Skip to content

Cart

Your cart is empty

Privacy Policy

At Sweet Pain, we take the protection of your Personal Information very seriously.

 

The following Privacy Policy is intended to inform you about how we use your personal information. In doing so, we adhere to the strict provisions of the California Consumer Privacy Act (“CCPA”), as well as the requirements of the General Data Protection Regulation (“GDPR”).

 

Data Controller

The person responsible within the meaning of the CCPA and GDPR is:

 

Sweet Pain,

2372 Morse Ave #1109, Irvine,

CA 92614, USA

 

Web: www.sweetpain.co

E-Mail: support@sweetpain.co

 

Scope

As a matter of principle, we only collect and use personal information from you insofar as this is necessary to provide a functional website and for our content and services, e.g., when you subscribe to our newsletter, register on our website or log in to an existing customer account, or when you order our prints. The regular collection and use of your personal information only takes place with your consent. An exception applies in cases where prior consent is not possible for actual reasons, and the processing of the data is permitted by applicable law.

 

Security

The security of your personal information is a high priority for us. We, therefore, protect your data stored with us by technical and organizational means in order to effectively prevent loss or misuse by third parties. In particular, our employees who process personal information are bound to data secrecy and must comply with it. To protect your personal information, the data is transmitted in encrypted form. You can recognize this by the lock symbol that your browser displays when an SSL connection is established. In order to ensure the permanent protection of your data, the technical security measures are regularly checked and, if necessary, adapted to the state-of-the-art. These principles also apply to companies that process and use data on our behalf and in accordance with our instructions.

 

Purposes of Processing and Legal Basis

We collect, process, and use your personal information for the following purposes:

 

  • Establishment and performance of contractual relationships;
  • Sending newsletters;
  • Marketing measures;
  • Customer satisfaction surveys and analyses;
  • Product evaluations;
  • Customer service and customer support;
  • To process orders for our online range of prints.

 

The processing of your personal information may be based on the following legal grounds:

 

  • Consent: the individual has given clear consent to process personal information for a specific purpose (Art. 6 (1) a) GDPR).
  • Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract (Art. 6 (1) b) GDPR).
  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations) (Art. 6 (1) c) GDPR).
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal information which overrides those legitimate interests (Art. 6 (1) f) GDPR).

 

Duration of Storage and Routine Deletion of Personal Information

We process and store your personal information only for the period of time required to fulfill the purpose of storage or, if this has been provided for, in laws or regulations. After the purpose has ceased to exist or has been fulfilled, your personal information will be deleted or blocked.

 

In the case of blocking, deletion will take place as soon as legal, statutory, or contractual retention periods do not conflict with this; there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.

 

Log Files

If you visit our website for information purposes only, without providing personal information via registration or in any other way, only the Internet connection data that your browser transmits to our server will be processed. Our website collects a series of general data and information with each call, which is temporarily stored in a server’s log files . A log file is created in the course of an automatic protocol of the processing computer system. The following can be recorded:

 

  • Access to the website (date, time, and frequency)
  • How you arrived at the website (previous page, hyperlink, etc.)
  • Amount of data sent
  • Which browser and browser version you are using
  • The operating system you are using
  • Which internet service provider you are using
  • Your IP address, which your Internet access provider assigns to your computer when you connect to the Internet

 

The legal basis for this data processing is the performance of a contract, as the collection and storage of this data are necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly (Art. 6 (1) b) GDPR.

 

In addition, the data serve us to optimize our website and to ensure the security of our IT systems and the processing is based in this respect on our legitimate interest (Art. 6 (1) f) GDPR). For this reason, the data is stored for a maximum of 7 days as a technical precaution.

 

We also use this data for the purposes of advertising, market research, and to design our services to meet your needs by creating and evaluating user profiles under pseudonyms, but only if you have not exercised your right to object to this use of your data (see information on the right to object under “Your rights”).

 

Shopify

We use the store system Shopify of the service provider Shopify International Limited (“Shopify”) to host and display the online store on the basis of processing on our behalf. All data collected on our website is processed on Shopify’s servers. As part of Shopify’s services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc., Canada, the appropriate level of data protection is guaranteed. Further processing on servers other than the aforementioned of Shopify will only take place within the framework communicated below. The legal basis for the data processing is our legitimate interest in providing an appealing website (Art. 6 (1) f) GDPR).

 

Hosting

The hosting services used by us for the purpose of operating our website is Bluehost, 5335 Gate Pkwy, 2nd Floor, Jacksonville, FL 32256, United States. In doing so, Bluehost processes inventory data, contact data, content data, usage data, metadata, and communication data of customers, interested parties, and visitors of our website and services on the basis of our legitimate interests in an efficient and secure provision of the website and services in conjunction with the provision of contractual services and the conclusion of the contract for our services, including but not limited to our services.

 

Use of Cookies

We use so-called cookies on our website. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information, please refer to our Cookie Policy. The legal basis for the use of cookies is your consent (Art. 6 (1) a) GDPR) as well as our legitimate interest (Art. 6 (1) f) GDPR).

Sending Information

We use your data for sending information ordered by you about our offer and other promotions from us to the e-mail address provided by you.

 

  1. a) Newsletter registration on our website

On our website, there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us, i.e., at least your e-mail address. The registration is carried out by means of the so-called double opt-in procedure.

 

After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. For the processing of the data, your consent is obtained during the registration process, and reference is made to this privacy policy. If you register for our newsletter, which informs you about our latest products and services, the personal information you provide in this context (e-mail address) will be processed by us for the purpose of sending you the newsletter. The legal basis for the newsletter is your consent (Art. 6 (1) a) GDPR) as well as our legitimate interest (Art. 6 (1) f) GDPR). You can revoke your consent at any time with effect for the future. The newsletter is sent using the dispatch service provider “MailChimp,” a newsletter dispatch platform of the US provider Intuit Inc.

 

  1. b) Dispatch due to the sale of goods and abandoned shopping cart

If you purchase goods on our website or forget something in your shopping cart, we may send you information on similar goods to your specified e-mail address even without your consent. The legal basis for this data processing is our legitimate interest because advertising related products by way of direct advertising represents a legitimate interest for us as a business and the provider of this website. You may object to the processing of your personal information for the purpose of direct advertising at any time. We will then refrain from further processing for such purposes. You can send us your objection as described below. In addition, you can object to the sending of such newsletters at any time in the future without giving reasons by unsubscribing via the unsubscribe link at the end of each newsletter or by contacting us using at support@sweetpain.co.

 

We would like you to enjoy reading our e-mails. Therefore, we try to only include content that you are likely to be interested in. We, therefore, measure and store opening and click-through rates in your user profile, i.e., whether and when you open our emails, which content of the emails you click on and when, as well as whether and why our emails could possibly not be delivered. We also use this data for statistical purposes.

 

In particular, this serves our legitimate interest to evaluate the performance of the individual newsletter campaigns and define optimization measures to make the newsletter as attractive and suitable as possible for you. The legal basis for the processing is, therefore, our legitimate interest (Art. 6 (1) f) GDPR).

 

Of course, you can unsubscribe from receiving our information at any time, i.e., revoke your consent with effect for the future or object to data processing. For this purpose, you will find a corresponding unsubscribe link in every mail or newsletter. You can also contact us using support@sweetpain.co for cancellation at any time.

 

Contacting Us, Registration, or Placing Orders

  1. a) Contacting us

When you contact us via email or social media, the data you provide will be stored by us based on your consent and the preparation or initiation of a contract, insofar as it is necessary to answer your questions (Art. 6 (1) a) GDPR) and (Art. 6 (1) b) GDPR). Your inquiry is logged in order to be able to prove the contact in accordance with the legal requirements. We delete the data accruing in this context when the respective conversation with you has ended, and your inquiry has been conclusively clarified.

 

  1. b) Registration

On our website, we offer you the opportunity to register by providing personal information. The data entered in the registration form is transmitted to us and stored. Registration is necessary in order to set up your customer account, which you can use to place orders and services. The processing of the data for this registration thus serves the fulfillment of the contract of use or the implementation of pre-contractual measures (Art. 6 (1) b) GDPR). You can delete your customer account at any time on our website, either by using the delete function in your account or by contacting us at support@sweetpain.co.

 

  1. c) Storage of data in the user account

For the conclusion and processing of contracts, we require contact details, such as name, delivery, and billing and e-mail address, as well as information on the type of payment method you have chosen. You can store this data in your user account. In addition, we use your data to maintain our customer database so that only accurate data is stored by us. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it.

 

Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfill our legal information obligations for an effective conclusion of a contract with you (Art. 6 (1) c) GDPR) and (Art. 6 (1) b) GDPR).

 

  1. d) Guest order

You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order.

 

We collect, process, and use the information you provide in the context of a guest order for the purpose of executing the contract. We store the information you provide for the period of processing and handling your order. Afterward, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of deleted to prevent it from being used for other purposes. The processing of the data serves the fulfillment of the contract with you (Art. 6 (1) b) GDPR).

 

  1. e) Order confirmation/dispatch confirmation

In order to process the contract and provide you with our services, for example, the web shop or to send you a package for which a fee is charged, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents, or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is, therefore, necessary to fulfill our legal information obligations for an effective conclusion of a contract with you (Art. 6 (1) c) GDPR) and (Art. 6 (1) b) GDPR).

 

  1. f) Other

Based on our legal obligation (Art. 6 (1) c) GDPR) and our legitimate interest (Art. 6 (1) f) GDPR), we use and store your personal information and technical information to the extent necessary to prevent or prosecute misuse or other illegal behavior on our website, e.g., to maintain data security in the event of attacks on our IT systems (Art. 6 (1) f) GDPR). This also takes place insofar as we are legally obliged to do so, for example, due to official or court orders, and for the exercise of our rights and claims as well as for legal defense (Art. 6 (1) f) GDPR).

 

Disclosure of Personal Information to Third Parties

Your personal information will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of data protection law.

 

  1. a) Disclosure within affiliated companies

We pass on your personal information for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact us using support@sweetpain.co with questions, complaints, or returns, as well as other complaints, they will also receive access to your order data in order to be able to process your request.

 

  1. b) Disclosure to service providers

For the operation and optimization of our website and our services and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the payment and delivery of products, or for order fulfillment or for the dispatch of newsletters, to whom we pass on the data required for the fulfillment of the task (e.g., name, address).

 

Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection measures at the companies we commission. We, therefore, agree on specific data security measures with these companies and monitor them regularly.

 

In contrast to order processing, in the following cases, we transmit data to third parties for their own use in order to process the contract:

 

  • In the case of delivery of goods and the necessary logistics companies and the postal service provider specified when the order was placed.

 

  • In the case of payment for goods to the payment service provider as specified when the order was placed.

 

We do not collect or store any payment transaction information, such as credit card numbers or bank details, during the payment process. You only provide this information directly to the respective payment service provider.

 

  1. c) Disclosure to other third parties

We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offenses or the exercise and enforcement of our rights and claims.

 

Data Transfer to Third Countries

If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of personal information in accordance with Art. 44 of the GDPR and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g., by concluding standard contracts and additional guarantees, supplementary technical and organizational measures, such as encryption or anonymization).

 

Google Analytics

We use Google Analytics, a service provided by Google Inc. This means that the data collected can, in principle, be transmitted to a Google server in the USA, whereby the IP addresses are anonymized by means of IP anonymization so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents future data collection when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=en. The legal basis for this processing is (Art. 6 (1) f) GDPR), our legitimate interest.

 

Your Rights

You are entitled at any moment to enforce the rights available to you. As a California Resident or Citizen, you may have the right to request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:

 

  • the categories and specific pieces of personal information we have collected about you;
  • the categories of sources from which we collected the personal information;
  • the business or commercial purpose for which we have collected or sold the personal information;
  • the categories of third parties with whom we have shared the personal information; and
  • the categories of personal information about you that we have sold or disclosed for a business purpose, and the categories of third parties to whom we sold  or disclosed that information for a business purpose.

You also may have the right to request that we provide you with (1) a list of certain categories of personal information we have disclosed to third parties for direct marketing purposes during the immediately preceding calendar year and (2) the identity of those third parties. In addition, you have the right to request that we delete the personal information we have collected from you.

 

The following rights arise from the GDPR for you as a Citizen of the European Union:

  • Pursuant to Art. 15 GDPR, you may request information about your personal information processed by me. In particular, you can request information about the processing purposes, the categories of personal information, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right of complaint, the origin of your data if it has not been collected by me, about a transfer to third countries or to international organizations, and about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
  • Pursuant to Art. 16 GDPR, you can immediately request the correction of inaccurate or the completion of your personal information stored by me.
  • Pursuant to Art. 17 GDPR, you may request the erasure of your personal information stored by me unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise, or defense of legal claims.
  • Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal information if you dispute the accuracy of the data, the processing is unlawful, I no longer need the data, and you object to their erasure because you need them for the assertion, exercise, or defense of legal claims. You also have the right under Article 18 of the GDPR if you have objected to the processing in accordance with Article 21 of the GDPR.
  • Pursuant to Art. 20 GDPR, you may request to receive the personal information that you have provided to me in a structured, commonly used, and machine-readable format, or you may request that it be transferred to another controller.
  • Pursuant to Art. 7 (3) GDPR, you may revoke your consent once given to me at any time. This has the consequence that I may no longer continue the data processing based on this consent in the future.
  • In accordance with Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work, for this purpose.
  • Right of objection. When your personal information is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal information pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right of objection, which I implement without specifying a particular situation.
  • If the GDPR is applicable to you, you have the right to make a complaint to a data protection supervisory authority at any time.

If you wish to access such personal information or exercise any of the rights listed above, you should apply in writing, providing evidence of your identity. Any communication from us in relation to your rights, as detailed above, will be provided free of charge. However, in case of requests that are manifestly unfounded or excessive, in particular, because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.

 

Social Media

Based on our legitimate interest (Art. 6 (1) f) GDPR), we are present on various “social media” platforms in order to communicate with our customers, interested parties, and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating).

 

In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behavior and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).

 

Updating Your Information

If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or by contacting us at support@sweetpain.co. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

 

Keep in mind that we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.

 

Links to Other Providers

Our website also contains - clearly recognizable - links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their content. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

 

The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.

 

Personal Information and Children

Our services are aimed at people aged 18 and over. We will not knowingly collect, use, or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

 

Data Breaches/Notification

Databases or data sets that include personal information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose personal information may have been compromised. The notice will be accompanied by a description of the action taken to reconcile any damage resulting from the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.

 

Changes

In order to ensure that our Privacy Policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the Privacy Policy has to be adapted due to new or revised offers or services. If you have any questions or comments about our Privacy Policy or wish to exercise your rights under applicable laws, please contact us using the following contact details:

 

Sweet Pain,

2372 Morse Ave #1109, Irvine,

CA 92614, USA

 

Web: www.sweetpain.co

E-Mail: support@sweetpain.co

 

This Privacy Policy was last updated on Monday, September 12, 2023.