At ShotSearch, we are committed to protecting your personal data and to providing clear and transparent disclosures about the types of information we collect and how we use it.
In principle, we will only use your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”), and only as described in this Privacy Policy.
General Information
a) What is personal data?
Personal data is any personal information that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, email address, postal address, or telephone number, as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of monthly website users.
b) What is processing?
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
c) Responsibility for data processing
Responsible for data processing is ShotSearch, www.shotsearch.com ("ShotSearch", “we”, “us” or “our”). We act as the data controller and ask you to direct all questions about your personal data directly to us.
d) Legal bases for processing personal data
In accordance with the above-mentioned laws, we need to have at least one of the following legal bases to process your personal data:
● You have given your consent,
● the data is necessary for the fulfillment of a contract / pre-contractual measures,
● the data is necessary for the fulfillment of a legal obligation or
● the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
General Principles
a) Security
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us.
You can recognize an encrypted connection if the address line of your browser begins with "https://" instead of "http://" and also has a lock symbol. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
We have also implemented numerous security measures (“technical and organizational measures”), for example, encryption or need to know access, to ensure the most complete protection of personal data processed through this website.
Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include personal data may be breached inadvertently or through wrongful intrusion.
Upon becoming aware of a data breach, we will notify all affected individuals whose personal data may have been compromised as expeditiously as possible after the breach was discovered.
b) Minors
We do not request personal data from minors and children and do not knowingly collect such data or pass it on to third parties.
c) Automated decision-making
Automated decision-making is the process of making a decision by automated means without any human involvement. Automated decision-making including profiling does not take place.
d) Do not sell
We do not sell your personal data.
e) Special category data
Unless specifically required when using our services and consent is obtained for that particular service, we do not process special category data.
f) International transfer
We might transmit and process your personal data in countries outside of your own. Our commitment to safeguarding your personal data involves implementing sensible technical and organizational measures for the transferred information.
g) How long is your data stored?
We process and store your personal data only to achieve the respective processing purpose or for as long as our legal retention period exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
h) Sharing and disclosure
We will not disclose or otherwise distribute your personal data to third parties unless this is a) necessary for the performance of our services, for example, with our web host or with our logistic partners to deliver your order, b) you have consented to the disclosure, c) or if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or other legal proceedings; or proceedings at home or abroad or to fulfill our legitimate interests.
Data we collect automatically
a) Collection of access data and log files
We collect data on every access to our platform. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days before being deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an adequate user experience.
b) Hosting
The hosting services used for the purpose of operating our website are Vercel Inc. and Amazon Web Services, Inc. These providers process all data and communication data from our website users and visitors. We use these providers to efficiently and securely deliver our website and services, in line with our legitimate interest and contractual obligations.
c) Use of cookies
We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. There are different types of cookies: a) Essential cookies. Essential cookies are cookies to provide a correct and user-friendly website; and b) Non-essential cookies. Non-essential cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyze your behavior on a website (“analytical” cookies) or cookies used to display advertisements to you (“advertising” cookies).
Data we collect directly
The personal data you directly give to us is only collected when you contact us. In addition to your name and email address, if provided, we usually collect the context of your message which may also include certain personal data. The personal data collected when contacting us is to handle your request and the legal basis is both your consent and contract.
Google Services
We use Google Analytics, which means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymized by means of IP anonymization so that an allocation is not possible. Google Analytics places cookies in web browsers. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=en. The legal basis for the use of Google Analytics is based on your consent.
Data from third-party sources
We may obtain data about you from third-party sources, such as our marketing partners, social networks, and other third parties. We may use this data to better analyze your user behavior to improve our ability to provide you with relevant marketing information and services, and to prevent and combat fraud. Insofar as you have also given us your consent to process your personal data for marketing and advertising purposes, we have the right to contact you for these purposes through the communication channels for which you have given your consent.
Your Rights and Privileges
a) Privacy rights
In certain circumstances, under the GDPR, you have the right to exercise the following:
● The right to access
● The right to rectification
● The right to erasure
● The right to restrict processing
● The right to object to processing
● The right to data portability
b) Your information preferences
We are committed to addressing access and correction requests. In case we cannot respond within thirty (30) days, we will provide an explanation for the delay along with a revised timeline. If we're unable to fulfill a correction or data provision request, we will communicate the reasons behind the decision.
Other Information
We may update this policy to reflect changes in our practices or regulatory obligations.
Effective Date: August 18, 2023