PRIVACY DECLARATION

OUR POLICY

Stampin’ Up! takes the protection and security of the data you provide to us very seriously. We treat all personal data with the utmost of care in compliance with the regulations of the EU General Data Protection Regulation (“GDPR”) and other data protection laws. We take every precaution to ensure the security of your data. This data protection declaration applies to the websites stampinup.com, stampinup.ie/ and all websites of Stampin’ Up! demonstrators made available and managed using the Stampin’ Up! DBWS (the “Stampin’ Up! pages”). This data protection declaration supplements the general terms and conditions of Stampin’ Up!

1. TYPE AND NATURE OF THE DATA COLLECTED AND PROCESSED.

1.1 COLLECTION OF PERSONAL DATA DURING REGISTRATION AND THE ORDERING PROCESS

When you register with us, we collect and store your basic personal data such as your name and email address, as well as additional contact information such as your user name and password. We may possibly receive additional information about you through the website (for example, when you set up your personal profile) or through your communication with us.

The legal basis for this processing is Art. 6 para. 1 b) of the GDPR (fulfilment of the contract).

When you place orders on the Stampin’ Up! websites, we need your name, delivery address, billing address, email address, phone number, credit card number and expiration date to process the transaction and notify you of the status of your order.

The legal basis for this processing is also Art. 6 para. 1 b) of the GDPR (fulfilment of the contract).

2. HOW WE COLLECT DATA

2.1 COOKIES

After you log in (using your username and password), Stampin’ Up! uses cookies to identify you for the duration of your visit.

Cookies are small files that are stored on your computer or mobile device, and they identify the device when connecting to our server, as well as providing additional information. Other technologies such as tracking pixels, web bugs, web storage, and similar files serve the same purpose. Cookies are stored on your computer.

One type of cookie expires automatically at the end of your session and is referred to as a session cookie. Your user settings in particular are stored as session cookies, so that you can always use this website in the way you prefer. In addition, Stampin’ Up! stores its users’ settings such as language selection, speech recognition settings and user IDs for various applications in both session cookies and permanent cookies to simplify the use of the website.

You can determine the use of cookies for our website or in general in the settings of your internet browser. Information on how this works can be found on your internet browser’s website (see links below).

• Microsoft Internet Explorer
• Mozilla Firefox
• Apple Safari
• Google Chrome

Deactivating cookies will mean that a number of website functions will no longer operate as intended.

The legal basis for this processing is Art. 6 para. 1 b) of the GDPR (fulfilment of your request) for session cookies and Art. 6 Para. 1 f) of the GDPR (legitimate interest) for other cookies, whereby our legitimacy stems first of all from our interest in the evaluation of the data of the website for its optimisation, and second of all, a data subject can reasonably foresee at the time of the collection of personal data and in view of the circumstances under which it takes place (the above-mentioned measures in particular) that processing for this purpose may possibly take place.

2.2 LOG FILES FOR WEB PAGE VIEWS

Stampin’ Up! uses external tracking services that implement technology to track non-personal information about visitors to this website. The access data is stored in a log file—the server log—every time a page is accessed. The resulting data set contains the following data:

• Your IP address (which can be used to uniquely identify your computer)
• The name and IP address of the computer requesting the page (remote host)
• The time, status, amount of data transferred and website from which you accessed the requested page (referrer)
• The product and version information of the browser you used (user agent)

A standardised file format for the web server log is used for this purpose. Provided that this data is not absolutely necessary for the technical maintenance of the system or system security, it is immediately anonymised, and the original logs deleted. Anonymisation takes place through the removal or shortening of the IP address by assigning a code that is not assigned to any specific user. This means that assignment to a specific or identifiable person is no longer possible. Stampin’ Up! uses log data (log files) exclusively in anonymous form for statistical evaluations, without any link or references to your personal data. This enables us to detect possible program errors or incorrect links, and to continuously developand improve the website. Stampin’ Up! does not link page views and usage information to individual people.

The legal basis for this processing is Art. 6 para. 1 b) of the GDPR (fulfilment of your request).

2.3 WEB ANALYSIS SOFTWARE

In addition to the technologies used to execute the page functions, we also employ web analysis software.

Data collected by this software may include:

The time and duration of the visit, the pages visited, the browser used, add-ons/plug-ins, search engines and referrer URLs.

Cookies can be used to distinguish individual visitors from one another, but the data collected does not allow any identification of individuals.

The web analysis is carried out by Google Analytics, a web analysis service provided by Google, Inc. (“Google”), among others. Google Analytics uses “cookies”—text files stored on your computer—to be able to analyze how you use the website. Due to the activated anonymisation of the data collected, Google shortens your IP address in the member states of the European Union or in other signatory states to the Agreement on the Establishment of a European Economic Community, and only then does it transmit it to the USA.

The complete IP address is only transmitted to a Google server in the USA and then shortened there as an exception. On behalf of the operator of this website, Google will use this information to evaluate your usage of the website, to generate reports on website activity for the website operator and to provide other services associated with website activity and internet use. The IP address transmitted by your browser in connection with Google Analytics is not combined with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data by the cookie and relating to your use of the website and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

For more information on the use of data and the data protection declaration of Google Analytics, please visit: https://www.google.com/analytics/terms/gb.html or https://www.google.com/intl/en/policies/privacy/. Stampin’ Up! uses Google Analytics exclusively in connection with the “gat._anonymizeIp();” extension, so that IP addresses are only stored in shortened, and thus anonymised, form.

The legal basis for such processing is Art. 6 para. 1 f) of the GDPR (legitimate interest) for web tracking technologies, whereby our legitimacy stems first of all from our interest in the evaluation of the data of the website for its optimisation, and second of all, a data subject can reasonably foresee at the time of the collection of personal data and in view of the circumstances under which it takes place (the above- mentioned measures in particular) that processing for this purpose may possibly take place.

2.4 TRACKING PIXELS (WEB BEACONS / WEB BUGS)

We may use software technology called tracking pixels (also known as web beacons / web bugs) to help us manage the content on our website better by determining the greatest effectiveness.

Tracking pixels are tiny graphics with a unique identifier that function in a manner similar to cookies and are used to track the online movements of web users. Unlike cookies, which are installed on the hard drive of the user’s computer, tracking pixels are invisible. We do not link the data collected by tracking pixels to our customers’ personal data.

We may use tracking pixels in our HTML emails to track which emails have been opened by recipients. This enables us to evaluate the effectiveness of certain communications and of our marketing campaigns.

2.5 EMAILS

All email messages sent by us that are subject to archiving requirements are stored by us and every email that can be regarded as a business letter or is relevant for tax purposes will not be deleted during the period of the legal obligation to keep records in accordance with tax, commercial, and other applicable laws of the United Kingdom. Furthermore, we collect all email addresses to which messages could not be delivered to enable us to request a current email address. Email messages from Stampin’ Up! may contain graphics or links, the accessing of which allows us to determine whether an email message has been opened. This is done anonymously.

3. PURPOSE OF DATA COLLECTION AND DATA STORAGE

The collection, storage, processing and use of data serves to simplify, administer and further develop the website, to process your orders and to implement Stampin’ Up’s compensation plan; the legal basis according to the GDPR can be found in this data protection declaration or in the corresponding data protection declarations for demonstrators and customers. As part of our ongoing development, we utilise anonymous statistics on the use of our services.

Stampin’ Up! and your Stampin’ Up! demonstrator are permitted to use your email address, mailing address and/or telephone number to provide you with the customer service you have requested or to contact you regarding the status of orders, problems with products, and order processing, as well as other customer service questions.

Stampin’ Up! and your Stampin’ Up! demonstrator will also send you emails for various reasons, to confirm orders, for example.

The legal basis for this processing is Art. 6 para. 1 b) of the GDPR (fulfilment of your request).

These emails may also contain information about our services, new product offers and promotions, provided you have agreed to the usage of your email address for this purpose.

The legal basis for this processing is Art. 6 para. 1 a) of the GDPR (consent).

You can withdraw this consent at any time. Simply contact your demonstrator or send an email to Stampin’ Up! at supportie@stampinup.com.

4. WHO DO WE DISCLOSE YOUR PERSONAL DATA TO?

Stampin’ Up! will not share personal information with third parties for the purposes of their marketing or other purposes unless you have given your explicit consent, or the sharing of information is required by law.

4.1 EMPLOYEES AND CONTRACTUAL PARTNERS

Your data may be transferred to Stampin’ Up! Europe GmbH in Germany, Stampin’ Up! Inc. in the USA, and Stampin’ Up! employees and third parties who provide technical or organisational services for Stampin’ Up! and are bound by instructions.

The legal basis for this processing is Art. 6 para. 1 b) of the GDPR (fulfilment of your request) and Art. 28 of the GDPR (order processing).

4.2 PAYMENT PROCESSING

In the case of payment processing for orders placed on a demonstrator business website (“DBWS”), the data for processing the payment transaction is passed on to the payment service provider who is bound by instructions. Your demonstrator receives very little data; the demonstrator is only informed whether the transaction has been completed. Your demonstrator will not receive any information about your account in these cases. (see 6. Below for safeguarding data protection when transferring data abroad)

The legal basis for this processing is Art. 6 para. 1 b) of the GDPR (fulfilment of your request) and Art. 28 of the GDPR (order processing).

4.3 REPRESENTATIVE/SERVICE PROVIDER

We use the services of other companies such as shipping companies for transporting orders and credit card companies for billing. These service providers are prohibited from using your personal information.

The legal basis for this processing is Art. 6 para. 1 b) of the GDPR (fulfilment of your request) and Art. 28 of the GDPR (order processing).

4.4. INDEPENDENT DEMONSTRATORS

Stampin’ Up! grants rights to sell its products to independent contractors (“Independent Demonstrators”).

Independent Demonstrators are not employees of Stampin’ Up! Therefore, Stampin’ Up! has no control over the collection, use or disclosure of personal information by Independent Demonstrators for marketing or other purposes, nor does Stampin’ Up! assume any responsibility or liability for this. If you provide an Independent Demonstrator with information through this website, Stampin’ Up! will have access to this information and the information will be handled in accordance with this data protection declaration. Independent Demonstrators may provide Stampin’ Up! with information about their customers, which Stampin’ Up! will handle in accordance with this data protection declaration upon receipt of the information.

If you are a customer of an Independent Demonstrator, please contact your demonstrator directly to learn about their data protection practices.

4.5 TRANSFER AS A CONSEQUENCE OF A CHANGE IN LEGAL ENTITY

Stampin’ Up!’s ownership rights may be transferred by merger, acquisition by another company or sale of all or part of its assets, in which case your personal information may also be included in the transferred assets.

We will notify you by email and on our website of any such changes and the protection of your data in this case.

The legal basis for this processing is Art. 6 para. 1 f) of the GDPR (legitimate interest) for the transfer of data in the event of business and ownership changes, whereby our legitimacy stems first of all from our business interest in the corresponding change in assets and second of all, a data subject can reasonably foresee at the time of the collection of personal data and in view of the circumstances under which it takes place (in particular with regard to the aforementioned measures for your possibilities of the handling of your data) that processing for this purpose may possibly take place.

4.6 DISCLOSURE OBLIGATIONS

In some cases, we may be required to disclose your information to public authorities to comply with legal requirements. In such cases, we will take appropriate measures to ensure the confidentiality of your data.

The legal basis for this processing is Art. 6 para. 1 c) of the GDPR (legal obligation).

5. DATA SECURITY

Stampin’ Up! takes precautions to ensure that your data is protected against loss, modification and improper use. Stampin’ Up! uses firewalls that are constantly updated and meet industry standards, and also uses other security systems. Unfortunately, it is impossible to provide absolute protection against attacks by new viruses or other methods of attacking the secure data systems of internet services. However, Stampin’ Up! will initiate civil and criminal proceedings against any attack by hackers and the like, and will notify you of any cases in which your data has been compromised.

Stampin’ Up! uses Secure Socket Layer (SSL) for the encrypted transfer of sensitive data, such as the password for your account and billing information, including credit card information, from your web browser to our web server.

6. DATA TRANSFER OUTSIDE THE EU

Stampin’ Up! Adheres to the requirements of Art. 44ff. when transferring data outside the EU. GDPR observes in particular the ECJ ruling “Schrems II” on the corresponding contractual and technical safeguarding of data protection when transferring data abroad.

7. ACCESS, RECTIFICATION AND ERASURE

As the data subject of data processing, you have various rights:

• Right to revocation of consents: You can revoke any consents you have given to us at any time. Data processing based on the revoked consent may then no longer be continued in the future.
• Right of access: You can request information about your personal data processed by us. This particularly applies to the purposes of data processing, the categories of personal data, if applicable the categories of recipients, the duration of the storage period, if applicable the origin of your data and if applicable the existence of automated decision making including profiling and if applicable meaningful information on the details thereof.
• Right to rectification: If you change or correct the stored data and delete old entries, the previously entered data is automatically and completely deleted. A specific request for correction or deletion is not required. You can edit your personal data at any time by going to https://www.stampinup.ie/. However, you can also demand the correction of incorrect personal data or the completion of your personal data stored by us.
• Right to erasure: You may request the deletion of your personal data stored with us, insofar as the processing thereof is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
• Right to restriction of processing: You may request that the processing of your personal data be restricted if you dispute the accuracy of the data, or if the processing is unlawful but you refuse the deletion of it. You also have this right if we no longer need the data, but you need it to assert, exercise or defend legal claims. In addition, you have this right if you have objected to the processing of your personal data.
• Right to data portability: You may request that we provide you with the personal data you have provided to us in a structured, common and machine-readable format. Alternatively, you can request the direct transmission of the personal data you have provided to us to another responsible party, as far as this is possible.
• Right to lodge a complaint: You may complain to the supervisory authority responsible for us, for example if you believe that we are processing your personal data illegally.

If we process your personal data based on a legitimate interest, you have the right to object to this processing. If you wish to exercise your right of objection, you only need to notify us in writing. You are welcome to write us a letter, send us a fax or send us an email.

The decision to establish a contractual relationship may be based on automated processing of personal data for the purpose of assessing individual personality traits. In the event of a decision rejecting the application, you have the right to assert your position against us and to have the decision reviewed. However, there is no obligation to conclude a contract.

8. CHANGES TO THIS DATA PROTECTION DECLARATION

Stampin’ Up! reserves the right to make changes to this data protection declaration. Any changes to this declaration will be effective upon the posting of the revised declaration on the internet or in accordance with legal requirements.

9. CONTACT INFORMATION

Your trust is important to us. For this reason, Stampin’ Up! would like to keep you extensively informed at any time about the processing of your personal data. If you would like more detailed information on any topic, please do not hesitate to contact us:

Stampin' Up! Ireland Limited

25-28 North Wall Quay
Dublin 1
D01 H104
Ireland

Phone: 00800 31 81 82 00
Email: supportie@stampinup.com

To contact us with questions, complaints, or comments regarding the processing of your personal data, please email privacy@stampinup.com.

10. LINKS TO OTHER WEBSITES

This website contains links to other websites which are neither owned by Stampin’ Up! nor under the control of Stampin’ Up! Please note that Stampin’ Up! bears no responsibility for the data protection practices of such websites.

When you leave this site, you should read the data protection declarations of each target website that collects personal information. This data protection declaration only applies to the information collected on this website.

11. SOCIAL PLUGINS

Data protection notice when using Facebook plugins:

We have embedded plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA, 94304, USA, into our website. You can recognise these plugins by the Facebook logo on this website. A list of Facebook plugins can be found at: https:// developers.facebook.com/docs/plugins/. When you visit a page on our website with a Facebook plugin, a direct connection is established between your browser and a Facebook server. Using this connection, the plugin provides Facebook with the information that you have accessed a specific page of our website with your IP address. If you click the “like” button on Facebook while logged into your Facebook account, you can link content from our website to your Facebook profile. Facebook can then connect your Facebook account to your visit to this website. Information on Facebook’s data protection policy can be found at: https://de-de.facebook.com/policy.php. If you do not want Facebook to be able to connect your visit to our website with your Facebook account, please log out of Facebook.

The legal basis for this processing is Art. 6 para. 1 a) of the GDPR (consent).