Thank you very much for your interest in our products and our company. Data protection is very important to us at Soho Poms (trading as Knauf Jewels Ltd). When you visit our website, contact us, or place an order for our products, we process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally request the consent of the person concerned.
We always process personal data, for example, the name, address, email or telephone number of the person concerned, in accordance with the General Data Protection Regulation (hereinafter “GDPR”) and with the country-specific data protection regulations that apply to Soho Poms. By means of this data protection statement, our company informs the public and, in particular, you as a customer about the type, scope and purpose of the personal data we collect, use, and process. With this data privacy statement, we also inform the persons concerned of their rights.
SohoPoms, as the party responsible for the data processing, has implemented a number of technical and organizational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, security gaps are an intrinsic risk of any Internet-based data transmission, meaning we cannot guarantee absolute protection. Therefore, every person concerned is free to submit personal data by alternative means, for example, by telephone.
The data privacy statement of Soho Poms uses the same terminology as the European regulators when they enacted the GDPR. Our goal is to make our data privacy statement as easy to read and understand as possible for the public, our customers and business partners. To ensure this, we will begin by explaining the terminology used.
- a) Personal Data and Data Subjects
Personal data means any information relating to an identified or identifiable natural person (hereinafter ’data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- b) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- c) Restriction of Processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
- d) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
- e) Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- f) Controller
Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- g) Processor
Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
- h) Recipient
Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients; the processing of those data by those public authorities takes place in compliance with the applicable data protection rules according to the purposes of the processing.
- j) Third Party
Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- k) Consent
Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Contact Data of the Data Controller
The controller as defined by the GDPR, other data protection laws applicable in the member states of the European Union and other data protection regulations is:
Knauf Jewels Ltd
Managing director: Nathalie Sophie Knauf
1 Hallswell Road,
- Data Processing: Purpose and Legal Basis
When you contact us, it will become necessary to collect and process data in a variety of ways. This can happen as soon as you access the homepage and also when you contact us to, for example, ask about our products. We also process data when you order a product. The purposes for which we collect and process data, along with the types of data and legal basis, are outlined below.
- Recording General Data and Information When you visit our website www.sohopoms.com, the browser you use on your end device automatically sends general data and information to the server of our website. This general data and information is temporarily stored in the log files of the server. The following information is recorded without your intervention and stored until automated deletion:
- Internet protocol address (IP address) of the requesting computer
- the Internet service provider of the accessing system
- date and time of access
- name and URL of the retrieved file
- website from which access is made (referrer URL)
- the subpages accessed via an accessing system on our website
- the browser used, its version and, if applicable, the operating system of your computer and the name of your access provider
- other similar data and information used to avert dangers in the event of attacks on our information technology systems
We process this data for the following purposes:
- to ensure trouble-free connection to our website,
- to ensure the user-friendly use of our website,
- to optimize the content of our website and the advertising for it,
- to evaluate system security and stability,
- for other administrative purposes,
- to provide law enforcement agencies with the information they need to prosecute a cyber attack.
The legal basis for this processing is Article 6 (1) s. 1 point (f) GDPR. Our legitimate interest ensues from the listed purposes. Under no circumstances will we collect data to draw conclusions about your person.
- b) Means to Contact us via the Website
Besides data processing when visiting our website for information only, we also collect personal data when you use our contact
- aa) Using our Contact Form
You can always contact us using the form provided on our website, for example, to ask questions about a product and its availability or about your order. This form is available under the link “ ”. When you use the form, you have to provide your name and a valid email address so we know who sent the request and can respond to it. You can provide further information voluntarily within the message itself.
This data processing for the purpose of establishing contact with us takes place in accordance with Article 6 (1) s. 1 point (a) GDPR based on your voluntarily given consent by contacting us or on the basis of Article 6 (1) s. 1 point (b) GDPR for imposing pre-contractual or even contractual measures. Once we have finished processing your request, we will delete the personal data we collected for the purpose of making contact, unless we have concluded a contract with you. In this case, we will continue to process data according to Art. 6 (1) s. 1 point (b) GDPR (see cc below).
- bb) Telephone Call, Fax, or Individual Email Message
You can also contact us by phone, fax, or email without using the contact form. When contacting us by these means, you voluntarily provide your first and last name, telephone number, fax number, and / or email address upon request.
This data processing for the purpose of establishing contact with us also takes place in accordance with Article 6 (1) s. 1 point (a) GDPR based on your voluntarily given consent by contacting us or under Article 6 (1) S. 1 point (b) GDPR for the performance of pre-contractual or contractual measures. Here too, once we have finished processing your request, we will delete the personal data we collected for the purpose of making contact, unless we have concluded a contract with you. In this case, we will continue to process data according to Art. 6 (1) s. 1 point (b) GDPR (see cc below).
- cc) Ordering our Products
When ordering our products via the website www.sohopoms.com, you voluntarily give us your first and last name, full address including street, house number, zip code and place of residence, and, if you are ordering from abroad, also the country to which we are to ship the product(s). We need this data to execute the contract, in particular, to send the purchased products and match the order to the purchaser. In providing this information voluntarily for the aforementioned purposes, the legal basis for this processing is Art. 6 (1) s. 1 points (a) and (b) GDPR. You also disclose your email address. To make a credit card payment, you also provide the name of your credit card company, credit card number, expiration date, and the security code on the back of the credit card.
We delete the collected personal data after dispatching the goods to you together with the invoice and the full purchase price has been settled, unless it is necessary under contract law to continue to store the data (Art. 6 (1) s. 2 point (f) GDPR). This could be the case if, for example, there is a contractual dispute about delivery or payment. Here, we will delete the personal data once the contractual relationship has been terminated completely.
- dd) Sending Information in the Email Newsletter
We will not delete the personal data if, while placing your order, you wish to receive further information and advertisements in our newsletter. In this case, you have provided the information specified under cc) voluntarily in accordance with Art. 6 (1) point (a) GDPR. Here, we will only use the personal data to stay in contact with you. See item 12 below for further information on your cancellation options and rights.
- Transfer to Third Parties to Fulfill the Contract
As far as necessary for the delivery of ordered goods, we will disclose your data to the shipper to fulfill the contract. Our credit institution or the bank named will also receive the data necessary for payment, for example, if you pay using a credit card. The legal basis for this also is Art. 6 (1) points (a) and (b) GDPR. The data will be deleted as soon as the full purchase price has been paid and will only continue to be stored if this is necessary to enforce contractual obligations. If you pay for your order using a payment service provider such as PayPal, the data protection policy of that provider applies in addition to our own, as the payment service provider also collects and processes the data you provide for the payment transaction.
The cookie holds information resulting from the specific end device you use. This does not mean that we immediately become aware of your identity.
On the one hand, cookies help us make our website more user friendly for you. For example, we use session cookies to determine whether you have visited individual pages of our website before. After you leave our website, these cookies are deleted automatically.
We also use temporary cookies stored on your end device for a determined amount of time to optimize the user friendliness of our website. If you visit our website again to use our services, it will automatically recognize you as a returning user and remember your settings and the information you provided so you do not have to enter them again.
We need the data processed by the cookies to safeguard our legitimate interests and those of third parties in conformity with Art. 6 (1) s. 1 point (f) GDPR.
Most browsers accept cookies automatically. You can configure your browser to stop storing cookies to your computer or to always notify you before it creates a new cookie. If you disable cookies completely, you may not be able to use all functions on our website.
- WooCommerce Analytics
You can prevent your browser from storing cookies using the respective settings; however, please note that in doing so, you may not be able to use the full functionality of this website. We use WooCommerce Analytics to ensure that the website functions properly when you visit www.sohopoms.com. The basis is therefore Art. 6 (1) s. 1 point (f) GDPR.
We have no influence on the collected data and data processing procedures, nor are we aware of the full scope of data collection, all purposes of processing, and storage periods. Also, we have no information on how and when WooCommerce deletes the collected data.
Information and contact of the third-party provider in USA: https://woocommerce.com/contact-us
Terms of Service: https://woocommerce.com/support-policy/
- Google Analytics
The IP address your browser transmits for Google Analytics is not combined with other data from Google.
You can prevent your browser from storing cookies using the respective settings in your browser software; however, please note that in doing so, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
We use Google Analytics to analyze the use of our website and to improve it regularly. We can use these statistics to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data are transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6 (1) s. 1 point (f) GDPR.
Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.
Terms of Service: http://www.google.com/analytics/terms/de.html
Information on data protection: http://www.google.com/intl/de/analytics/learn/privacy.html and the data privacy statement: http://www.google.de/intl/de/policies/privacy.
- Use of Social Media Plug-ins
Currently, we are using these social media plug-ins: Facebook, Instagram, Pinterest. We use what is known as the “two-click solution”. That means that when you visit our website, no personal data are transferred to the plug-in provider initially. You can identify the plug-in provider based on the mark on the box above the first letter or the logo. You can communicate directly with the provider of the plug-in using the respective button. Only if you click on the marked field and activate it, will the provider of the plug-in receive the information that you have visited the corresponding website of our online offer. The data listed under item 3 lit a) of this policy will also be transmitted. In the case of Facebook, the IP address is anonymized immediately after being recorded, according to the respective provider in Germany. That means that if you activate the plug-in, your personal data will be transmitted to the respective plug-in provider and stored there (in the case of providers from the United States, the data are stored in the USA.) As the plug-in provider mainly collects the data using cookies, we recommend you delete all cookies using your browser’s security settings before clicking the grayed-out box.
We have no influence over which data are collected or over the data processing, nor do we know the full scope of the data that is being collected, the purposes of processing, or the term of storage. Also, we have no information on how and when the plug-in provider deletes the collected data.
The plug-in provider saves the data it collects in usage profiles and uses it for advertising, market research and/or to adequately design its website. In particular, it makes this evaluation (also of users who are not logged in) to roll out adequate advertisements and to inform other users in the social network about your activities on our website. You have the right to object to the creation of such usage profiles, but need to contact the respective plug-in provider to exercise this right. With the plug-ins, you can interact with social networks and other users to help us improve our offer and make it more interesting for you as a user. The legal basis for the use of plug-ins is in Article 6 para. 1 s. 1 lit (f) GDPR.
The data are transmitted irrespectively of whether you have an account with the plug-in provider or are logged in. If you are logged into the plug-in provider’s social network, the data collected on our website will be immediately associated with the account in that network. When you click on the activated button and, for example, link the website, the plug-in provider will also save this information to your user account and disclose this publicly to your contacts. We recommend you regularly log out of your social network when you are done using it, but especially before activating the button, as this will prevent your activities from being matched to your profile in the plug-in provider’s social network.
For further information on the purpose and scope of the data the plug-in provider collects and processes, please refer to the data privacy policies of the respective provider indicated below. There, you will also obtain additional information about your rights and the possible settings to protect your privacy.
Addresses of the respective plug-in providers and URLs to their data privacy policies:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; for further information on data collection, see: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Personal Data Storage Time if not Already Detailed Above
In all cases for which we have not given detailed information on the duration of the storage of personal data, we will store the data for the term of the statutory retention period. After this period has expired, we will routinely delete the corresponding data, unless it is no longer required for the fulfillment of the contract or the initiation of the contract.
- Rights of Data Subjects
You are entitled to claim the following rights from us regarding your personal data, which will be explained in more detail below:
- right to information and access to personal data
- right to rectification and erasure
- right to restriction of processing
- right to object to processing
- right to data portability
- right to lodge a complaint with a supervisory authority regarding the processing of your personal data
- a) Right to Information and Access to Personal Data
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. Where that is the case, the data subject has access to the personal data and the following information:
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject: any available information as to their source
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Furthermore, the data subject has the right to obtain information on whether personal data are transferred to a third-party country or an international organization. If this is the case, the data subject has the right to be informed of the appropriate safeguards related to the transfer.
- b) Right to Rectification and Erasure
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to have incomplete personal data completed, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement.
- c) Right to Erasure (’Right to Be Forgotten’)
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies and processing is not necessary:
The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
The personal data have been unlawfully processed.
The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Where the Soho Poms, as controller in our company, has made the personal data public and is obliged pursuant to Article 17 (1) GPDR to erase the personal data, the controller, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, provided that processing is not necessary as per Article 17 (3) GDPR.
- d) Right to Restriction of Processing
The data subject has the right to obtain from the controller restriction of processing where one of the following applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
- e) Right to Data Portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and the processing is carried out by automated means provided the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising his or her right to data portability pursuant to Article 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and where the rights and freedoms of others are not adversely affected.
- f) Automated Individual Decision-Making, Including Profiling
The data subject has the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision is (1) necessary for entering into, or performance of, a contract between the data subject and a data controller, (2) authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) based on the data subject’s explicit consent.
If the decision is (1) necessary for entering into, or performance of, a contract between the data subject and a data controller or (3) based on the data subject’s explicit consent, the data controller must implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
- g) Right to Withdraw Consent to Processing of Personal Data
The data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time. As a consequence, the controller will no longer be allowed to continue with the data processing on which the consent was based.
- h) Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, the data subject has the right to lodge a complaint with a supervisory authority or judicial remedy.
- Right to Object
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. This also includes profiling based on those provisions. If the data subject objects, the controller is no longer processes the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
Where Soho Poms processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing. This includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, Knauf Jewels GmbH will no longer process the personal data for such purposes.
Moreover, where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, sending an email to email@example.com suffices. Moreover, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
- Validity of and Amendments to this Data Privacy Statement
This data privacy statement is effective as of April 2019.