Privacy Policy

This Policy is effective as of and was last updated on 02.04.2015 and is applicable to all users of the Website

 

Hsquared Education GmbH (“Company”) respects the privacy of its users whether they use the www.smart-prep.com website (“Website”) to purchase products or simply to view the Website. The following privacy policy of Hsquared Education GmbH (“Privacy Policy”) is designed to inform you, as a user of the Website, about the types of information that Hsquared Education GmbH, Auenstraße 100, 80469 Munich, Germany (“Company”) may gather about or collect from you in connection with your use of the Website. It is also intended to explain the conditions under which the Company uses and discloses that information, and your rights in relation to that information.

 

 1. Who is responsible?

 

Hsquared Education GmbH, Auenstraße 100, 80469 München, Germany is responsible data controller for processing of personal data on this Website and in context of Services used and Products purchased through the Website.

 

 2. What do we do with your information?

 

2.1 Why we collect information

    The collection of your data exclusively serves the purpose of providing you with a user-friendly, efficient and secure Website and to provide you the Services and Products offered. We use and process the data collected for the purpose of transmitting information to interested users. The data collected is also used to improve our Website and its security. Where possible, data is collected and processed anonymously or in a pseudonymized form.

    In case you perform transactions on our Website, for example by opening a user account and/or purchasing something from our Online Shop, as part of the buying and selling process, further data collection, such as your name, address and email address, will occur.

     

    2.2 Nature and extent of the collection and processing of personal data

    a) E-Mail addresses

    If you wish to receive our Newsletter, we will need to store and use your E-Mail address. By opting-in to our Newsletter, we will regularly send an electronic message containing editorial information about our services/offerings and relevant advertising content to the E-Mail address you have provided. You can cancel the subscription to the Newsletter at any time (see Section 2.2).

     

    b) Personally identifying information

      You can browse our website without providing personal information that you or other individuals (“Personal Data”) to us. However, when you browse our Website as a registered or unregistered user, we will create user profiles under a pseudonym. Data in anonymous form will be collected and stored for marketing and optimization purposes. This data includes your computer’s shortened internet protocol (IP) address, the date, the time, the pages viewed, the duration of your visit and the website from which you came to us in order to provide us with information that helps us learn about your browser and operating system. Based on these pseudonymized data, we will create a user profile under a pseudonym. Cookies may be used for these purposes (see Section 7). Data relating to user profiles will not be connected to your personal data or user account. You have the right to opt-out from collection and processing of user profiles by contacting us at the address indicated below.

      Authentication and tracking logs are used to create user-statistics, although these data do not contain any Personal Data.

       

      2.3 California Online Privacy Protection Act Compliance

        For Users residing in California: Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your Personal Data to outside parties without your consent.

         

        3. Justified Processing and Consent

           

          3.1 Processing your data for a transaction

            When you provide us with Personal Data to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

            We process your following Personal Data for this purpose: Name, address, e-mail-address, details of order, payment details, reason for return (when applicable).

             

            3.2 Processing for other Reasons

              If we ask for your Personal Data for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no or opt-out of providing the Personal Data.

               

              3.3 How do I withdraw my consent?

                If, after opting in you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at:

                info@smart-prep.com

                or mailing us at:

                Hsquared Education GmbH
                Auenstraße 100
                80469 München
                Germany

                  

                4. Disclosure

                   

                  We may disclose your Personal Data if we are required by law to do so, if you violate our Terms of Service, or if you give consent. 

                   

                   5. Shopify

                   

                  5.1 Where is our store hosted?

                    Our Online Shop is hosted on Shopify Data Processing USA Inc. in the USA as data processor. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

                    Your data is stored on Shopify’s data servers, databases and the general Shopify application. They store your data on a secure server behind a firewall.

                    Shopify Data Processing USA Inc. is registered under the EU-US Safe Harbor scheme, which means that this entity meets the EU adequacy requirements for data processing in non-EU/EEA countries.

                     

                    5.2 Payment

                      If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

                      All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

                      PCI-DSS requirements help ensure the secure handling of credit card information by our Online Shop and its service providers.

                      For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.

                       

                      6. Third-Party Services

                         

                        6.1 Data and Third-Party Providers

                          In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

                          However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

                          For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled.

                          In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you select to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

                          Once you leave our store’s website or are redirected to a third-party website or application, you are no longer protected by this Privacy Policy or governed by our Website’s Terms of Service.

                           

                          6.2 Links

                            When you click on links in our Online Shop, they may direct you away from our Website. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

                             

                             7. Security

                             

                            To protect your personal information, comply with applicable data protection laws and we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

                            If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

                             

                            8. Cookies

                             

                            8.1 Use of Cookies

                              As part of our Websites, we use so-called “Cookies” or other instruments to analyze the usage of our Websites. Cookies are small files that are stored on the hard drive of your computer, and which send us certain information. This information includes your computer’s internet protocol (IP) address, your browser, the complete uniform resource locators (URL) clickstream (the order in which you visit pages on our Website), the date, the time and duration of your visit as well as the cookie-number.

                              Cookies and similar instruments enable us to recognize you the next time you visit our website and help us adapt our website to your needs. We also use Cookies to measure the frequency of Website hits, monitor the general navigation of our Website and, where necessary, create encrypted user profiles.

                              When you visit our Website, we will ask to you consent to the use of cookies in context of your visit of the Website. If you do not wish that cookies are placed on your computer, please do not use the Website or turn off the “accept cookies” function of your browser. Note, however, that you will not be able to use all functionalities of our Website if cookies are turned off.

                               

                              8.2 What Cookies do we use?

                                Here is a list of Cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of Cookies or not.

                                _session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).

                                _shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits

                                _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.

                                cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.

                                _secure_session_id, unique token, sessional, used to identify a specific user for the duration of that user's visit.

                                storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

                                _ga, persistent for 2 years, used to distinguish users.

                                _gat, persistent for 10 minutes, used to throttle request rate.

                                __utma, persistent for 2 years from set/update, used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.

                                __utmt, persistent for 10 minutes, Used to throttle request rate.

                                __utmb, persistent for 30 mins from set/update, used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.

                                __utmc, persistent until end of browser session, Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.

                                __utmz, 6 months from set/update, stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.

                                __utmv, persistent for 2 years from set/update, used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.

                                 

                                8.3 Use of Google Analytics

                                  We makes use of Google Analytics and point out the following on demand of the company Google Inc.: This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics also uses "Cookies", which are text files placed on your computer, to help the website analyze how users use the website. The information generated by the Cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Please note that on this Website, Google Analytics code is supplemented by “anonymizeIp” to ensure an anonymized collection of IP addresses (so called IP-masking). This means that Google will truncate/cut off the last octet of the IP address for users from Member States of the European Union or the European Economic Area before storing it. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third-parties where required to do so by law, or where such third-parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of Cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. If you wish to prevent your use of this website from being analyzed by Google Analytics, you can opt out by downloading and installing the Google Analytics opt-out browser add-on at: http://tools.google.com/dlpage/gaoptout?hl=de 

                                  Please note that on this website, Google Analytics code is supplemented by “anonymizeIp” to ensure an anonymized collection of IP addresses (so called IP-masking).

                                   

                                  8.4 Disabling Cookies

                                    WEBSITE USERS WHO DO NOT WITH TO HAVE WEB COOKIES PLACED ON THEIR COMPUTERS SHOULD SET THEIR BROWSERS TO REFUSE WEB COOKIES BEFORE ACCESSING THE WEBSITE, WITH THE UNDERSTANDING THAT CERTAIN FEATURES OF THE WEBSITE MAY NOT FUNCTION PROPERLY WITHOUT THE AID OF WEB COOKIES. WEBSITE USERS WHO REFUSE WEB COOKIES ASSUME ALL RESPONSIBILITY FOR ANY RESULTING LOSS OF FUNCTIONALITY.

                                     

                                    9. Social Media

                                     

                                    9.1 Use of Facebook Social Plugins

                                      This website uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, United States (“Facebook”). The plugins are identifiable by one of the Facebook logos (white “f” on blue tile or a “thumbs-up” sign) or the description “Facebook Social Plugin”. The list and the look of the Facebook social plugins can be viewed here: http://developers.facebook.com/plugins

                                      The functions assigned to the Facebook links, in particular the transfer of information and user data, do not become active just by visiting our website, but only when you activate the respective buttons.

                                      Only when you click on the button, it becomes active and the Facebook plug-ins are activated. Your browser then sets up a direct link to the Facebook servers.
                                      Facebook then gets the information that you have accessed this Website with your IP address.
                                      If you are logged in on Facebook, your visit can be associated to your Facebook account.
                                      If you interact with the plug-ins, for example, if you click on the 'Like' button or post a comment, the corresponding information is transmitted directly from your browser to Facebook and saved there.

                                      As the transmission is direct, we obtain no information as to the data transferred.
                                      For information on the purpose and extent of data capture by Facebook and the further processing and use of the data by Facebook as well your rights in this regard and setting options for the protection of your personal privacy, please refer to the Facebook data protection information at http://www.facebook.com/policy.php

                                       

                                      9.2 Use of Google “Add”-Button

                                        Our website uses the “Add” button from the social network Google Plus, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). The button is identifiable by the “Add″ sign on a white or coloured background.

                                        The functions assigned to the Google links, in particular the transfer of information and user data, do not become active just by visiting our website, but only when you activate the respective buttons.

                                        Only when you click on the button, it becomes active and the Google plug-ins are activated. Your browser then sets up a direct link to the Google servers.
                                        Google then gets the information that you have accessed this Website with your IP address.
                                        If you are logged in on Google, your visit can be associated to your Google account.
                                        If you interact with the plug-ins, for example, if you click on the '+1' button or post a comment, the corresponding information is transmitted directly from your browser to Google and saved there.

                                        As the transmission is direct, we obtain no information as to the data transferred.
                                        For information on the purpose and extent of data capture by Google and the further processing and use of the data by Google as well your rights in this regard and setting options for the protection of your personal privacy, please refer to the Google data protection information at https://developers.google.com/+/web/buttons-policy

                                         

                                        9.3 Use of Tweet-Button by Twitter

                                          Our website uses the “Tweet” button from the social network Twitter, which is operated by Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, United States ("Twitter"). The button is identifiable by the blue bird and the word ”Tweet“ or “Follow” on a light blue background. With the help of this button, you can share a post or page of this Website.

                                          The functions assigned to the Twitter links, in particular the transfer of information and user data, do not become active just by visiting our website, but only when you activate the respective buttons.

                                          Only when you click on the button, it becomes active and the Twitter plug-ins are activated. Your browser then sets up a direct link to the Twitter servers.
                                          Twitter then gets the information that you have accessed this Website with your IP address.
                                          If you are logged in on Twitter, your visit can be associated to your Twitter account.
                                          If you interact with the plug-ins, for example, if you click on the 'Tweet' button or post a comment, the corresponding information is transmitted directly from your browser to Twitter and saved there.

                                          As the transmission is direct, we obtain no information as to the data transferred.
                                          For information on the purpose and extent of data capture by Twitter and the further processing and use of the data by Twitter as well your rights in this regard and setting options for the protection of your personal privacy, please refer to the Twitter data protection information at http://twitter.com/privacy

                                           

                                          10. Age of Consent

                                            By using this Website, you represent that you are at least the age of majority in your country, state or province of residence, or that you are the age of majority in your country, state or province of residence and you have given us your consent to allow any of your minor dependents to use this Website.

                                             

                                            For users residing in the US: We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act). This website does not knowingly collect personal information from children under the age of 13 years. Our website, products and services are all directed to people who are at least 13 years old or older. 

                                             

                                            11. Changes to this Privacy Policy

                                             

                                            We reserve the right to modify this privacy policy at any time, so please review it frequently so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. Changes and clarifications will take effect immediately upon their posting on the website. Unless Company obtains your express consent, any revised Privacy Policy will apply only to information collected after such time as the revised Privacy Policy takes effect, and not to information collected under any earlier Privacy Policies. Company again encourages visitors to frequently check this page for any changes to its Privacy Policy. The revision date will be clearly marked at the top of this Privacy Policy.

                                            If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you. 

                                             

                                            12. Questions and Contact Information

                                             

                                            If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at:

                                            info@smart-prep.com

                                             

                                            or by mail at:

                                            Hsquared Education GmbH
                                            Auenstr. 100
                                            80469 Munich
                                            Germany

                                             

                                            Munich, March 2015