce platform, as well as all related activities, there may be a need to provide additional rights or information. While our privacy policy contains all the necessary details, here we will provide a list of additional rights and information that users, particularly those in Virginia, California, and other parts of the United States, may have, in accordance with the Virginia Consumer Data Protection Act (VCDPA) and the California Privacy Rights Act (CPRA), regarding their personal data:

User Rights

In addition to the fundamental rights listed in our privacy policy, users in the United States of America, including specifically those in Virginia, California, and elsewhere, may have the following rights:

Non Discrimination Right

We recognize and guarantee your right not to be subjected to discrimination by us in any way for exercising your privacy rights. Your exercise of these rights will not result in any penalty or disadvantage from us. We are committed to respecting and safeguarding your privacy and ensuring that the exercise of your rights has no adverse consequences.

Right to Object to Data Sale and Sharing

In compliance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), consumers in the United States have the right to object to the sale of their personal data by our company. Furthermore, these rights also extend to the sharing of personal data for commercial purposes. If you wish to object to such practices regarding your personal data, you can do so by contacting us using the contact details provided in the “Contact” section of this privacy policy.

Right to Know and Opt-Out Notice

You have the right to request access to your personal data collected in the preceding 12 months, in accordance with the CCPA. The CPRA extends this period in certain specific circumstances, allowing you to access personal information collected about you even beyond the 12-month limit. We are committed to providing you with transparent information about what personal data is being sold or shared and with whom. Furthermore, each time a transaction or an attempt to use a product implies the sale or sharing of personal data, and you have previously opted out, we will provide you with a notice. This notice will contain instructions on how you can provide your consent again (opt-in) if you wish to do so.

Right to Opt-In for Minors

We want to emphasize that our website and related activities are not intended for minors, and we do not allow individuals under the legal age of majority to register or use our website. Any use by minors must be done under the supervision of their parents or legal guardians, who are fully responsible for the actions of minors. In accordance with applicable laws, parents or legal guardians must provide the necessary consent for any activities involving the personal data of minors. Activities carried out by guardians on behalf of minors must be conducted using the accounts or data of adults.

We Do Not Sell Your Personal Data

Your privacy is important to us, and we want to make it clear that we do not sell your personal data to third parties. This data non-sale policy is in compliance with the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), and related state laws concerning privacy.

We understand that your personal data is valuable, and you trust us to protect it. We have designed our service/website to collect only the information that is strictly necessary to provide you with a high-quality experience, ensure the security of our customers, and meet the needs of our service/website.

The personal data we collect is used exclusively for the following purposes:

  • Providing and improving our service/website.
  • Ensuring the security of accounts and transactions.
  • Complying with legal and regulatory obligations.
  • Communicating with you for legitimate purposes such as customer support or sending important updates.
  • To ensure the proper functioning of the platform/website, as well as related services such as website creation and more, and to effectively manage e-commerce and the multivendor system.

We will never sell, rent, or exchange your personal data for profit. Your privacy is at the core of our mission, and we take strict measures to protect it.

Privacy Regulations and Data Management for Website and Plugins

Security and Data Transfer

At Sabriel E-Commerce/Sabriel Agency, we prioritize the security and privacy of your data. We want to reassure you that, currently, there is no data transfer initiated by us. Our Datacenter is located in Frankfurt, Europe, as specified in the Hosting section of our privacy policy. While the possibility of any future data transfer is highly unlikely, we wish to be transparent about our approach.

If a potential data transfer were to be considered in the future, it would be an extremely rare occurrence. We are committed to providing you with timely and transparent information. We will update our privacy policy 30 days prior to implementing any data transfer. This will provide us with the opportunity to notify you and ensure you have ample time to review and accept the updated policy before any changes take effect.

It’s important to underline that certain data might be processed and transferred outside of the European Union. However, this won’t be initiated by us. For instance, services like Stripe, which we use and are based in the United States, might involve such transfers. We encourage you to read their privacy policy to understand the security measures they have in place. Be assured that we exclusively use reputable plugins and services that fully comply with all relevant laws and security standards.

Your privacy is of paramount importance to us, and we are committed to maintaining the highest data protection standards. If you have any questions or concerns regarding data transfers or any aspect of our privacy policy, please do not hesitate to contact us.

CookieYes | GDPR Cookie Consent: This extension helps us to comply with GDPR regulations and the privacy laws of all states by adding a customizable consent banner to our website. This pop-up window appears immediately upon entering the site, allowing us to inform visitors about the use of cookies and obtain their consent. Once the banner is opened, users can directly see all the cookies that will be used, along with information about data processing and the duration of data retention. It’s important to note that users always have the option to modify their cookie preferences using the banner, which can be activated at any time to adjust preferences according to their needs. The service is provided by CookieYes Limited, which also acts as the data controller and is headquartered at 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom.

Usage of the CookieYes Plugin: At Sabriel-Ecommerce, we respect your privacy and adhere to the General Data Protection Regulation (GDPR) and privacy laws of all jurisdictions in which we operate. We use the “CookieYes” plugin to obtain your explicit consent for the use of non-essential cookies. This plugin helps us comply with privacy laws and ensures that you have control over your cookie preferences.

Types of Cookies Used: The “CookieYes” plugin enables us to manage different types of cookies, including:

Necessary Cookies: These cookies are essential for the functionality of the website and do not require your consent.

Functionality Cookies: These cookies enhance the website’s functionality, allowing us to remember your preferences.

Analytics Cookies: We use third-party cookies, such as Jetpack and others, to analyze user behavior and improve our site.

Performance Cookies: These cookies help improve the performance of the website by collecting and reporting information on how you use it.

Advertisement Cookies: These cookies are used to deliver advertisements that are relevant to your interests.

Uncategorized Cookies: Cookies that do not fall into the above categories.

For further details, please consult our Cookie Policy page.

Collection of Cookie Preferences: The “CookieYes” plugin presents a popup window when you visit our website, informing you about cookie usage and asking you to express your preferences. You can also manage your cookie preferences using the banner positioned at the bottom left of the site, depicting a half-cookie and the letter “Y” in white on a blue background.

Purpose of Cookie Usage: Data collected through the “CookieYes” plugin is used solely to obtain your consent for cookie usage and to comply with privacy laws.

The plugin will keep track of and save, for the necessary time for security, personal, and legal reasons, all of your consents, whether you have accepted them or refused them.

The Cookie Yes plugin, provided by the dedicated company, will have access to the data collected during the use of our website.

User Rights: You have the right to withdraw your consent for cookie usage at any time and to exercise the rights guaranteed by the GDPR. For further information or to exercise your rights, we invite you to contact us through the contact details provided in the initial description of this privacy policy page. Additionally, you can independently manage your preferences from the banner as described above. However, if you encounter any difficulties, we are here to assist you.

You also have the right to delete the preferences saved by the plugin. These preferences are stored in the Cookie Yes database and securely transmitted to Cookie Yes company to ensure the preservation of the preferences you choose. However, there may be limits to data deletion for legal and personal reasons, such as ensuring security and safeguarding our integrity.

Contact Us: Your privacy is a priority for us. If you have questions or concerns about the usage of the “CookieYes” plugin or the management of cookie preferences, we are here to assist you. We are committed to providing a secure online experience that respects your privacy choices. For more details, please refer to our Cookie Policy page.

WordPress

WordPress Data Collection

Sabriel E-Commerce/Sabriel Agency has been developed on the WordPress platform, collecting various types of data to ensure a seamless e-commerce experience.

By default, WordPress collects some basic information regarding user activities on the site. This data is primarily used for internal, administrative, security, and site management purposes. Here’s what WordPress could collect by default:

  • Browser type: WordPress collects information about the type of browser used by visitors. This may include details such as the browser’s name and version.
  • Language preference: WordPress collects information about the preferred language set in the visitor’s browser.
  • Referral site: WordPress records the website from which a visitor arrived at the site, known as the “referral site.” This can help understand how people discover the WordPress site.
  • Date and time of requests: WordPress logs the date and time of each request made by a visitor to our website. This helps track usage patterns over time.
  • IP addresses (Internet Protocol): WordPress collects visitors’ IP addresses. IP addresses are strings of numbers that identify a device connected to the internet. WordPress does not use IP addresses to identify visitors and does not disclose them unless treated as personally identifiable information.

Keep in mind that this is just what WordPress collects by default. To avoid any confusion and to make things simpler and clearer, we have listed each plugin along with every piece of data it might collect.

Such information may be shared with third parties, following WordPress guidelines. For more details, please refer to the WordPress privacy policy, which provides additional information. IP addresses are not used for individual identification, except in specific cases.

WordPress Data Protection

As previously mentioned, we want to assure you that all customer data, whether collected directly through WordPress or from plugins, is stored in our WordPress database. We are fully aware of the importance of data security and would like to share the protective measures implemented by WordPress to safeguard the integrity of your data:

  • Continuous Updates: WordPress is committed to consistently updating its software to address emerging threats and resolve vulnerabilities. We make sure to keep our website and plugins up to date to ensure maximum security.
  • Robust Authentication: WordPress offers various advanced authentication options, including two-factor authentication. This additional security layer protects access to our accounts from unauthorized entry.
  • Web Application Firewall (WAF): Many WordPress hosting solutions include a WAF, acting as a protective shield by blocking malicious traffic before it reaches the site. This adds an extra layer of security to our platform.
  • SSL/TLS Encryption: WordPress supports SSL/TLS encryption, establishing a secure connection between the user’s browser and the site’s server. This ensures that transmitted data is encrypted and shielded from prying eyes.
  • User Management: Within our WordPress site, we can assign specific roles and privileges to users. This reduces the risks associated with unauthorized access and ensures that only those with proper authorization can access certain functionalities.
  • Regular Backups: We perform regular backups of the site’s data, enabling us to restore information in case of issues. This practice helps ensure the safety of your data even in unforeseen circumstances.
  • Plugin and Theme Verification: Before installing any plugins or themes, we conduct thorough verification to avoid using insecure components. This helps prevent potential security vulnerabilities.
  • Constant Monitoring: We utilize monitoring tools to detect suspicious activities in real-time. This allows us to swiftly identify potential threats and take timely corrective actions.
  • Adherence to Guidelines: We strictly adhere to the security guidelines recommended by the WordPress community. This ensures proper configuration and effective protection.
  • Protection Against Attacks: WordPress architecture is designed with integrated mechanisms that resist cyberattacks. These mechanisms defend the data collected by WordPress from brute-force attacks and hacking attempts that could compromise security. Among the main defense systems of WordPress, we have:
    • Brute Force Attack Protection: WordPress implements a system that restricts the number of consecutive login attempts from a single IP address. This slows down or prevents attacks where various password combinations are tested until the correct one is found.
    • Malicious URL Filtering: WordPress employs filters to detect and block URLs that could be exploited in attacks. This helps prevent the execution of attacks through malicious URLs.
    • Malicious Request Filtering: The platform examines incoming HTTP requests and blocks those that appear suspicious or malicious, such as attempts to inject malicious code into the site.
    • XML-RPC Attack Prevention: WordPress offers the option to disable XML-RPC or implement measures to protect against attacks exploiting this functionality.
    • Spam Comment Mitigation: WordPress has mechanisms to identify and block spam comments, thereby reducing potential threats associated with malicious content.
    • Regular Updates: WordPress consistently releases updates that include security fixes to address known vulnerabilities. Keeping the software up to date is essential to protect against known attacks.
    • Plugin Isolation: Plugins in WordPress are segregated from one another to mitigate the impact of a vulnerability in one of them. This helps limit overall risk.
    • XSS Attack Prevention: WordPress uses sanitization techniques to clean incoming user input, thus preventing cross-site scripting (XSS) attacks.
    • Error Control: To prevent the disclosure of sensitive information, WordPress is configured to limit the display of PHP errors in the user’s browser.
    • File Upload Security: WordPress verifies attachments and uploaded files to identify potential attempts to upload malicious content.

Please note that the mentioned securities are basic measures from WordPress. By reading the Privacy Policy, you’ll discover additional protective measures we’ve implemented, as listed earlier, along with those provided by our hosting, SiteGround.

You can also check the WordPress privacy policy for more details.

Data Sharing within WordPress:

In our WordPress environment, data is secure and not shared externally, except when required for legal or security reasons, as elaborated extensively in our Privacy Policy. Some plugins might request access to user data, but each situation is clearly outlined in the privacy policy for comprehensive examination. It’s important to underline that, apart from the owner of the Sabriel E-Commerce/Sabriel Agency site, only our hosting provider, SiteGround, has access to data. This practice is common and fundamental as SiteGround hosts our website on its infrastructure, ensuring availability, functionality, maintenance, technical issue resolution, and security. The owner or administrator of the WordPress site doesn’t have direct access to our users’ data, only providing the platform. Proper management guarantees user privacy and compliance with data protection regulations through security measures, strong passwords, and limited access. Transparency is maintained through a clear Privacy Policy. In short, respect and responsibility in data management are pivotal for user security and privacy.

NOTE: PASSWORDS ARE NOT INCLUDED. Passwords are encrypted, and even we, the administrators of Sabriel E-Commerce/Sabriel Agency, do not have access to your passwords. We do not have access to banking data due to the high security systems.

Purpose of Data Processing

The data used by WordPress is collected to ensure the functionality of the platform. WordPress is an open-source platform that we rely on to create our website.

User Rights

Regarding the exercise of certain rights such as data rectification, data deletion, data limitation, data access, data portability, objection to processing, and requests not to be subjected to automated decisions or profiling, you should refer to the privacy guidelines of WordPress. These entered data constitute a description of the default data that WordPress.org takes, not us. Although most of these rights probably do not need to be applied, as there is no necessity.

Akismet Anti-Spam

Akismet Anti-Spam: Akismet is a widely used anti-spam protection plugin that filters out spam comments on our WordPress site. This tool utilizes advanced algorithms to detect and prevent the publication of unwanted content. To use this service, it’s necessary to connect via a dedicated API. The service is provided by Aut O’Mattic A8C Ireland Ltd., located at Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland. Automattic Inc. is also the data controller for most of the processed data.

Personal data that Akismet might collect and process as part of its anti-spam filtering service. These data might include:

  • Browser Data: Akismet may collect the browser’s “user agent,” including information such as the browser name and version, to help detect suspicious activity.
  • Comment Data: Akismet may analyze the content of comments, including text, links, and structure, to determine the likelihood of them being spam.
  • Technical Data from Visitor’s Computer and Similar: Akismet may collect information generally made available by web browsers, mobile devices, and servers about site visitors, such as IP address, browser type, unique device identifiers, language preferences, referring site, access date and time, operating system, and mobile network information.
  • Visitor Interactions: Akismet may gather information about visitor interactions, such as “Ratings” left by site visitors.
  • Location Information: Akismet may determine the approximate location of a visitor’s device from the IP address. We may also collect additional information entered by a visitor on the site, such as submitting a contact form, a search query, or registering with the site system…

Purpose of Data Processing: It is important to emphasize that these data are processed with the aim of identifying and preventing spam. They are not used for marketing or profiling purposes.

It’s important to note that these data might be shared with third parties, including Akismet Antispam and their parent company as listed above.

For more in-depth information, you can refer to the privacy policy of Askismet Anti-Spam.

HCaptcha

Introduction to HCaptcha: HCaptcha is a human verification system used on our website to ensure that interactions are carried out by humans rather than automated programs known as bots. This system helps prevent spam, DDoS attacks, and other malicious activities that could negatively impact the performance and security of our site. HCaptcha serves as an alternative to the traditional CAPTCHA test and requires users to complete a challenge that demonstrates their authenticity as legitimate users. It’s an additional tool to protect and enhance the user experience on our site.

Data Processed by HCaptcha: Upon accessing our website, HCaptcha may collect and process certain data, including:

  • IP address

Purpose of Data Processing:

The data collection by HCaptcha is highly limited. HCaptcha operates by analyzing user behavior patterns through the selection of various images, much like most similar systems, to identify potentially harmful activities. It’s worth noting that the data collected by HCaptcha in this case, namely the IP address, is shared with third parties such as the producing company itself, as mentioned earlier. It’s important to emphasize that before being shared, the user’s IP address is anonymized.

Contact Form 7

Plugin Purpose: Contact Form 7 is a widely used contact form builder for WordPress. It allows creating and managing multiple contact forms, customizing fields, and managing email notifications.

User Registration Contact Information: The contact form collects data including:

  1. Username
  2. Email address
  3. Sensitive data like password These details are crucial for user registration and accessing services. (Naturally no one will have access to your passwords, including us.)

Seller Registration Contact Information: If a seller intends to sell on the platform, the form may ask for additional information:

  1. Name
  2. Surname
  3. Store Email
  4. Phone number
  5. Store name
  6. Store address (street, country, city, postal code)
  7. VAT number

To register as a seller, sellers will still need to fill out the first 3 fields in addition to the added fields (Username, Email, and Password).

As previously mentioned earlier, during the registration process we will also have access to:

  • User Role: The Role Assigned to the User (such as Administrator, Author, Reader, etc.).

Messages and Comments: Content entered in the designated text area of the form, such as messages and comments, is gathered and processed to facilitate communication and provide suitable responses.

Purpose of Data Processing

Processing this data is essential to ensure the proper functioning of the contact form and registration/access services. Additionally, these data will be used for all processes on this website, including but not limited to product purchases, payments, billing, support requests, and all other related actions. These are the primary data types. By reading this policy, we will provide you with a comprehensive list of which specific data will be used for each action/plugin, along with the other collected information.

Newsletter

Subscription to the Newsletter: By subscribing to our newsletter, managed through MC4WP: Mailchimp, you have the opportunity to receive updates, special offers, and news related to our products and services. Subscription is voluntary and requires your explicit consent. To use this service, we connect through an API. MC4WP – Mailchimp is one of the products offered by The Rocket Science Group LLC, which is also the main data controller and is part of the Intuit company. Additionally, the WordPress plugin was developed by a smaller company, Ibericode BV, with its headquarters located at St. Jacobslaan 51, 6533BP Nijmegen.

Required Data: To subscribe to the newsletter, we ask for your email address. This email address will be used solely to send you the newsletter and related communications.

Explicit Consent: Before proceeding with the newsletter subscription, we will ask you to provide your explicit consent through a checkbox. By agreeing to subscribe, you confirm that you have read and understood this clause and our privacy policies. Your subscription will not be completed until you have provided your explicit consent.

Purpose of Data Processing: The email address provided during the newsletter subscription is used exclusively to send relevant communications such as updates, offers, and news. We do not share this information with third parties and only use it in compliance with privacy laws.

Unsubscribe from the newsletter

To unsubscribe from the newsletter, you can contact us using the contact details listed on our page or use the link provided in every email sent through the newsletter. The link will allow you to unsubscribe quickly and easily.

The companies described above and third parties may also have access to the data described above. For more information, please refer to their privacy policy.

Nextend Social Login

Nextend Social Login: Nextend Social Login adds social media authentication options to our site. Visitors can log in or register using their social media accounts, such as Facebook and Google. The Nextend Social Login application for connecting to our APIs to provide Facebook and Google login services on our site is offered by Nextendweb Kft, located in Hungary: Rét utca 21, Apartment 3, 9024 Gyor.

  • Nextend Social Login with Facebook: We are using an API to provide authentication service through Facebook. The service is offered to us by Meta Platforms Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The permissions granted, as described below, are solely required for authentication and registration purposes. The subsequent sections outline the potential data categories involved, considering the information that the plugin may gather and process from the user’s Facebook profile.

Facebook Social Profile Data: When a user chooses to log in or register through their Facebook account, the plugin may collect publicly available information from the user’s Facebook profile, such as:

  • Name: The user’s name as provided on Facebook.
  • Profile Picture: The user’s profile picture associated with the Facebook account.
  • Associated Contact Information: Some contact information may be collected, such as email address, if the user has chosen to share it on Facebook.

When you connect to our site through Facebook Login and the Facebook API, there might be a possibility that Facebook could access information like login times and other usage metrics. These data contribute to ensuring security and enhancing the user experience. Rest assured that Facebook adheres to strict privacy policies to safeguard user information.

Purpose of Data Processing

We want to emphasize that Nextend Social Login with the Facebook login option is used to simplify the authentication and registration process through the user’s Facebook account. The collected data is treated in compliance with privacy laws and is not shared with third parties without the user’s consent.

  • Nextend Social Login with Google: We are using an API to provide authentication service through Google. The service is offered to us by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland. The permissions granted, as described below, are solely required for authentication and registration purposes. The subsequent sections outline the potential data categories involved, considering the information that the plugin may gather and process from the user’s Google profile.

Google Social Profile Data: When a user chooses to log in or register through their Google account, the plugin may collect publicly available information from the user’s Google profile, such as:

  • Name: The user’s name as provided on Google.
  • Profile Picture: The user’s profile picture associated with the Google account.
  • Associated Contact Information: Some contact information may be collected, such as the email address, if the user has chosen to share it on Google.

When you connect to our site through Google Login and the Google API, there might be a possibility that Google could access information like login times and other usage metrics. These data help ensure security and enhance the user experience. Rest assured, Google adheres to strict privacy policies to safeguard user information.

Purpose of Data Processing

We want to emphasize that Nextend Social Login with the option of accessing via Google is used to simplify the authentication and registration process through the user’s Google account. The collected data is processed in accordance with privacy laws and is not shared with third parties without the user’s consent.

Facebook Chat

Our website includes a live chat service based on Messenger integrated into our site. This service allows visitors to our website to communicate directly with us, providing a real-time communication channel. Through this chat, you can ask questions, receive assistance, or initiate a conversation with us. The service is provided by Meta Platforms Ireland Ltd, Community Operations, 4 Grand Canal Square, Dublin 2, Ireland.

Please note that conversations through the live chat Messenger may include the sharing of personal or sensitive information. Therefore, we want to emphasize that we respect your privacy and are committed to protecting any information shared with us through this platform.

All information shared through the live chat Messenger will be handled in accordance with our privacy policy.

Personal or sensitive data we may collect

Our website does not collect personal data in our database during the use of this application; the data and chats will be collected in Facebook’s database, and this plugin is subject to Meta’s terms and conditions and privacy policy.

During the chat, there will be 2 chat initiation options: you can chat with your Facebook profile or as a Guest. If you choose to chat with your Facebook profile, we will have access to your public Facebook profile and all the data you have chosen to make public.

 

YITH Multi Vendor Premium

YITH Multi Vendor Premium: A premium YITH plugin enables us to create a marketplace where various vendors can have their individual stores. These vendors can manage their products and handle sales independently, while I, as the marketplace owner, oversee and supervise the entire marketplace. This plugin is provided by YOUR INSPIRATION SOLUTIONS, S.L.U, headquartered at Calle San Francisco, 63, Bajo derecha, C.P.: 38001, Santa Cruz de Tenerife, Tenerife, Canary Islands, Spain.

Below, we list the specific categories of data that might be involved, considering all potential data that the plugin could collect and process:

  • Name and Surname: The names and surnames of vendors are automatically collected for proper identification within the context of the multi-vendor marketplace.
  • Email Address: The email addresses associated with vendors are collected for communication and notification purposes related to business activities.
  • VAT Identification Number (VAT ID): The VAT ID numbers of vendors are collected for tax, administrative, and security purposes.
  • Sales Commissions: Information about commissions applied to sales made by vendors is collected for financial calculations.
  • Abuse Reports: It could collect reports of behaviors reported as abusive or inappropriate by customers or other vendors to ensure the integrity of the platform.

Vendors will be approved by the administrator for security purposes after a thorough review. The platform will also indicate whether the vendor has accepted our privacy policy and terms and conditions. If the vendor does not accept our policy, they will not be able to sell on our platform.

Purpose of Data Processing

The collected data will be used to operate the multi-vendor system on our website and for accounting purposes.

WooCommerce

WooCommerce is a powerful and flexible e-commerce platform that powers our online store. Integrated with the WordPress content management system, WooCommerce allows us to efficiently create and manage a virtual store. This highly customizable extension offers a wide range of features, enabling us to list products, manage orders, provide payment options, and much more. Thanks to WooCommerce, we can offer our customers an intuitive, seamless, and highly personalized online shopping experience. This service is provided by WooCommerce Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland. Automatic Inc. is primarily responsible for most of the collected data.

WooCommerce Shipping & Tax

WooCommerce Shipping & Tax is an integrated extension within the WooCommerce ecosystem aimed at simplifying shipping and tax management. This tool enables us to create customized rules for shipping options, allowing us to offer precise and adaptable shipping rates based on customer preferences. Furthermore, this extension assists us in accurately managing sales taxes, ensuring compliance with local and international tax regulations. This ensures that our customers see accurate shipping rates and that taxes are applied correctly to their purchases.

Personal Data Collected

During the purchasing process and while navigating our website, we may collect the following personal data:

  • First and last name
  • Billing and shipping address
  • Email address
  • Phone number
  • Purchase details, including purchased products, quantity, and price
  • Refund details and canceled products
  • Product reviews written by customers

These data could be shared with third parties for shipping and management purposes, such as Stripe, PayPal when used for processing payments, Yoast SEO to optimize search engine visibility, and other platforms. Yiith Order & Shipment Tracking, used for shipment tracking management, might access the information. Additionally, certain details might be shared with other vendors from whom purchases are made for sales and shipping management.

Purpose of Data Processing

Order Processing: Customer data is collected to manage order processing, including product purchases, invoicing, and shipping fulfillment.

Service Communications: Data is used to send communications related to orders, such as purchase confirmations, order status updates, and shipping information.

Shipping and Tax Management: Data is used to calculate shipping rates, provide shipping options to customers, and manage taxes in accordance with local and international tax regulations.

Customer Support: Customer data is used to provide post-sale assistance, resolve issues related to products or services, and manage returns or replacements.

Product Reviews: Customers can leave reviews about purchased products, which are published to provide information to other buyers and improve product quality.

Usage Analysis: Data can be analyzed to understand how customers interact with the website, identify popular products, and enhance the user experience. (These analyses are not automated; administrators independently review sales on a case-by-case basis.)

Regulatory Compliance: Data is used to ensure compliance with tax laws and sales regulations, including billing requirements and tax application.

Security and Fraud Prevention: Data may be used to ensure the security of the website and prevent fraudulent or abusive activities.

Data Retention: Data is retained for a certain period for administrative and legal purposes.

TranslatePress – Multilingual

Description of TranslatePress – Multilingual Extension

The TranslatePress – Multilingual extension has been integrated to enable the translation of our WordPress site’s content directly from the frontend. This plugin offers a visual translation interface, simplifying the creation of multilingual websites. The “TranslatePress – Multilingual” service has been provided to us by Reflection Media SRL, with headquarters at Armoniei, No. 2A, 6th floor, Apartment 49, Timisoara, Romania.

Data Collected by TranslatePress – Multilingual Extension

The usage of the TranslatePress – Multilingual extension relies solely on this data for the processing of the multilingual translation service.

  • Language preferences: The TranslatePress plugin records language choices based on visitors’ browser settings and their IP addresses to automatically direct them to the default version of the website in their country. Following this initial selection, this preference is stored in cookies, ensuring that the chosen language remains the same for future visits. Users retain the flexibility to change the language at any time thereafter. Additionally, users have the option to decide whether to use the plugin’s language preference or not..
  • Geolocation data: TranslatePress may collect information about the user’s geographical location through their IP address to redirect them to the appropriate country language.

Purpose of Data Processing

  • Enhancing user experience: Visual content translation enables users to access the site in their preferred language, enhancing the overall experience.

Paypal

Payment Processing via PayPal

We want to provide you with a comprehensive overview of how personal data is handled through the use of the PayPal payment service, integrated into our Multi-Vendor E-Commerce platform to enable our customers to make online purchases. However, it is crucial to emphasize that we provide the online selling service, while PayPal directly handles the payments made by our customers.

PayPal (Europe) Sarl et Cie, S.C.A. is the data controller for personal data collected and processed in connection with personal data obtained during the use of services within the European Economic Area (EEA) and the United Kingdom (UK), as indicated in their privacy policy.

Some third parties with whom we share Personal Data are independent data controllers. This means that PayPal will not dictate how the shared data will be treated by these third parties. We encourage you to read their privacy policies and familiarize yourself with your privacy rights before interacting with them.

PayPal: A Reliable Payment Service

PayPal is a well-known online payment service that operates through a network of globally distributed servers and data centers. Below, we outline the specific categories of data that may be involved through the PayPal payment service, taking into consideration all potential data that PayPal may collect and process:

Payment Data: Transparent Information

During the purchase process, PayPal may collect and process data related to payments made by our customers. This data may include:

  • Transaction Details: Information about the transaction made, such as the amount, currency, date, and time of purchase.
  • Payment Information: Details related to the payment method used, which may include information about credit cards or PayPal accounts.
  • Billing Information: Data related to the billing address provided during the payment process.
  • Order Details: Information about the placed order, including the purchased products and their respective quantities.
  • Service Interactions: Any communications between our customers and the PayPal payment service during the payment process.
  • Technical Data: Technical information about the user’s device, browser, and IP address during the payment process, aimed at ensuring service quality and security.

It’s important to highlight that we solely provide the online selling service through our Multi-Vendor E-Commerce platform, while PayPal is responsible for the direct processing of payments made by our customers. All data collected during the payment process is managed by PayPal in accordance with data protection regulations, including the GDPR and other applicable privacy laws.

Commitment to Data Security

PayPal is committed to ensuring the security of customer data and adopting adequate measures to protect personal information during the payment process. It’s worth noting that PayPal is certified according to the Payment Card Industry Data Security Standard (PCI DSS), demonstrating compliance with rigorous security measures.

For Further Information

For complete details regarding data retention, security measures, and data processing associated with PayPal, we encourage you to refer directly to the policies and information provided by PayPal.

Contact Information:

PayPal Data Protection Officer (DPO): PayPal (Europe) S.à.r.l. et Cie, S.C.A. Address: 22-24 Boulevard Royal, L-2449 Luxembourg.

For UK Residents: GDPR Representative (Bird & Bird UK): Address: 12 New Fetter Lane, Holborn, London EC4A 1JP.

Purpose of Data Processing

The use of PayPal is exclusively intended to provide a secure payment system on our website during purchases.

User Rights

  • We provide the payment service through PayPal. To exercise your rights of access, rectification, erasure, restriction, portability, objection, or request not to be subject to automated decisions regarding your data, please refer directly to PayPal and their privacy policy. We act solely as intermediaries for the payment service, while PayPal is the reference point for your rights regarding personal data.

Stripe

Payment Processing through Stripe

Our aim is to provide you with a comprehensive overview of how personal data is managed through the utilization of Stripe’s payment processing service, integrated into our Multi-Vendor E-Commerce platform to facilitate online payments for our customers. Please note that while Stripe provides the payment services, our customers utilize this platform to make payments related to products purchased on our platform. The Stripe Connect service is provided by Stripe Payments Europe, Limited, and is connected to our website. We use an API with this payment gateway for our store. The datacenter hosting our services is located in Amazon Web Services (AWS) data centers in the United States. Stripe is recognized for its reliability and security in offering online payment solutions. For more information, please refer to Stripe’s Privacy Policy.

Payment Data: Transparency in Information

During the purchase process, Stripe may collect and process data related to payments made by our customers. This data may include:

  • Transaction Details: Information about the transaction made, such as the amount, currency, date, and time of purchase.
  • Credit Card Data: Details related to the payment method used, which could include information about credit cards or Stripe accounts.
  • Billing Information: Data related to the billing address provided during the payment process.
  • Order Details: Information about the order placed, such as the purchased products and their quantities.
  • Interactions with the Service: Any communications between our customers and the Stripe payment service during the payment process.
  • Technical Data: Technical information about the user’s device, browser, and IP address during the payment process, to ensure the quality and security of the service.

Security and Data Handling

We want to emphasize that payment processing through Stripe takes place outside of our E-Commerce Multivendor platform and occurs directly on the Stripe platform. This process is carried out in compliance with data protection regulations, including GDPR and applicable privacy laws.

Stripe is committed to ensuring the security of customer data and adopting appropriate measures to protect personal information during the payment process. Additionally, Stripe is certified according to the Payment Card Industry Data Security Standard (PCI DSS), demonstrating compliance with rigorous security measures.

Contacts

To contact Stripe, you can do so by visiting their Support page.

To contact the data protection officer of Stripe, please reach out to: dpo@stripe.com.

Purpose of Data Processing

The use of Stripe is exclusively intended to provide a secure payment system on our website during purchases.

User Rights

  • We provide the payment service through Stripe. To exercise your rights of access, rectification, erasure, restriction, portability, objection, or request not to be subject to automated decisions regarding your data, please refer directly to Stripe and their privacy policy. We act solely as intermediaries for the payment service, while Stripe is the reference point for your rights regarding personal data.

Hosting Services and Privacy

SiteGround High-Quality Hosting with Premium Wildcard SSL Certificate

We would like to inform you that our multi-vendor e-commerce platform is hosted on SiteGround, a renowned hosting provider. Our website is hosted in a data center located in Frankfurt, Germany, through SiteGround’s Spanish subsidiary known as SiteGround Spain S.L., with its headquarters at Calle de Prim 19, 28004 Madrid, Spain. SiteGround Spain S.L. also serves as the data controller. SiteGround is widely recognized for its reliability and security in offering high-quality hosting services.

Investing in Data Security

We are pleased to announce that we have invested in the security of our customers’ data by acquiring a Premium Wildcard SSL Certificate. This SSL certificate provides an advanced level of encryption and security, contributing to ensuring the protection of communications and online transactions on our website. It’s important to note that while the Premium Wildcard SSL Certificate is provided by the Let’s Encrypt association, it is a paid service that significantly enhances the security of our customers’ data. Additionally, we want to highlight that we utilize security protocols provided by SiteGround, including the HTTPS protocol.

The Safeguards Offered by Our Trusted Hosting

Let’s begin by stating that, much like any other platform, access to our account is safeguarded through a Username and Password. Thus, only I, the owner of Sabriel E-Commerce/Sabriel Agency, possess full control over the entire system. However, what protections does Siteground provide us with? I hereby outline the various security measures that have been implemented:

  • By default, all servers employ the latest version of PHP 7, accompanied by the latest security fixes.
  • Apache runs within a chroot environment, with suExec in effect. (The configuration of Apache in a chroot environment means that our web server is like a separate island, isolated from other parts of the system for enhanced security. Additionally, with suExec active, processes are executed with the appropriate permissions, helping to safeguard data and resources.)
  • Sophisticated IDS/IPS systems identify and thwart malicious bots and external attacks, enforcing intrusion detection and prevention.
  • ModSecurity is present across all shared servers, with security rules being updated on a weekly basis. This ensures customers are safeguarded against the most common attacks.
  • Automatic, hassle-free updates for the core version of WordPress and plugins are guaranteed.
  • We commit to maintaining up-to-date versions of all software used for database services such as FTP, SMTP, IMAP/POP3, HTTP, and HTTPS, ensuring they consistently incorporate the latest security patches.
  • Continuous monitoring is conducted to detect vulnerabilities in commonly used applications and modules. When feasible, virtual patches are developed in the form of WAF (Web Application Firewall) rules.
  • Access to user data is strictly restricted to authorized personnel, in adherence to stringent internal policies. Detailed records of all access are maintained.

This overview of implemented security measures is validated and affirmed by Siteground. It is important to underscore that the aforementioned is just an example of the numerous protections we offer to ensure the security of our clients’ data hosted on Siteground.

Additionally, they have a live chat customer service where the wait time is as short as 20 seconds, and they are available 24/7, 7 days a week for any issues.

If you wish to take a look at their Privacy Policy to learn more about the reliability and security they provide to customers, feel free to do so.

Policy for Access and Use of Data in the Multivendor Ecosystem of Sabriel-Ecommerce

In relation to our multivendor e-commerce platform, Sabriel-Ecommerce, we would like to highlight the following aspects:

User-Vendor Interactions and Data Sharing: Users making purchases on the Sabriel-Ecommerce platform can interact with other sellers or make purchases from different vendors within the same environment. During these interactions, users may grant sellers access to personal data, including name, surname, email, shipping address, and details of the purchased item. This information is shared to facilitate product shipping.

Access to User and Vendor Data: As administrators of Sabriel-Ecommerce, we want to inform you that we will have access to both customer data from purchases made with vendors and the personal data of the vendors themselves. This access is intended to provide necessary assistance and support in case of issues or disputes and to ensure the proper functioning of the platform. This practice is in place to enhance the overall shopping experience and maintain the functionality of the multivendor ecosystem.

Data Protection and Vendor Compliance: It is important to emphasize that the processing of data during these interactions is the responsibility of vendors. Vendors are required to comply with data protection laws, including the General Data Protection Regulation (GDPR) and relevant state regulations. Sabriel-Ecommerce does not assume responsibility for data processing activities carried out by vendors.

User Data Protection: Safeguarding the personal data of our users is of utmost priority. All personal data will be treated with the highest level of confidentiality and managed in accordance with data protection laws. We encourage users to review our Privacy Policy for a comprehensive understanding of how we manage personal data and ensure its security.

Contact Us: For further questions, clarifications, or information regarding the management of personal data, we invite users to get in touch with us using the contact information provided in the “Contact Us” section of our Privacy Policy.

Please keep in mind that ensuring the security of your account is paramount to us. Our system administrators will never ask you to provide your account password, nor will they request sensitive information related to your card, such as IBAN, expiration date, CVC code, or similar details.

If you ever receive such a request from anyone, please contact an administrator immediately. We will take prompt action to ensure your safety.

Also, remember that our administrators do not have access to your personal password or the details of your banking cards. Your security is at the heart of everything we do.

Support Communications via Email and Phone

In certain circumstances, when you reach out to us for assistance via email or phone, we would like to inform you about the collection of specific personal data for the purpose of providing you with support:

  1. First and Last Name: To address you appropriately during the communication.
  2. Email Address: Used exclusively to identify the communication and facilitate contact. We will not request further details via email.
  3. Phone Number: Utilized if you prefer communication through phone.
  4. Order ID: In cases where your contact is related to an order, we might request the order ID to accurately identify the transaction and efficiently resolve the issue.

All the provided data will be treated with the utmost confidentiality and will not be disclosed to third parties in any way. It is essential to highlight that the data provided during these communications will be used solely to provide the requested assistance, answer your inquiries, or resolve your issues.

Purpose of Data Processing

The use of the listed data will be exclusively for customer support and assistance requests related to products, accounts, and nothing else.

User Rights

Please note that due to limitations associated with communication via email or phone, it may not be possible to exercise certain rights, such as access, rectification, limitation, erasure, and data portability, through these channels. However, if you wish to exercise such rights or request further privacy information, you are free to do so through the methods described in our Privacy Policy. Additionally, for email transcripts, we will also retain a copy. In case you lose the email, you can request a copy from us.

Age Limit for Using the Sabriel E-Commerce/Sabriel Agency Ecosystem

We are committed to providing a safe and suitable environment for all age groups within the Sabriel E-Commerce/Sabriel Agency ecosystem. Therefore, it is important to emphasize that the use of the platform and the purchase of products are subject to an age limit.

Age Requirement: Accessing and using Sabriel E-Commerce/Sabriel Agency is only permitted for individuals aged 18 or older. Individuals under the age of 18 are not allowed to use the platform or make purchases through it.

Purchases for Minors: We acknowledge that within our range of products, there might be items suitable for minors. However, such purchases must be made by adults. Parents or legal guardians are responsible for supervising purchases made by minors under their care and ensuring they are appropriate.

Limitation of Liability for User-Vendor Interactions

In relation to our multivendor e-commerce platform, Sabriel-Ecommerce, it’s important to highlight that our users may interact with other vendors on the platform or make purchases from vendors other than us. It’s crucial to emphasize that vendors participating in our platform are required to adhere to our sales policies and established terms.

Primary Responsibilities of Vendors: However, given that interactions between users and third-party vendors occur outside of our direct control, we want to inform you that the primary responsibilities for such interactions lie with the vendors involved. Nonetheless, we remain available to offer support and assistance in case issues arise or there are concerns regarding these interactions.

Handling of Personal Data and Security: Regarding transactions or interactions directly involving us, we commit to complying with data protection laws and treating personal data with the utmost confidentiality and security.

Prioritizing the Shopping Experience and Sensitivity to Sensitive Data:

Our priority is to provide all users with a secure and satisfying shopping experience, regardless of the involved seller. However, it’s important to understand that in the event of disputes or issues with third-party sellers, we cannot assume any responsibility for their actions, business practices, or handling of sensitive data.

We strongly emphasize that we will never ask our users to share sensitive information such as passwords, login details, banking coordinates, IBANs, credit card information, or CVC codes. We urge you to exercise utmost caution and refrain from sharing such information with any seller. Otherwise, we cannot guarantee the security of data shared with third parties, and we distance ourselves from any consequences arising from such actions.

Assistance and Clarifications: We remain at your disposal for any questions, doubts, or assistance needed regarding interactions within our platform. Please do not hesitate to contact us directly for any issues that may arise.

Modification and Deletion of Profile Information

Profile Information Modification: Both users and vendors can easily modify their profile information by accessing the “My Account” section. Here, you can make updates to a wide range of details, billing address, shipping address, and other personal preferences. The modified information will be updated securely and in compliance with data protection laws.

Account Deletion and Personal Data: If you decide to delete your account, you can do so through the option available in the “My Account” section. This process is designed to ensure your privacy and compliance with data protection regulations. If you encounter any issues, you can also contact us using the contact information available at the beginning of this page’s description, and we will assist you in the process.

Deletion of Posts and Comments:

If you wish to delete the posts, comments, or reviews you have published on our platform, please contact us. Please note that these contents are an integral part of our website and contribute to its interaction and authenticity. However, if you disagree with their visibility, we can easily obscure your name, and if necessary, modify or remove personal data present in the comments or other sections.

Complete deletion of personal data will occur upon the cancellation of your account. To proceed with obscuring your name or making any changes to comments, we invite you to get in touch with us. We’ll be ready to collaborate with you to find the best solution based on the technical possibilities at our disposal and in accordance with your needs. However, please remember that for legal or accounting reasons, we may keep a copy of the necessary data as long as needed. A seller with an ongoing shipment or a customer with a pending purchase cannot delete their account; otherwise, we may take serious measures.

Your Privacy Is Our Priority: We recognize the value of your privacy and will always strive to uphold it. Our platform is designed to provide you with complete control over your personal information while ensuring compliance with data protection laws.

We Are Here for You: If you need assistance, have questions, or specific requirements, we encourage you to get in touch. Your experience with Sabriel-Ecommerce should be secure, personalized, and respectful of your privacy.

Comment and Review Management

We provide comprehensive details on the data processing related to comments and reviews.

Nature of Comments and Reviews: Comments and reviews serve as a means for users to interact and share opinions on the platform.

Use of Comments: Comments are used to facilitate communication and interaction among users.

Transparency of Reviews and Comments

  • In Added Comments: Added comments on the blog may include your name, surname, or username, the publication date, and the avatar linked to your profile. This information is displayed to facilitate transparent and open discussions among users.
  • In Product Reviews: Product reviews may include information such as your name, surname, or username, the assigned product rating, the text of the review, the publication date, and the avatar linked to your profile. This data is shared to ensure transparency and trust in product evaluations.

Privacy of Sensitive Data: We kindly request that you refrain from sharing sensitive data in comments or reviews, such as financial or personal information. This data may be visible to other users and could potentially be collected by third parties.

Public Profile

Nature of the Public Profile: Your Public Profile is a secure and private environment that allows you to share only certain personal information. You have the option to input a wide range of data into your Public Profile. However, please be aware that only your first and last name or username, along with the profile picture, will be visible to everyone. Regarding other information, certain plugins or services might have access to additional details. This aspect is already explained in detail within the current privacy policy. For further information, we recommend reading the entire privacy policy carefully.

Privacy and Data Protection: We have implemented rigorous security measures to ensure that the information in your Public Profile is safe and visible only to you and the site owner. Your information is obscured and not accessible to other users.

Exclusive Control: Only you have full control over the information contained in your Public Profile. No other user or external entity can access this information, ensuring the utmost confidentiality of your personal data.

Visibility of Data during Purchases: Please remember that, in the event of a purchase from a vendor, some information from your Public Profile, such as your name, billing address, and phone number, may be shared with the vendor to facilitate order shipment. This is necessary to ensure the proper execution of the purchase.

Privacy in Reviews: In the case of product reviews, in addition to the aforementioned data, the product rating you have provided may also be visible. This is necessary to ensure transparency and trust in reviews.

For Further Details: Remember that only some of the information in your Public Profile is visible in reviews and comments on the site, as well as to other vendors for product shipment purposes. To gain a comprehensive understanding of privacy and security practices, we invite you to carefully read the Privacy Policy.

Geolocation Usage

Nature of Geolocation: Our website employs geolocation functionality to gather approximate location information from visitors. This functionality enables us to personalize the user experience based on their geographic location.

Data Collected by Geolocation: Upon accessing our website, we may collect approximate geolocation data, which may include but is not limited to:

  • IP address
  • Approximate location data based on IP address
  • Country or city information

Additionally, we also utilize TranslatePress to provide an enhanced experience for visitors from various parts of the world. This may involve the use of geolocation data. It’s important to note that the use of geolocation can be implemented by various plugins for different purposes. Some plugins might utilize this information to personalize the user experience based on their geographical location.

It’s essential to emphasize that for a comprehensive understanding of plugins utilizing geolocation and how data is managed, reading the complete privacy policy available on our website is necessary. This notice has been specifically crafted to highlight the aspect of geolocation usage. However, all the details regarding how different plugins employ it are already provided in the previous descriptions of each individual plugin.

Additional Security Measures for Our Website

Jetpack

Jetpack is a versatile and powerful plugin designed to enhance the functionalities of our WordPress website. Created by Automattic, the same company behind WordPress.com, Jetpack offers a range of tools to optimize performance, improve security, and provide an enhanced experience to users. Below are listed some of the key features of Jetpack and the types of data it might collect.

Data that Jetpack Could Collect:

  • Approximate Geolocation: Jetpack may gather geolocation data to understand the general geographic origin of our website’s visitors. This data provides an overview of the regions where our users are located.
  • Visit and Interaction Details: Jetpack might collect information about the pages you visit and the time you spend on our website. Additionally, it could observe how you interact with content, such as sharing articles or leaving comments.
  • Traffic Source: We may observe where visitors come from, whether through search engines or links from other websites.
  • Technical Details: Jetpack could collect details about the device and browser you’re using. These data help ensure the site functions properly across various platforms.
  • Security Data: Jetpack could gather security-related information, such as unauthorized login attempts and suspicious activities. These data contribute to safeguarding the site against online threats.

Additionally, Jetpack provides us with further security measures for our website and our users. Jetpack offers additional protection through a Web Application Firewall (WAF) and safeguards against brute-force attempts (it prevents bots and hackers from trying to access our website using common username and password combinations).

Purpose of Data Processing

Site Security:

  • Monitoring Suspicious Activities: Jetpack collects data to monitor and detect unauthorized access attempts and unusual behaviors, serving as a protective shield against cyberattacks.
  • Preventing Brute Force Attacks: Data collection aims to identify and block brute force access attempts, reinforcing security to prevent unwanted access.
  • Attack Pattern Analysis: Analyzing data helps identify attack patterns and trends, enabling the adoption of increasingly effective preventive measures.

Performance Optimization:

  • Geographical Insights: Geolocation data is used to gain an overview of visitor origins, enabling content adaptation based on geographical regions.
  • Enhancing User Experience: Jetpack gathers details on visited pages and user interactions to identify areas for enhancing the browsing experience.

Technical Compatibility:

  • Technical Analysis: Technical details of devices and browsers are collected to ensure site compatibility across various platforms.

In summary, the Jetpack Plugin gathers a wide range of data, but our primary focus is on site security. The collected data is primarily used to safeguard our site from cybersecurity threats, prevent unauthorized access, and consistently enhance security measures.

SiteGround Security

SiteGround Security is the comprehensive solution offered by our hosting to protect our WordPress website. With carefully selected and easy-to-configure features, this plugin provides us with essential tools to counter threats like brute-force attacks, compromised logins, and data leaks. We efficiently fortify our website’s defenses with SiteGround Security.

The security features it provides include:

Site Security

  • Ensures the Security of Our Data: By selecting this option, we ensure that no unauthorized or harmful script can interfere with our sensitive data. This is a vulnerability often exploited, which we can block with a simple click.
  • Keeps Our Version of WordPress Confidential: Many attackers seek vulnerable versions of WordPress. We protect our site by hiding the version in use, thus avoiding becoming a target for large-scale attacks.
  • Restricts Access to Theme and Plugin Editors: By disabling the ability to directly edit the code of our themes and plugins, we prevent potential errors or unauthorized access through the WordPress editor.
  • Secures Our Site by Disabling XML-RPC: Unless we specifically use it, it’s advisable to disable XML-RPC. This protocol is frequently exploited by attackers, but we can easily shield ourselves from potential threats.
  • Protects Our Content by Hiding RSS and ATOM Feeds: RSS and ATOM feeds are often exploited for attacks. We enable them only if our readers use RSS feed readers.
  • Blocks XSS Attacks with Advanced Protection: We safeguard our site by activating this option, which adds security layers to prevent XSS attacks.
  • Mitigates Vulnerabilities by Removing the Readme.html File: WordPress includes a readme.html file with information about our site. Hackers exploit it to identify potential vulnerabilities, but we eliminate this threat.

Access Security

  • Custom Login URL: Attackers often attempt to exploit /wp-admin as the default WordPress login URL. Customizing it helps prevent these attacks and provides an easily memorable login URL.
  • Configure Login Access: By default, you can access our WordPress login from any IP. We can use this feature to allow access only from specific IPs or IP ranges, in order to prevent brute-force attacks or malicious login attempts.
  • Set Up Two-Factor Authentication for Admins and Editors: Two-factor authentication requires admin users to provide a token generated by the Google Authenticator app for access. Enabling this option will prompt all admin and editor users to set up two-factor authentication in the Authenticator app upon their next login.
  • Disable Common Usernames: Using common usernames like “admin” poses a security threat that often leads to unauthorized access. Enabling this option will prevent the creation of common usernames. If you already have one or more users with weak usernames, you’ll be prompted to provide new ones.
  • Limit Login Attempts: Restrict the number of times a specific user can attempt to access our wp-admin with incorrect credentials. Once the attempt limit is reached, the IP from which the attacks originated will be blocked for the first hour. If attempts continue after the first hour, the limit will extend to 24 hours and then to 7 days.

Post-Hacking Actions

  • Reinstall All Free Plugins: By doing this, you’ll reinstall the same version of all free plugins that are currently installed. This ensures that the codebase of these plugins remains uncompromised by any malicious users.
  • Force Password Reset: All users will be required to change their passwords upon their next login. All currently logged-in users will be immediately logged out.
  • Log Out All Users: This action will log out all currently logged-in users without requiring them to change their passwords.

We also have an activity log where we can monitor all activities of our registered users and the activities of unknown users. This log can access data including:

Registered users

  • Timestamp: We can see the date and time of the activity carried out.
  • User: We can see the user’s email or username.
  • IP Address: We can see an accurate IP address, such as the IP address and the company being used, like Vodafone or others.
  • Activity: We can see the activity performed, such as updating a page or other actions the user takes within our site.

Unknown User (Visitor or Bot)

We can see the same information as for registered users, and we also have an HTTP response code to check for errors. This allows us to differentiate between humans and bots. In the case of bots, we can take action to block them or employ other measures.

Purpose of Data Processing

  • Data Usage for Security Measures and Attack Prevention
    • Data is utilized to implement security measures and prevent cyberattacks, including unauthorized access attempts and brute force attacks.
  • Data Processing for User Management and Security Monitoring
    • Data processing is employed to manage user access, monitor suspicious activities, and ensure a secure and reliable online environment.

CloudFlare

To ensure the security of our website, we have implemented Cloudflare. This protection service is activated exclusively upon our request, in the event of targeted online attacks against our website. When activated, Cloudflare provides advanced defense that detects and blocks attacks, ensuring that the website remains secure and accessible during the attack. This means that you can continue to use the site reliably even during critical situations.

Data Collected by Cloudflare

  • Name (if provided voluntarily)
  • Email address (if provided voluntarily)
  • Other contact information (if provided voluntarily)
  • Technical information such as IP addresses, visited page URLs, local preferences, and language
  • Cookies and other tracking technologies to monitor website interaction

What does Cloudflare do?

  • DDoS Protection: Cloudflare’s DDoS protection can absorb and mitigate large-scale distributed attacks that attempt to overload our website and cause downtime.
  • Web Application Firewall (WAF): Cloudflare’s WAF helps protect our website from common web application vulnerabilities and attacks, such as SQL injection, cross-site scripting (XSS), and more.
  • Content Delivery Network (CDN): Cloudflare operates a global CDN that can enhance website performance by caching content closer to end-users and reducing latency.
  • Security Analytics: Cloudflare provides security analytics and logs, allowing us to monitor and investigate potential threats and security incidents.
  • Load Balancing: Cloudflare’s load balancing capabilities help efficiently distribute traffic across multiple servers or data centers, improving site reliability and availability.
  • SSL/TLS Encryption: Cloudflare offers SSL/TLS encryption for secure data transmission, helping protect user data and privacy.
  • Bot Mitigation: Cloudflare can detect and mitigate bot traffic, including malicious bots that may scrape our site or engage in fraudulent activities.
  • Rate Limiting: We can set rate limiting rules to protect our website from abusive or excessive traffic from specific IP addresses or user agents.

CloudFlare is managed by the Cloudflare group (Cloudflare Inc. (United States), Cloudflare Ltd. (England), and Cloudflare Pte. Ltd. (Singapore)), whose data is stored in Cloudflare’s data centers. Cloudflare is fully committed to GDPR compliance, as described on their website, and is working towards certification under the EU-US and Switzerland-US Privacy Shield with the Department of Commerce, adhering to the Privacy Shield principles regarding the collection, use, and retention of personal information from EU and Swiss member countries. This enables them to lawfully host EU customer data on their US servers when necessary. They are pursuing this as a second-level compliance mechanism after standard contractual clauses.

For more information, please refer to Cloudflare’s Privacy Policy.

To contact and learn more about the data controller, their privacy policy, or any other inquiries, you can reach out here:

Phone: +1 (650) 319-8930

Address: Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 United States

Other information

TikTok Lead and Other Information

In our TikTok profile, @sabrielecommerce, we offer you the opportunity to contact us to request quotes, information, and assistance regarding our services. Your privacy and the security of your personal data are of utmost importance to us. Below, we provide details on the processing of personal data collected through TikTok leads:

Data Types Collected: Through our TikTok profile, we may collect data such as your name, email address, phone number, and other information that you voluntarily share with us. Additionally, we may have access to publicly available information on your TikTok profile.

Purpose of Processing: The personal data collected will be used exclusively to respond to your quote requests, provide detailed information about our services, and offer personalized assistance. We will not use your data for other purposes without your explicit consent.

Data Sharing: We guarantee that your personal data will not be shared with third parties outside of our organization, unless it is necessary to respond to your requests or to fulfill legal obligations.

Data Retention: Personal data will be retained for the time necessary to fulfill the purposes for which they were collected, unless you request the deletion of your data.

Data Security: TikTok implements rigorous security measures to protect user data. Additionally, we are committed to ensuring the security of personal data collected through our TikTok profile by taking appropriate precautions such as using secure passwords and controlling access to sensitive information.

Your Consent: By using our TikTok services and providing your personal data, you consent to the processing of your data as described in this Privacy Policy. Our Privacy Policy is available through a link on our TikTok profile, and providing your data through the platform implies your consent to these terms.

For a more comprehensive understanding, you can refer to TikTok’s privacy policy.

Publication of Content on Social Media

Our e-commerce website, Sabriel E-Commerce/Sabriel Agency, offers a range of additional services, including graphic design and website development. Furthermore, we share the content created on various social media platforms, including Facebook, TikTok, Instagram, LinkedIn, YouTube, and Twitter. We consider it important to inform you that all the content we create and publish on these platforms is closely related to your interaction with our website.

When you register on our website, you provide your explicit consent to accept our privacy policy and our terms and conditions. This implies that you authorize the publication of the content created on all the aforementioned platforms. We will not further request your specific consent for each publication on social media, as you have previously accepted our terms and conditions during registration.

However, we understand that you may contact us through leads or messaging on TikTok or other platforms and via email without being registered on our website. In this case, before publishing your content, we will send you our privacy policy via email, asking you to accept or decline it. This process ensures that you are fully informed about our terms and conditions before the publication of your content on social media. If you choose not to accept our privacy policy, your content will not be published.

We are committed to providing a detailed and clear privacy policy, ensuring your complete understanding of our terms and your options regarding the publication of content on social media.

Consent Clause for Sharing Collaborations and Testimonials

In accordance with the General Data Protection Regulation (GDPR) of the European Union and international privacy regulations, this clause specifically addresses the consent for sharing videos of collaborations and testimonials:

  • Consent to Share: The user agrees that, in the case of collaborations or testimonials in video form regarding our services, our company may share such materials on our social media profiles, including TikTok, Facebook, Instagram, and related platforms.
  • Explicit Consent Request: Before sharing such materials, we will request explicit consent from the user. For non-registered users on our site, consent will be requested via email, including a reference to our privacy policy.
  • No Sharing without Consent: If the user does not provide consent, or revokes it later, we commit not to share their videos on our social media profiles.

This consent is an integral part of our privacy policy and fully respects the users’ rights in terms of personal data protection.

Privacy Policy Updates

We reserve the right to revise and amend this Privacy Policy as necessary. It is advisable to periodically review this page for any updates. Please be aware that adjustments to this Privacy Policy will be implemented with a notice period of at least 30 days before they take effect. Those who have provided their consent and registered for our newsletter will receive notification of these changes via email. For others, the updates will be visible through a prominent notice displayed on our website, conveying the pertinent information.

Use of Icons from icons8.com

The icons used on this site have been sourced from icons8.com and are subject to icons8.com’s terms and conditions. For further information, please refer to their Terms and Conditions.

Please take a moment to review our Terms and Conditions and have a look at our Cookie Policy to understand data retention periods. Your understanding is crucial for a transparent experience.

Privacy Policy Revision History

Date: [01/10/2023 00:00] Creation of this privacy policy

Date: [15/10/2023 09:42]Change: [Removal of Tawk.to live chat and addition of Messenger Chat as the site’s live chat]

Date: [10/27/2023 09:35]Change: [Addition of the section “Publication of Content on Social Media” and “TikTok Lead”]