Fragstore’s Privacy Policy
Last updated: April 07, 2023
1. General information
Thank you for visiting our website! For the purposes of this Privacy Policy (hereinafter – the “Policy”), “Fragstore”, “we,” “us” and “our” refer to of the FS HOLDING LTD and our subsidiaries and affiliates, as the context requires.
Fragstore is an online store for gamers, e-sportsmen, anime fans and geek culture lovers. All the terms and provisions should be perceived together with the Terms and conditions, which are available at the link: https://fragstore.com/terms-an... (hereinafter – the “Terms”).
The Policy is addressed to individuals outside our company with whom we interact through the Website, including the Visitors and the Customers (hereinafter together, “you”, “your”).
This Policy contains detailed information about how and why we collect, use, disclose, and otherwise process Personal data, what information becomes available to us and third parties when you make purchases in Fragstore, such as when you:
- visit our website https://fragstore.com/ or any our web-sources, including social media pages, that links to the Policy:
- sign up to our newsletter;
- place orders for our products;
- take part in any sales, marketing or other event:
- interact with us in any other way.
The Policy relates only to collection of the information described hereto and should be viewed as a supplement to any other notices or contractual terms provided to Customers.
2. Our contact details
If you have any questions about the Policy or our privacy practices, please contact us using the details below.
Company name: FS HOLDING LTD
Address: office 102, KIBC, Profiti Ilias 4, Limassol, Cyprus E-mail: [email protected] 3. The definitions we use
Capitalized words, both singular and plural, have the following meanings in this Policy:
the Applicable legislation – means the legislation in the field of protection and processing of personal data, which applies to the activities of the Fragstore, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – “GDPR”) and other laws, under the scope of regulation of which the activities and / or separate processing of data of the Fragstore may fall.
the Customer – a person who place orders and purchase products in Fragstore shop. the Cookies – small pieces of data that are stored on your device (computer, smartphone, tablet, etc.) when you visit the Website.
the Data Subject – is a natural person whose Personal data is processed.
the Device – means any device that can access the Services, including the Website, such as a computer, mobile phone or tablet.
the IP address – internet protocol (IP) address that is a unique number, similar to your post address, associated with your Internet activity.
the Personal data – information about a natural person who is identified or can be specifically identified.
the Pixels – the pieces of software code that are integrated into the website code and allow tracking and analysis of User behavior (which pages are visited, which links are followed, etc.).
the Technical data – information that is collected by the Website when you visit it (for example, the IP address (web protocol) of the device you use, data about the web browser you use, your operating system, etc.).
the Visitor – a person who visits the Website.
the Website – Fragstore’s website, available at the domain: https://fragstore.com/.
Any capitalized definitions not otherwise defined in the Policy shall have the definitions set forth in the Terms.
4. Where does Fragstore get Personal data from?
We receive data directly from you in the following cases:
- through the registration form on the Website, when you create and use Customer’s account;
- when you place an order to buy products from Fragstore shop through the Website or by the phone; - when you contact us by e-mail, telephone or our post address;
- when you subscribe to our social media;
- during conclusion and execution of the agreement (payments proceeding, delivery, guarantee support, etc.)
Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number. All payment data is stored by our service providers, such as PayPal, Google Pay and Apple Pay. Social Media Login Data. We have the option to register account in Fragstore shop, using your existing social media account details, like your Facebook, Google or other account. Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform. We will use the information we receive only for the purposes that are described in this Policy. Please note that we do not control, and are not responsible for those how your third-party social media provider processes your Personal data. We recommend that you review their privacy policy to understand how they process your Personal data, and how you can set your privacy preferences on their sites and apps.
Information automatically collected We process the Technical Data. Some of this data is collected automatically, for example through your web browser (such as Google Chrome, Safari, Mozilla Firefox, Opera, Microsoft Edge), when you use the Website.
This includes the following data:
IP address, browser data, including device and browser type, browser version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the Devices you use to access this Website, data on the Visitor’s interaction with the Website (session ID). The session ID includes: your interaction with the Website; if you went to the Website by a link from another website - the address of this website; the functions of the Website used by you; viewed pages; length of stay; way of visiting our Website; date and time of visit and other diagnostic data.
We may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your location setting on your device.
Usually, the Technical data does not give us a real possibility to identify specific natural person, directly or indirectly, and is therefore not considered Personal data. This type of data will only be used by us in an aggregated and anonymized manner. For example, we may use this data to calculate the percentage of the Visitors who access a particular feature of the Website, the number of the Visitors from different geographical regions, etc. However, if we combine or link such data with other personal data so that it can directly or indirectly identify the Data Subject, we treat the combined data as Personal data that will be used in accordance with this Policy.
We may receive information about you from some of our service providers (as specified in Article 8 below) who assist us with marketing or promotional services, related to how you interact with the Website, promotions, advertisements or communications. We also use Cookies and similar technologies, such as Pixels. You can learn more about Cookies and how we use them in Article 10 hereto.
Automated processing of the Personal data, including profiling is not performed.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
5. How do we process Personal Data?
When Fragstore process Personal data of our prospects or the Customers, the Visitors, we act like controller of such Personal data.
Upon receipt of Personal Data, as the controller we process it in accordance with the following:
The Purpose of the processing The Legal basis The Categories of personal data The period of data storage
To fulfill and manage Customer’s orders Conclusion and execution of the agreement First and last name, username, e-mail, mobile phone number, shipping address, billing address, purchase history, other information received from the Data Subject in course of performance of the sale agreement During the fulfillment of sale agreement(s) and 6 (six) months after the Customer's account becomes idle. Some data may be stored for a longer period of time determined by Applicable legislation, in particular for accounting, tax and auditing purposes.
Customer’s account creation and management Conclusion and execution of the agreement First and last name, mobile phone number, username, e-mail, profile picture, password, Social Media Login Data 6 (six) months after the Customer's account becomes idle
Receiving payments for products from Customers Conclusion and execution of the agreement First and last name, e-mail, mobile phone number, billing information, payment card data (partially) in case of online payment through payment providers, purchase history, other information received from the Data Subject in course of performance of the agreement During the fulfillment of sale agreement(s) and 6 (six) months after the Customer's account becomes idle. Some data may be stored for a longer period of time determined by Applicable legislation, in particular for accounting, tax and auditing purposes
To deliver targeted advertising to you
Legitimate interest to promote and popularize the Fragstore shop the Technical Data, the session ID data Up to 6 (six) months after the last visit of the Website Sending newsletter and other marketing communications to the Visitors and / or prospects Consent Username, E-mail Until withdrawal of consent or up to 6 (six) months after the last visit of the Website
Sending newsletter and other marketing communications to the Customers Consent Username, E-mail Until withdrawal of consent or 6 (six) months after the Customer's account becomes idle
To respond to inquiries and / or offer support Legitimate interest to communicate with you and fulfilling your requests Name and e-mail, other information received from the Data Subject Until the purpose of the processing is achieved and up to 6 (six) months after the end of the communication
Notifying the Customers on major changes in Terms, send other administrative information Conclusion and execution of the agreement Username, e-mail 6 (six) months after the Customer's account becomes idle
Administrating and protecting the Website Legitimate interest to ensure stable operation of the Website, including fraud monitoring and protection against other threats IP address, geolocation data, device and browser type, browser data, device data, session ID data, other Technical data Within 6 (six) months from the day of the last visit to the Website
Collecting Website’s statistics Legitimate interest to investigate the use of the Website the session ID data and other Technical data, data received from analytical tools, such as Google Analytics Within 6 (six) months from the day of the last visit to the Website
Exploring and analysis of our audience Legitimate interest to develop and improve the Website and Customer’s experience IP address, geolocation data, device data, browser data, other Technical data, data received from analytical tools, such as Google Analytics Up to 6 (six) months from the day of collection
Protecting our legal rights, resolve disputes Legitimate interest to protect our business First and last name, e-mail, mobile phone number, purchase history, address, billing information, other data, required for protection of legal rights During limitation period for filing claim or lawsuit under applicable law, and in the case of financial and tax information - within the period required by applicable law
After the expiration of the period of data storage, anonymized data may continue to be stored for archival and statistical purposes or in accordance with the requirements of the Applicable legislation.
The right to opt-out (withdraw your consent)
You may opt out of receiving any, or all, of communications from Fragstore, which we make under your consent, as specified in the table above. You may also object to our use of your data on the basis of a legitimate interest. For do this, please follow the instructions provided in emails we send or by contacting us (see Section 2 of the Policy for our contact details).
Protection of children
We do not knowingly collect personal information from persons under the age of 18 (hereinafter referred to as “Child”, “Children”). If you become aware that a Child has provided us with the Personal data, please contact us. If we become aware of the fact of collecting Children's Personal Data, we take measures to delete this information.
6. Where and how are Personal data stored?
Fragstore may accumulate the Personal data, inter alia by including this data in a personal database. The Personal data and databases are stored in our office: Limassol, Profiti Ilias 4, KIBC, office 102.
We also use the data centers of contractors who provide us with relevant services. You can get more detailed information in Section 8. Processors of the Personal Data hereto.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, contractors who have a business need to know. They will only process your Personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. Does Fragstore transfer Personal data to third parties?
We understand the value of Personal data and make efforts to keep it private and secure.
We do not transfer Personal Data to third parties, except when such transfer is:
- as required by legislation and only (if necessary) in the interests of national security, economic well-being and human rights;
- at the request of the Data Subject;
- to our Processors, as specified in Article 8 of this Policy.
For example, we may disclose the Personal data if we believe it is necessary or appropriate to protect the rights, property, or safety of Fragstore, our partners, or other persons. This includes sharing information with other individuals and organizations for the purpose of protecting or preventing crime.
8. Processors of the Personal data We may engage third-parties and/or individuals to facilitate the processing of the Personal data on our behalf, provide services such as data storage, assistance in analyzing how our Website is used, improving the Website's usability, and other services necessary for the Website's operation and the achievement of the goals of our activities (hereinafter referred to as the “Processors”).
In particular, our Processors are:
1) Payment service providers
Some payment data is stored by our service providers, such as PayPal, Google Pay and Apple Pay. You may find their privacy notice link(s) here: https://www.paypal.com/us/lega... https://payments.google.com/pa... https://www.apple.com/legal/ap... 2) Partners whose data centers we use:
a) Amazon Web Services EMEA SARL (AWS). Address: 38 Avenue John F. Kennedy, L-1855, Luxembourg. We use the data center of AWS located in Germany, Frankfurt am Main. More details about potential offices and servers of AWS or its affiliates you may find at the link: https://aws.amazon.com/legal/marketingentities/.
3) Our employees and independent contractors, who support Fragstor’s shop work;
4) Our affiliates and subsidiaries (depending on the circumstances). We may provide services or sell products jointly with affiliated businesses. We may share user information collected from the Customers that is related to such transactions with those affiliated businesses. We require our affiliates to provide the same level of privacy protection as set forth in this Policy and they do not have the right to share or use Personal data for any purpose other than for an authorized transaction.
5) Partners who help us analyze and collect data from the Website:
Google, Inc. Address: Google, Google Data Protection Office, 1600 Amphitheater Parkway, Mountain View, California 94043, USA - in terms of using Google Analytics, Google Analytics 4, Google Forms services.
Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site. For more information on opting out of being tracked by Google Analytics across all websites you use, visit the website at the link: https://tools.google.com/dlpage/gaoptout?hl=en. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en;
We also may use services of such partners as: HubSpot, Clicky Analytics, SendPulse, Pixels and others. 6) Other contractors, suppliers whose services we use to achieve the goal(s) of our activity.
The Processors have access to your Personal data only to perform tasks within the scope and purposes of the Personal data processing in accordance with the Policy and are contractually obligated not to disclose or use it for any other purposes.
Some of the Processors, such as an analytics providers, may collect information about your online activities over time and across different websites and other online services. They may also use identifiers to track your Internet usage across other websites in their networks beyond the Website. They may use this information to provide you with interest-based advertising or other targeted content. While we do not knowingly provide the Processors with information that personally identifies you, they could potentially, with sufficient data from other sources, identify you. We do not control these tracking technologies of our Processors and are not responsible for the privacy practices on any website not operated by us to which our Website links or that links to our Website.
9. Cross-border data transfer
Your data may be used, stored and processed in other countries where our Processors are located. These locations may be outside of your country of residence or outside of your state/province and may have different data protection standards than your country/state/province.
The Processors from foreign countries are listed in Section 8 of the Policy above.
The transfer of Personal Data to foreign entities is carried out under the condition that the relevant state ensures adequate protection of Personal data. If the level of data protection does not meet the European standard, data transfer takes place with appropriate safeguards and on the basis of standard EU data protection provisions. In particular, if we transfer personal data from the EU / EEA to countries with insufficient data protection, we rely on Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) approved by the European Commission or other grounds as required or permitted by Articles 46 and 49 GDPR.
10. How do we use Cookies and similar technologies?
We use Cookies and other technologies, such as Pixels, to improve functionality of the Website and personalize your experience, to analyze information about your activities for better understanding how our Website is used and to customize our content, marketing strategy and online advertisements. For example, the choice of your preferred language or the region that you are in is saved thanks to Cookies. Thus, you will not have to re-enter data or make settings when visiting the Website.
We also share information about your use of the Website and Services with our trusted social media, advertising and analytics partners (see details in Article 8 of the Policy).
You can allow or deny all Cookies, as well as personalize your settings. Cookies can be blocked by you at any time. With the help of a Cookie, we receive the Technical Data specified in the Policy.
You can see more details about how we use Cookies in our Cookie Policy at the link: https://fragstore.com/cookies-... Some Cookies are placed by our service providers, as described more fully in Article 8 hereto, that helps us manage and analyze the usage of the Services. They may use identifiers to track your Internet usage across other websites in their networks beyond the Website. They may use this information to provide you with interest-based advertising or other targeted content. While we do not knowingly provide these service providers with information that personally identifies you, such third parties could potentially, with sufficient data from other sources, identify you. We do not control these service providers’ tracking technologies and are not responsible for the privacy practices on any website not operated by us to which our Website links or that links to our Website.
11. Limitation of liability regarding third-party resources
The Website may contain links to third-party resources posted for informational purposes. If you link to other resources, this Policy will not apply to such resources.
We are not responsible for the policies and practices of other companies, and any information that you provide to such companies is subject to their privacy policy or other document that regulates the processing of personal data.
If you leave the Website via a third-party web link, we recommend that you review the privacy policy of each website or service before submitting any personal data, and carefully review their terms of use.
For example, our Website contains links to social networks Facebook, Instagram, YouTube, etc.
Fragstore cannot guarantee the security of your Personal data when using the services of third parties, nor can it be responsible for their work, as it is not the owner of these resources.
12. Your rights regarding the Personal data
In some regions (like the EU/EEA, UK, Canada, etc.), you have certain rights under applicable data protection laws. Withdrawing your consent: If we are relying on your consent to process your Personal data, you have the right to withdraw your consent at any time by using the contact details provided in the Section 5 How do we process Personal Data? The exercise of these rights does not affect your use of the Website.
Please note that this will not affect the lawfulness of the processing of your Personal data conducted in reliance on lawful processing basis other than consent (see explaining table in Section 5 of the Policy).
Opting out of marketing communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section 2. You will then be removed from the marketing lists. However, we may still communicate with you, for example, to send you service-related messages, to respond to your requests, or for other non-marketing purposes.
Based on the applicable laws of your country, you may have the right to request access to the Personal data we collect from you, change that information, or delete it. To request to review, update, or delete your Personal data, please login into your account on the Website and visiting the settings page. It is also enough to send request to exercise rights regarding personal data by e-mail, with a note in the subject of the letter “Personal data”, to the e-mail address: [email protected] Please note that we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that Personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests at reasonable time and within 1 (one) month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. If your request cannot be satisfied for legal reasons, you will receive a notification from us accordingly.
We will not charge you a fee for making a request unless your request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
If you are located in the European Union (EU) and/or European Economic Area (EEA) or UK, you have the following rights:
- the right to access, update or to delete the information we have on you;
- the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
- the right to object. You have the right to object to our processing of your Personal data;
- the right of restriction. You have the right to request that we restrict the processing of your Personal data;
- the right to data portability. You have the right to be provided with a copy of your Personal data in a structured, machine-readable and commonly used format;
- the right to withdraw consent. You have the right to withdraw your consent at any time where we rely on your consent to process your Personal data.
If you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. Information for California residents
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such request, please submit your request in writing to us using our contact information provided herein in Section 2 of the Policy.
Before making request, please check the following Sections of this Policy: 4. Where does Fragstore get data from? 5. How do we process Personal Data? 8. Processors of the Personal data.
CCPA Privacy Notice
[TO BE INCLUDED IF BUSINESS IS SUBJECT TO CCPA (CPRA) ]
13. Policy update
Fragstore may update this Policy at its sole discretion from time to time. The updated version will be indicated by an “Update” date and the updated version will be effective as soon as it is accessible. The publication of the new version of the Policy on the Website will be considered as the notification of the Customers and the Visitors about the change of the Policy. We encourage you to review this Policy frequently to be informed of how we are protecting your information.
If we make material changes to this Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification (in pop-up windows on the Website, sending e-mails or by other available means). When you interact with the Website, you confirm that you have read the current terms of the Policy.
In the event that any part of this Policy is invalid, the remaining parts will remain in effect.
If the Policy is published in different language versions, the English version will prevail.