Information about SwapShop

Privacy policy

Last Updated: January 2021

Introduction

 Welcome to Żibel’s privacy notice (this “Notice”).

 Żibel, a non-governmental organisation at registered address: Flat 5, Pindon Place, Triq Selvatico, Saint Julians, STJ4014, Malta (“ Żibel”, “NGO”, “we”; “us”; “our”) respects your privacy and is committed to protecting your personal information or, as otherwise termed, your “personal data”. In that regard, we have launched a unique planet friendly marketplace for second hand clothes available for exchange and handmade accessories and apparel for sale which are all accessible via our website swapshop.fashion (the "Site”). 

The purpose of this Notice is to set out the basis on which we will process your personal data when you:

  • visit and use the Site (regardless of where you visit or use them from);
  • apply for and open an account with us (your “Account”);
  • create new listings on your account;
  • browse the Site to find desirable items;
  • make purchases or exchange/swap clothes or apparel;
  • interact with our support team or report a problem to us.


This includes any data that you may provide for and in relation to our newsletters, updates, events and other marketing and promotional communications.

This Notice also informs you about: (i) how we will handle and look after your personal data, (ii) our obligations in regard to processing your personal data responsibly and securely, (iii) your data protection rights as a data subject, and (iv) how the law protects you. It should be read in conjunction with our IP Address and Cookie Policy.

This Notice is provided in a layered format so you can click through to the specific areas set out below.

  1. Important Information and who we are 
  2. Some key definitions 
  3. The personal data we collect about you 
  4. How is your personal data collected? 
  5. How we use your personal data
  6. Disclosures of your personal data
  7. International transfers
  8. Data security
  9. Data retention
  10. Your legal rights
  11. Changes to this notice


 1. INFORMATION AND WHO WE ARE

 Purpose of this Privacy Notice

 We process your personal data in an appropriate and lawful manner, in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta) (the “Act”) as may be amended from time to time, and the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), subsidiary legislation and regulations promulgated thereunder.

This Notice aims to give information on how we collect and process your personal data in the scenarios outlined above in the ‘Introduction’ (namely, through your use of the Site, including any data that you may provide to us or which we may receive). 

It is important that you read this Notice together with any other privacy notice or policy which we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Notice supplements the other notices and is not intended to override them.

Controller

Żibel as defined above is the controller and responsible for your personal data.

We have appointed a data protection contact point (“DPCP”) who is responsible for overseeing questions in relation to this Notice and our processing activities in general. If you have any questions or requests, including any requests to exercise your legal rights as a data subject, please contact the DPCP using the details set out below.

Contact Details

 Full name of legal entity: Żibel (VO/1465)

Name of DPCP: Żibel

Email address: swapshop@zibel.org

Postal address: Flat 5, Pindon Place, Triq Selvatico, Saint Julians, STJ4014, Malta

Telephone number: 99923889

 You have the right to lodge a complaint at any time to a competent supervisory authority on data protection matters, such as in particular the supervisory authority in the place of your habitual residence or your place of work. In the case of Malta, this is the Office of the Information and Data Protection Commissioner (the “IDPC”) (https://idpc.org.mt). We would, however, appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

 

Last update and Your Duty to Inform Us of Changes

 This Notice was last updated on January 2021. 

 It is imperative that the personal data we hold about you is accurate and current at all times. Otherwise, this will impair our ability to provide you with the availability of our Site (amongst other potential and salient issues). Please keep us informed if your personal data changes during your relationship with us.

Third-Party Links

Our Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices, statements or policies.

 We encourage you to read the privacy notice of every website you visit.

 2. SOME KEY DEFINITIONS

 Set out below are key definitions of certain data protection terms which appear in this Notice. 

“Consent Form” refers to separate documents which we might from time to time provide you where we ask for your explicit consent for any processing which is not for purposes set out in this Notice.

“Data subjects” means living individuals (i.e. natural persons) about whom we collect and process personal data. 

“Data controller” or “controller” means any entity or individual who determines the purposes for which, and the manner in which, any personal data is processed.

“Data processor” or “processor” means any entity or individual that processes data on our behalf and on our instructions (we being the data controller).

“Personal data” means data relating to a living individual (i.e. natural person) who can be identified from the data (information) we hold or possess. This includes, but is not limited to, your name and surname (including maiden name where applicable), address, date of birth, nationality, gender, civil status, tax status, identity card number & passport number, contact details (including mobile and home phone number and personal email address), photographic image, bank account details, emergency contact information as well as online identifiers. The term “personal information”, where and when used in this Notice, shall be taken have the same meaning as personal data. 

“Processing” means any activity that involves use of personal data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.

“Sensitive personal data”, “sensitive data” or “special categories of personal data” includes information about a person's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life, or about the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings. This type of sensitive data can only be processed under strict conditions.

Note that personal data does not include information relating to a legal person (for example, a company or other legal entity). In that regard, information such as a company name, its company number, registered address and VAT number does not amount to personal data in terms of both the Act and the GDPR. Therefore, the collection and use of information strictly pertaining to a legal person does not give rise to data controller obligations at law. Naturally, we will still treat any and all such information in a confidential and secure manner. 

  1. 3.0 THE PERSONAL DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified (as stated above). It does not include data where the identity has been removed (anonymous data). In the course of your relationship with us (including during the account opening stage), we may collect, use, store and transfer different kinds of personal data about you which we have grouped together. For avoidance of doubt, categories marked in blue are only applicable to customers (i.e. individuals who hold a registered customer account with us).

  •  Identity Data includes your first name, last name, address, username or similar identifier, title, nationality, date of birth, profile photo and gender. This will form part of your account information on the Site.
  • Contact Data includes your billing address, email address and contact number (telephone and/or mobile).
  •  Transaction Data includes details about:
    • open orders which you may have;
    • your history of exchanges and overall activity on the Site; and the payments which we receive.
  • Technical Data includes the IP address, your login data to the Site (username and password), device type, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other technology on the devices you use to access the Site.
  • Usage Data includes information about how you use the Site.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

 We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the Site. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

If you Fail to provide Personal Data

Where we need to collect personal data about you:

  • by law; or
  • under the terms of, or in connection with, the contract that we have with you (as discussed in Section 1 above); or
  • as part of our legitimate (business) interests to verify the identity of our applicants and clients, mitigate against risks (such as potential or suspected fraud) and in particular, to assess and take a decision on whether we will or should enter into a relationship with you (as subject to our client acceptance criteria and policies);

and you either fail to provide that data when requested, or else provide incomplete or insufficient data, we may not be able to perform or conclude the contract which we have or are otherwise trying to enter into with you (namely regarding your account opening on the Site).

Sensitive Personal Data

 We do not knowingly collect Special Categories of Personal Data (or Sensitive Personal Data) about you. Should we receive sensitive personal data about you, we will only process that data where there is a legitimate reason to do so and, in all circumstances, in accordance with our obligations at law and under the appropriate safeguards.

Any further processing of such sensitive personal data about you will be necessary for reasons of substantial public interest, on the basis of an applicable law that is proportionate to the aim pursued and provides for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

There may be other occasions where we may need to process your sensitive personal data, namely where:

  • the processing is necessary for the detection or prevention of crime (including the prevention of fraud) to the extent permitted by applicable law or regulation;
  • the processing is necessary for the establishment, exercise or defence of legal rights.

We will only process information about your criminal convictions and offences (actual or alleged) to the extent required or permitted by applicable law.

4. HOW IS YOUR PERSONAL DATA COLLECTED?

(A)      Account Registration and Opening.

 We will ask you to provide us with your Identity Contact when you apply to register and open an account with us on our Site. You provide these personal details and information to us, which we collect and process, when you fill in and submit our application form (together with other related forms) and complete our required application steps.

 Your Account Data will be generated on the basis of your registration and use of the Site, and is also processed and stored by us.

(B)       Direct Interactions.

 You may also give us your Identity and Contact by filling in our other forms (i.e. separate to our account opening and registration form), or by corresponding with us by post, phone, e-mail or otherwise. This includes personal data that you provide when you, as applicable:

  • apply to open an account;
  • update or edit your account details;
  • request withdrawals from your Account;
  • contact us with complaints or queries;
  • report issues;
  • request marketing to be sent to you;
  • participate in a survey; or
  • provide us with feedback.

(D)      Automated Technologies or Interactions.

 As you interact with the Site, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our IP Address and Cookie Policy at [insert link] for further details.

(E)       Third Parties or Publicly Available Sources.

 We may receive personal data about you from various third parties and public sources, as set out below:

  • Technical Data from the following parties:
    • analytic providers such as Google Analytics;
    • social media platforms such as LinkedIn, Facebook and Instagram;
  • Identity, Contact, AML / KYC Data from publicly available sources such as public court documents, the RoC and the company houses and registers of other jurisdictions, and from electronic data searches, online KYC search tools (which may be subscription or license based), anti-fraud databases and other third party databases, sanctions lists, outsourced third-party KYC providers and from general searches carried out via online search engines (e.g. Google).

 We may also receive customer due diligence reports about our applicants from our outsourced third-party AML/KYC service provider. These reports may include identity checks, checks against global sanctions lists, enforcement agencies databases general Internet searches and related screening and monitoring measures. In such cases, the third party service provider will conduct the necessary due diligence checks in an autonomous manner and will generally amount to a controller of the personal data which it collects in connection with those checks. It has its own data policies and practices, a link to which shall be notified to the user.

5. WE USE YOUR PERSONAL DATA

 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you in respect of your customer relationship with us.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Purposes for which we will Use your Personal Data

 We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at swapshop@zibel.org if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below:

Purpose/Activity

Type of Data

Lawful Basis for Processing (including Basis of Legitimate Interest)

 

To open and register your account with us

 

(a) Identity

(b) Contact

 

(a) Performance of a contract with you

To provide you with the necessary tools for the functioning of the account, in particular, to be able to redirect you to the right part of our website to get the products that you want faster, or help you keep track and save items you like on site.

(a) Identity

(b) Contact

(c) Transaction

 

(a) Performance of a contract with you

 

(b) Necessary for our legitimate interest to collect and recover debts and prevent fraudulent transactions

 

(c) To help you get the best out of our Site and your account

(i) To conduct due diligence checks on you (following your application to open and register an account).

(ii) To determine if we will enter into a relationship with you and accept to effect any exchanges or transactions you may request on our Site.

 

(a) Identity

(b) Contact

 

 

 

(a) Performance of a contract with you.

(b) Necessary for our legitimate interests, including to establish and verify:

- your identity and suitability for our Site,

- the existence of any risks that you may present as a prospective customer;

 

(i) To establish and verify your identity. In particular, this is done to be able to identify you when you contact us our visit our Site.

 

(a) Identity;

(b) Contact;

(c) Transaction;

 

 (a) Necessary to comply with a legal obligation.

(b) Necessary for our legitimate interests (for risk assessment purposes, to prevent and mitigate against fraud, to safeguard the reputation of our business).

 

For legal, tax and accounting purposes (e.g. reporting to tax authorities, and accounting record requirements).

 

To keep a record of any financial transactions with you.

 

 

(a) Transaction.

 

Necessary to comply with a legal obligation.

 

To detect, prevent and report fraudulent or suspicious actions.

 

(a) Identity;

(b) Contact

(c) Transaction.

 

(a) Necessary to comply with a legal obligation (where applicable)

(b) Necessary for our legitimate interests, including in particular to:

- protect the reputation of our business;

- avoid any complicity or association with fraud;

- report fraudulent or otherwise suspicious orders that we receive (or which later came to our knowledge) to relevant public authorities.

 

 

To manage our relationship with you, including in particular to

(i) notify you about changes to our terms and conditions or privacy notices;

(ii) inform you about changes to our Site;

(iii) provide you with customer support and assistance;

(iv) ask you to participate in a survey;

(v) request feedback from you;

(vi) inform you about our events;

(vii) administer your account;

(viii) provide you with any other information or materials that you have requested to receive from us;

(ix) manage disputes with you;

(x) to identify and correct issues with the Site;

(xi) manage your participation in any promotions, offers or discount schemes you choose to participate in.  

 

 

(a) Identity;

(b) Contact;

(c) Account;

(d) Transaction;

(e) Usage;

(f) Marketing and Communications.

 

 

(a) Performance of a contract with you.

(b) Necessary for our legitimate interests (for ‘customer care’, to study how clients use our Site, to assess our operations and the quality of our service, to develop them and grow our business).

 

 

To administer and protect our business, including the Site, (including troubleshooting, data analysis, testing, system maintenance, support, safety and security testing, reporting and hosting of data).

 

(a) Identity;

(b) Contact;

(c) Technical;

(d) Account.

 

(a) Necessary for our legitimate interests (for running and administering our business and organisation, network security, to prevent fraud, and in the context of a business reorganisation or group restructuring exercise).

(b) Necessary to comply with a legal obligation.

(c) Performance of a contract with you.

 

 

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising which we serve to you.

 

To ensure that our content is presented in the most effective manner for you and your computer and devices, and in a user friendly manner.

 

(a) Identity;

(b) Contact;

 (c) Account;

(d) Usage;

(e) Marketing and Communications;

(f) Technical.

 

Necessary for our legitimate interests (to study how clients use our Site, to develop our clientele, to grow our business and to inform our marketing strategy).

 

To use data analytics to improve the Site, marketing, customer relationships and experiences.

 

(a) Technical;

(b) Usage.

 

Necessary for our legitimate interests (to define types of clients that have registered an account on our Site, to keep the Site updated and relevant, to develop our business and to inform our marketing strategy).

 

 

We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at the following email address: swapshop@zibel.org or by submitting a request via the “Contact us” form on our site.

Marketing 

We strive to provide you with choices regarding certain personal data uses in relation to your account. Through your Account, Identity, Contact, Technical, Usage and Marketing and Communications Data, we can form a view on what we think you may want or need. We will send details as to how you may enhance your trading activity in relation to the account.

You may receive marketing communications from us (which may consist of newsletters, industry updates, mailshots, publications, promotional materials and/or information about our events) where:

  • you provide your consent to receiving such marketing material; or
  • you have an ongoing commercial or contractual relationship with us (e.g. where we consider you to be an active customer and user of the Site); and
  • provided you have not opted out of receiving marketing from us (see Your right to object below).

Third-Party Marketing 

 We will get your express opt-in consent before we share your personal data with any third parties (including our associated or related corporate entities) for marketing purposes. 

 Opting Out

 You can ask us to stop sending such advertising and marketing communications at any time by:

  • following the opt-out links on any marketing message sent to you;
  • contacting us at any time at swapshop@zibel.org or by submitting a request via the “Contact us” form on our site.

 Where you opt out of receiving such communications, this will not apply to personal data processed or provided to us as a result of your entry into a customer relationship with us.

Change of Purpose 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, or we are obliged to process your data by applicable laws or court or other enforceable orders.

 If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at swapshop@zibel.org or by submitting a request via the “Contact us” form on our site.

 If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

 Please note that we may process your personal data without the need to obtain your consent, in compliance with the above rules, where this is required or permitted by law.

  1. 6.0 DISCLOSURES OF YOUR PERSONAL DATA

 We may have to share your personal data with the parties set out below for the purposes set out in the table in Section 5 above.

 Information available to other users through the Site:

  • When you list an item for sale on the Site, information you add to the listing will be made publicly available such as the item photograph, price, item description, accepted payment method and delivery options;
  • When you create an account on the Site, a user profile will be created for you that makes the following information publicly available: user name, country and city/town location, your followers and who you are following, and details about the items you are selling. If you add any of the following information to your profile this will also be made publicly available: profile picture, profile description and website address. We will not directly reveal user email addresses to other users, however we may pass your email address, address and contact number to a seller where you have purchased an item.

Information we may share to other parties: 

  • External third parties: this includes the website host who helps us run our business – Kreezalid , an SaaS platform (https://www.kreezalid.com/).
  • Suppliers and external agencies that we engage to process information on our and/or your behalf, including to provide you with the information and/or materials that you have requested.
  • Our partners, associates and agents where necessary to facilitate your relationship with us.
  • The Commission for Revenue, regulators, law enforcement agencies and other authorities who require reporting of processing activities, or may request information from us, in terms of applicable law and in certain circumstances.
  • Professional advisers including but not limited to consultants, lawyers and auditors.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets (successors in title). Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law (including applicable data protection and privacy law). We do not allow our third party business partners or service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions. Furthermore, these third parties access and process your data on the basis of strict confidentiality and subject to the appropriate security measures and safeguards.

 

We may also disclose your data if we are under a duty to disclose or share your personal data to comply with any legal obligation, judgment or under an order from a court, tribunal or authority.

We may also disclose your data to enforce our contractual terms against you, or to protect our rights, property or safety, and that of other users of the Site. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

 7. INTERNATIONAL TRANSFERS

 We do not generally transfer your personal data to entities outside the European Economic Area (“EEA”) except as may be necessary to: (i) enable your use of the Site, (ii) fulfil our contractual obligations to you or exercise our contractual obligations against you, (iii) comply with our legal or regulatory obligations or (iv) assert, file or exercise a legal claim. Where we do need to transfer your personal data outside the EEA (whether for these stated purposes or any other purpose listed in Section 5 above), we will ensure a similar degree of protection is afforded to that personal data by ensuring at least one of the following safeguards applies or is otherwise implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • In the absence of an adequacy decision, we will use standard contractual clauses that have been approved by the European Commission.
  • Where we use providers based in the U.S., we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.


8. DATA SECURITY

 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 9. DATA RETENTION

 How long will you use my personal data for?

 Please note that we consider our relationship with you to be an ongoing and continuous customer relationship, until terminated.

 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for (i.e. the ongoing service provision) and, thereafter, for the purpose of satisfying any legal, accounting, tax and reporting requirements or obligations to which we may be subject and/or to the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you.

 By and large, our retention of your personal data shall not exceed the period of five (5) years from the date of the termination of your relationship with us (which would typically arise from the closure/de-registration of your account on the Site). This period of retention enables us to use the data in question for the possible filing, exercise or defence of legal claims (taking into account the timeframe of applicable statutes of limitation and prescriptive periods). In certain cases though, we may need to retain your data for a period of up to ten (10) years in order to comply with applicable accounting and tax laws (this will primarily consist of your Transaction Data). In the event that Żibel’s activities are held by competent legislators and regulators to amount to a ‘relevant activity’ at law, we will retain your AML and KYC Data for the duration of your business relationship with us and for a further period of five years following its termination and, in certain instances, for a maximum period of ten (10) years post-termination if mandated by the FIAU or other applicable competent authority. We may need to revise this AML retention period in the event of applicable legal or regulatory developments, but we will notify you if this is the case at the time.

 In some circumstances, you can ask us to delete your data. See below for further information.

 Kindly contact our DPCP for further details about the retention periods that we apply.

 Data Minimisation

 Whenever and to the extent possible, we anonymise the data which we hold about you when it is no longer necessary to identify you from the data which we hold about you (anonymous data).

 In some circumstances, we may even anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice.

10. YOUR LEGAL RIGHTS

 Under certain circumstances, you have rights under data protection laws in relation to your personal data.

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

 If you wish to exercise any of the rights set out above, please contact us at swapshop@zibel.org or by submitting a request via the “Contact us” form on our site. These rights are explained below.

No Fee usually required

 You will not normally have to pay a fee to exercise your data subject rights.

 However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in the above circumstances.

What we may need from you

 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other data subject rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to Respond

 We try to respond to all legitimate requests within the period of one month from receipt of the request.

 Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 Your Legal Rights

 You have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You may send an email to swapshop@zibel.org or by submitting a request via the “Contact us” form on our site. requesting information as the personal data which we process. You shall receive one copy free of charge via email of the personal data which is undergoing processing. Any further copies of the information processed shall incur a charge of € 10.00.
  • Right to information when collecting and processing personal data about you from publicly accessible or third party sources. When this take places, we will inform you, within a reasonable and practicable timeframe, about the third party or publicly accessible source from which we have collected your personal data.
  • Request correction or rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data you provide to us. As mentioned, it is in your interest to keep us informed of any changes or updates to your personal data which occur during the course of your relationship with us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where:
    •  there is no good reason for us continuing to process it;
    • you have successfully exercised your right to object to processing (see below);
    • we may have processed your information unlawfully; or
    • we are required to erase your personal data to comply with local law.

 Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. These may include instances where continued processing is necessary in order to be able to: comply with a legal or regulatory obligation to which we are subject; or establish, exercise or defence of legal claims.

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes (see Marketing in Section 5 above).

 In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
    • if you want us to establish the data's accuracy;
    • where our use of the data is unlawful but you do not want us to erase it;
    • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    • you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  •  Request the transfer (data portability) of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data (which will not generally be the case). This will not however affect the lawfulness of any processing which we carried out before you withdrew your consent. Any processing activities that are not based on your consent will remain unaffected.

Kindly note that none of these data subject rights are absolute, and must generally be weighed against our own legal obligations and legitimate interests. If a decision is taken to override your data subject request, you will be informed of this by our data protection team along with the reasons for our decision.

 11. CHANGES TO THIS NOTICE

 We reserve the right to amend or revise this Notice in the future, particularly where we need to take into account and cater for any (i) business developments and/or (ii) legal or regulatory developments to the issuance or trading of cryptocurrencies and virtual financial assets under applicable law.

 Changes, revisions and amendments to this Notice will be duly notified to you.

 If you have any questions regarding this Notice, or if you would like to send us your comments, please contact us today or alternatively write to us using the details on our website.


IP ADDRESS AND COOKIE POLICY

Last Updated: 26 January 2021

1.        INTRODUCTION

Welcome to Zibel’s IP Address and Cookie Policy (the “Policy”).

We, Zibel of Flat 5, Pindon Place, Triq Selvatico, Saint Julians STJ4014, Malta (“we”; “us”; “our” “non-governmental organisation” “NGO” or the “Company”) collect aggregate information about the users of our website: www.swapshop.fashion (the “Website”)

Whenever you use our online services, cookies and other tracking technologies can be used in various ways, such as to make our Website work, to analyse traffic, or for advertisement purposes. These technologies are either used by us directly, or by our business partners, including third party service providers and advertisers whom we work with. 

This may also involve collecting and using your user Internet Protocol Address (an “IP Address”).

Please read the following carefully to understand how and why we use cookies and other tracking technology, and also collect your IP Address! If you do not accept or agree to the practices described in this Policy, you must exit the Website and our App immediately! By continuing to use either of them, it shall be deemed to signify your full acceptance and consent to the practices set out in this Policy, including the way in which we will track your activities through the use of cookies.

2.        IP ADDRESS

2.1     WHAT HAPPENS WHEN YOU VISIT THE SITE

Every time you connect to the internet or, if you use an always-on connection, such as broadband or ADSL, when you boot up or restart your computer, you are automatically assigned a unique identifying number known as an IP Address. This IP Address, which contains, amongst others, information regarding the location of your computer on the internet (your country of origin) and the name of your internet service provider (“ISP”), is automatically logged by our Website.

2.2     What is an IP Address?

When you first started your internet session (i.e. your computer connected to the internet), your computer was automatically assigned a unique number (normally in the region of 9 or 10 decimal numbers), known as an IP Address. This is your computer’s unique address on the internet. Without an IP Address, websites would not be able to deliver their respective content to you, given that they would not be able find your computer on the internet. Since each time you disconnect and reconnect to the internet, a new IP Address is automatically assigned to your computer, IP Addresses are not inherently capable of identifying you as an individual (at least, by themselves and not combined with other identifiers).

An IP Address does, however, contain information regarding the location of your computer on the internet (your country of origin), and the name of your ISP. Such information, when combined with other available information, may then potentially lead to, or otherwise allow for, your identification. For these reasons, EU Data Protection Law treats IP Addresses as personal data with the resulting protections.

 

2.3     HOW DO WE COLLECT YOUR IP ADDRESS

Each time you visit a page on our Website, your computer sends out a message asking for the requested content to be delivered. This message sent by your computer also encloses your IP Address as a form of “return address”, so that the Website may find your computer in order to send it that requested content. Our web-server automatically logs all these messages.

 

2.4     WHAT DO WE DO WITH YOUR IP ADDRESS?

When we log your IP Address, the data collected is grouped up with the other logged IP Addresses in order to provide us with the statistics on the geographic location of visitors to our Website, how long they stay on the Site, which are the most viewed pages and for other statistical reasons that may be relevant to us.

We gather your IP address automatically and store it in log files. These files also contain information relating to your browser type, ISP, operating system, date/time stamp, clickstream data and the files viewed on the Website. Collecting this type of information allows us to generate aggregate information for the purposes of developing our Website, including in terms of overall user trends and activities online (such as the number of unique visitors, pages accessed and viewed most frequently or the search terms entered). It also allows us to administer the Website, diagnose any potential server problems, analyse visitor trends and statistics, and generally helps us to provide you with a better internet experience.


IP Addresses are not stored for longer than necessary for the above stated purposes.

 

3.        COOKIES

3.1     INFORMATION ABOUT OUR USE OF COOKIES

We have implemented and activated cookies on our Website to distinguish you from other users. These cookies allow us to analyse trends and administer our Website, to help provide you with a good experience when browsing through them and to also improve them at the same time.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or on your mobile device, if you agree to let us do so. A cookie enables the website or app to remember users that have already visited. Without a cookie, every time you open a new web page, the server where that page is stored will treat you like a completely new visitor.

So-called “first party cookies” are cookies which are served by the entity operating the domain through which the cookie is served. Our own cookies are therefore “first party cookies”. In case we allow others to service cookies through our Website, these cookies are so-called “third party cookies”. In addition to the above, there is also a difference between “session cookies” and “permanent cookies”. Session cookies will only exist until you close your browser. Permanent cookies have a longer lifespan and are not automatically deleted once you close your browser.

Cookies are used for different purposes. They allow you to be recognised as the same user across the pages of a website, between websites or when you use an app. Cookies allow us to remember your custom preferences such as your language preference and allow you to complete tasks without having to re-enter your information when browsing. The types of information that we collect through cookies include IP address; device ID; viewed pages; browser type; browsing information; operating system; internet service provider; timestamp; whether you have responded to an advertisement; the referring URL; and features used or activities engaged in within the Website.

Our Website uses cookies for different purposes, below we have listed the cookies which use and the purpose for which we use them:

  • Strictly Necessary Cookies. These are cookies that are required for the operation of our Website. By way of illustration, they include cookies that enable you to log into secure areas of the Site as well as support Site navigation.
  • Analytical Cookies. They allow us to recognise and count the number of visitors and see how visitors move around the Website when using them, and gain insight on how our visitors use them. This means we can find out what works and what doesn't, optimise and improve our Website, understand the effectiveness of advertisements and communications, and ensure we continue to be interesting and relevant. The data we gather can include which web pages you have viewed, which referring/exit pages you have entered and left from, the number of clicks you make on a given page, your mouse movements and scrolling activity, the search words you use and the text you enter into various fields. This helps us to improve the manner in which our Website works, such as by ensuring that users are finding what they are looking in a seamless and straightforward manner.
  • Functionality Cookies. These are used to recognise you when your return to our Website, to help you to use them efficiently and effectively. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region), your searches and your previously viewed items, as well as improve the speed and security of the Website. We may also use cookies to remember your registration/account information so that you don’t have to retype your login credentials each time you visit our site. Passwords will, however, always be encrypted. These functional cookies are not strictly necessary for the functioning of our Website, but they add functionality and enhance your experience as a user or visitor. These Functionality Cookies will further assist the user in being able to efficiently and effectively make use of the account on the Site, both for the purpose of uploading items/products and/or for making swaps/purchases on the Site.
  • Targeting Cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website, together with the advertising displayed on them, more relevant to your interests. We may also share this information with third parties for this particular purpose.
  • Technical Cookies: We try to give our visitors an advanced, user-friendly website that adapts automatically to their needs and wishes. To achieve this, we use technical cookies to show you our Website, to make it function correctly, to create your user account, to sign you in and to help our users manage their accounts more efficiently. These technical cookies are absolutely necessary for our Website to function properly, i.e. a ‘strictly necessary cookie’.
  • Third Party Cookies. These cookies allow the Website to interact with different websites.
  • Commercial Cookies: We use third-party cookies as well as our own to display personalized advertisements on our websites and on other websites. This is called “retargeting,” and it is based on browsing activities, such as the items you have been searching for.

 

Please note that third parties (including advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical and performance cookies or targeting cookies.

We strive to serve cookies or allow the serving of cookies with a maximum lifespan of five (5) years. Only in exceptional circumstances, such as for security purposes and where absolutely necessary, will a cookie have a longer lifespan than that.

 

3.2     MANAGING COOKIES AND YOUR CHOICES

You do not have to accept cookies to use our Website.

You can control the use of cookies at the individual browser level, and can even block or reject all or some cookies by activating the relevant setting on your browser. However, if you choose not to accept certain technical and/or functional cookies, you may not be able to use some functions on our Website.

Therefore, please be aware that if you do block or reject cookies (including technical and/or functional cookies), you would still be able to access and use the Website, but your ability to use some of their functions or features, together with the services that you connect to through the Website, may be limited or may simply not work or function properly. 

To learn more about cookies and how to manage or delete them, visit www.allaboutcookies.com and the help section of your browser. Many browsers allow you to browse privately, whereby cookies are automatically erased after you visit a site. In the settings for browsers such as Internet Explorer, Safari, Firefox or Chrome, you can set which cookies to accept and which to reject. Where you find these settings depends on which browser you use. Use the “Help” function in your browser to locate the settings you need. For your guidance, the following is a list of the most common browsers and the way in which you can activate private browsing: 

·        Internet Explorer 8 and later versions: In Private

·        Safari 2 and later versions: Private Navigation/Browsing

·        Firefox 3.5 and later versions: Private Navigation/Browsing

·        Google Chrome 10 and later versions: Incognito

 

3.3     SOCIAL MEDIA FEATURES AND WIDGETS

The Website includes social media features such as Facebook and Google log-in feature. These features may collect your IP address, which pages you are visiting, and may set a cookie to enable the feature to function properly.

Any personal information that you provide via such social media applications may be collected and used by other members of that social media application, and such interactions are governed by the privacy policies of the companies that provide the particular applications. We do not have control over, or responsibility for, those companies or their use of your information.

4.        OTHER INFORMATION STORED

5.1    WEB SERVER LOGS

For security and troubleshooting purposes our web server stores logs of activity on the website. The information stored includes: date, time, IP, page visited, result, amount of data sent and browser used.

a.        OTHER TECHNOLOGIES

Next to cookies, other tracking technologies are used which are similar to cookies. These can include web beacons (also known as pixel tags, web bugs or gifs), tracking URLs or software development kits (SDKs).

A web beacon is a tiny graphic image of just one pixel that can be delivered to your computer as part of a web page request, in an app, in an advertisement or in an HTML email message. Pixels can be used to retrieve information from your device, such as your device type or operating system, IP address, and time of visit. They are also used to serve and read cookies in your browser. Tracking URLs are used to understand from which referring website our Website is/are being used. SDKs are small pieces of code included in apps, which function like cookies and web beacons.

5.        GOOGLE ANALYTICS

Our Website also uses Google Analytics, a web analysis service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”).

 Google Analytics employs cookies. The information generated by these cookies, such as time, place and frequency of your visits to our site, including your IP address, is transmitted to Google's location in the US and stored there.  In using Google Analytics, our Website employs the extension, “gat.anonymizeIp”. In doing so, Google abbreviates and thereby anonymizes your IP address before transferring it from Member States of the European Union or signatory states to the Agreement on the EEA.

 Google uses this information to analyse your use of our Website, to compile reports for us on internet activity and to provide other services relating to website and internet use. Google may also transfer this information to third parties where required to do so by law or where such third parties process this data on Google’s behalf.   Google states that it will never associate your IP address with other data held by Google. You can prevent cookies from being installed by adjusting the settings on your browser software accordingly, as discussed earlier on this Policy. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our Website.

Furthermore, Google offers a deactivation add-on for most current browsers that provides you with more control over what data Google can collect on websites you access. The add-on tells the JavaScript (ga.js) used by Google Analytics not to transmit any information about website visits to Google Analytics. However, the browser deactivation add-on offered by Google Analytics does not prevent information from being transmitted to us or to other web analysis services we may engage. You can find additional information on how to install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de

 

6.        UPDATES TO THIS POLICY

We will occasionally update this Policy to reflect changes in our practices and services. When we post changes to this Policy, we will revise the “Last Updated” date at the top of this Policy.

We recommend that you check this page from time to time to inform yourself of any changes in this Policy or any of our other policies.

7.        CONTACT US

If you have any questions or comments about this Policy, or privacy matters generally, please contact us via email at swapshop@zibel.org, or by filling in the contact form available via our “Contact us” page on our Website.