Privacy Policy of Spicy Stores

This Website collects some Personal Data from its Users.

Personal Data collected for the following purposes and using the following services:

    • Advertising

      • Direct Email Marketing (DEM)

        Personal Data: email address; first name; last name

      • Facebook Audience Network

        Personal Data: Cookies; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); Usage Data

    • Analytics

      • AdEspresso conversion tracking, Google Analytics, Google Analytics with anonymized IP, Facebook Ads conversion tracking (Facebook pixel), Google Ads conversion tracking, LinkedIn conversion tracking, Twitter Ads conversion tracking and Wordpress Stats

        Personal Data: Cookies; Usage Data

    • Contacting the User

      • Contact form

        Personal Data: email address; first name; last name; various types of Data

      • Mailing list or newsletter

        Personal Data: Cookies; email address; first name; last name; Usage Data

    • Content commenting

      • Facebook Comments

        Personal Data: Cookies; Usage Data

    • Data transfer outside the EU

      • Data transfer abroad based on consent, Data transfer abroad based on standard contractual clauses, Data transfer from the EU and/or Switzerland to the U.S based on Privacy Shield, Data transfer to countries that guarantee European standards and Other legal basis for Data transfer abroad

        Personal Data: various types of Data

    • Displaying content from external platforms

      • Google Fonts

        Personal Data: Usage Data; various types of Data as specified in the privacy policy of the service

      • Google Maps widget, Instagram widget and YouTube video widget

        Personal Data: Cookies; Usage Data

      • Gravatar

        Personal Data: email address; Usage Data

    • Handling payments

      • 2Checkout, CoinPayments and PayPal

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Heat mapping and session recording

      • Smartlook

        Personal Data: Cookies; Usage Data; various types of Data as specified in the privacy policy of the service

    • Hosting and backend infrastructure

      • DigitalOcean

        Personal Data: various types of Data as specified in the privacy policy of the service

      • iubenda Consent Solution

        Personal Data: Data communicated while using the service

    • Infrastructure monitoring

      • New Relic

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Interaction with external social networks and platforms

      • Facebook Like button and social widgets, Google+ +1 button and social widgets, LinkedIn button and social widgets, Pinterest “Pin it” button and social widgets, Twitter Tweet button and social widgets and PayPal button and widgets

        Personal Data: Cookies; Usage Data

      • YouTube button and social widgets

        Personal Data: Usage Data

    • Interaction with live chat platforms

      • Facebook Messenger Customer Chat

        Personal Data: About Me; Cookies; Data communicated while using the service; Usage Data

      • Tawk.to Widget

        Personal Data: Cookies; Data communicated while using the service; Usage Data

    • Location-based interactions

      • Geolocation

        Personal Data: geographic position

    • Managing contacts and sending messages

      • Mailchimp

        Personal Data: Cookies; email address; first name; last name; various types of Data

    • Registration and authentication

      • Direct registration

        Personal Data: address; billing address; city; company name; country; email address; first name; house number; last name; password; phone number; profile picture; shipping address; state; User ID; username; various types of Data

      • Facebook Authentication and Instagram Authentication

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Remarketing and behavioral targeting

      • Facebook Custom Audience and Twitter Tailored Audiences

        Personal Data: Cookies; email address

      • Facebook Remarketing, Google Ads Remarketing, Google Ad Manager Audience Extension, LinkedIn Website Retargeting, Remarketing with Google Analytics and Twitter Remarketing

        Personal Data: Cookies; Usage Data

    • SPAM protection

      • Google reCAPTCHA

        Personal Data: Cookies; Usage Data

    • Tag Management

      • Google Tag Manager

        Personal Data: Cookies; Usage Data

Further information about Personal Data

    • BlueSnap

      BlueSnap is a payment service provided by BlueSnap, Inc., which allows Users to make online payments.
      Personal Data collected: various types of Data as specified in the privacy policy of the service.

      Place of processing: See the BlueSnap privacy policy – Privacy Policy: https://home.bluesnap.com/privacy-policy/

    • Personal Data collected through sources other than the User

      The Owner of this Website may have legitimately collected Personal Data relating to Users without their knowledge by reusing or sourcing them from third parties on the grounds mentioned in the section specifying the legal basis of processing.
      Where the Owner has collected Personal Data in such a manner, Users may find specific information regarding the source within the relevant sections of this document or by contacting the Owner.

    • Privacy Shield participation: data transfers from the EU and Switzerland to the United States

      The Owner participates in and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States. The policies and rights outlined below are therefore equally and explicitly applicable to Users from Switzerland, except if stated otherwise. The Owner has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.

      If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view the Owner’s certification, please visit https://www.privacyshield.gov/ (or find the direct link to the certification list of Privacy Shield participants maintained by the Department of Commerce https://www.privacyshield.gov/list).

      What does this mean for the European User?

      The Owner is responsible for all processing of Personal Data it receives under the Privacy Shield Framework from European Union individuals and commits to subject the processed Personal Data to the Privacy Shield Principles.

      This, most importantly, includes the right of individuals to access their personal data processed by the Owner.

      The Owner also complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, which means that it remains liable in cases of onward transfers to third parties.

      With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, the Owner is subject to the investigatory and regulatory enforcement powers of the FTC, if not stated otherwise in this privacy policy.

      The Owner is further required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

      Dispute resolution under the Privacy Shield

      In compliance with the Privacy Shield Principles, the Owner commits to resolve complaints about its collection or use of the User’s Personal Data. European Union individuals with inquiries or complaints regarding this Privacy Shield policy should first contact the Owner at the contact details supplied at the beginning of this document referring to “Privacy Shield” and expect the complaint to be dealt with within 45 days.

      In case of failure by the Owner to provide a satisfactory or timely response, the User has the option of involving an independent dispute resolution body, free of charge.

      In this regard, the Owner has agreed to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to data transferred from the EU. The User may therefore contact the Owner at the email address provided at the beginning of this document in order to be directed to the relevant DPA contacts.

      Under certain conditions – available for the User in full on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint) – the User may invoke binding arbitration when other dispute resolution procedures have been exhausted.

    • Selling goods and services online

      The Personal Data collected are used to provide the User with services or to sell goods, including payment and possible delivery.
      The Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or any other means of payment envisaged. The kind of Data collected by this Website depends on the payment system used.

    • The Service is not directed to children under the age of 13

      Users declare themselves to be adult according to their applicable legislation. Minors may use this Website only with the assistance of a parent or guardian. Under no circumstance persons under the age of 13 may use this Website.

Contact information

    • Owner and Data Controller

      Business owner (UBO): Ivan Matic
      DBA: Spicy Stores
      Main Address: Dragoljuba Milincica 1a, Negotin 19300, RS, Europe

      Owner contact email: support@spicystores.com