Privacy policy

Our aim is for you to feel comfortable on our website. The protection of your privacy and your personal rights are therefore important to us. Therefore, we would like to ask you to carefully read the following summary about how our website works. You can rely on transparent and fair data processing and we strive to handle your data carefully and responsibly.


The following Privacy Policy is intended to inform you about how we use your personal data. In doing so, we adhere to the strict provisions of the German Federal Data Protection Act (BDSG) as well as the requirements of the European General Data Protection Regulation (GDPR). This policy applies to both our web shop under https://shop.jayrappo.com and our newsletter sign-up form.

Responsible Person 

The person responsible within the meaning of the GDPR, other data protection laws applicable in the member states of the EU and other provisions of a data protection is:

Bright Pursuit LLC
2880W Oakland Park Blvd, Suite 225C
33311 Oakland Park, FL
United States

Represented by
Jan Rappo

Contact information

E-Mail: jay@jayrappo.com
Internet address: jayrappo.com

Scope of the processing of personal data

As a matter of principle, we only collect and use personal data from you insofar as this is necessary to provide a functional website and our content and services, e.g. when you register on our website or log in to an existing customer account or when you order products. The collection and use of your personal data regularly only takes place with your consent. An exception applies in cases where prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.

The security of your personal data is a high priority for us. We, therefore, protect your data stored with us by technical and organizational measures in order to effectively prevent loss or misuse by third parties. In particular, our employees who process personal data are bound to data secrecy and must comply with it. To protect your personal data, it is transmitted in encrypted form; for example, we use SSL=Secure Socket Layer for communication via your Internet browser. 

You can recognize this by the lock symbol that your browser displays when an SSL connection is established. In order to ensure the permanent protection of your data, the technical security measures are regularly checked and, if necessary, adapted to the state of the art. These principles also apply to companies that process and use data on our behalf and in accordance with our instructions.

Purposes of processing and legal basis 

We collect, process and use your personal data for the following purposes:

  • Establishment and performance of contractual relationships;

  • Sending newsletters;

  • Marketing measures;

  • Customer satisfaction surveys and analyses;

  • Product evaluations;

  • Customer service and customer support;

  • To process orders for our online range of goods.

The processing of your personal data may be based on the following legal grounds:

  • Art. 6 (1) lit. a GDPR serves as our legal basis for processing operations where we obtain your consent for a specific processing purpose.

  • Art. 6 (1) lit. b GDPR, insofar as the processing of personal data is necessary for the performance of a contract, e.g. if you purchase a product. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in the case of inquiries about our products or services.

  • Art. 6 (1) lit. c GDPR, insofar as we are subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations.

  • Art. 6 (1) lit. d GDPR in the event that vital interests of you or another natural person require the processing of personal data.

  • Art. 6 (1) lit. f GDPR applies on the basis of our legitimate interests, e.g. when using service providers as part of order processing, such as shipping service providers, or when carrying out statistical surveys and analyses and logging registration procedures. Our interest is directed toward the use of a user-friendly, appealing, and secure presentation as well as optimization of our website, which serves our business interests as well as meeting your expectations.


Duration of storage and routine deletion of personal data

We process and store your personal data only for the period of time required to fulfil the purpose of storage or if this has been provided for, in laws or regulations. After the purpose has ceased to exist or has been fulfilled, your personal data will be deleted or blocked. 

In the case of blocking, deletion will take place as soon as legal, statutory, or contractual retention periods do not conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and that deletion would not cause a disproportionately high expense due to the special nature of the storage.

Collection of general data and information, so-called log files

If you visit our website for information purposes only, without providing personal data via registration or in any other way, only the Internet connection data that your browser transmits to our server will be processed. Our website collects a series of general data and information with each call, which is temporarily stored in log files of a server. A log file is created in the course of an automatic protocol of the processing computer system. The following can be recorded:

  • Access to the website (date, time, and frequency)

  • How you arrived at the website (previous page, hyperlink, etc.)

  • Amount of data sent

  • Which browser and browser version you are using

  • The operating system you are using

  • Which internet service provider do you use

  • Your IP address, which your Internet access provider assigns to your computer when you connect to the Internet

The legal basis for this data processing is Article 6 (1) sentence 1 lit. b of the GDPR, as the collection and storage of this data is necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly. 

In addition, the data serve us to optimize our website and to ensure the security of our IT systems, and the processing is based in this respect on Art. 6 para. 1 lit. f GDPR. For this reason, the data is stored for a maximum of 7 days as a technical precaution.

We also use this data for the purposes of advertising, market research and to design our services to meet your needs by creating and evaluating user profiles under pseudonyms, but only if you have not exercised your right to object to this use of your data (see information on the right to object under "Your rights").


Cookies

We use cookies and similar technologies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser you are using and can be recognized by our web server. We use so-called "session cookies", which are deleted again when the browser session is closed. Other cookies ("persistent cookies") are automatically deleted after a specified period of time, which may differ depending on the cookie.

The use of cookies is partly technically necessary for the operation of our website. We also use cookies and comparable technologies to measure analytics about the reach of our website and to analyze the use of our website. If you wish to learn more about cookies in general, please visit www.allaboutcookies.com and if you like to learn more about the cookies we use please read our Cookie Policy.

Sending information

We use your data for sending information ordered by you about our offer and other promotions from us to the e-mail address provided by you. 

a) Newsletter registration on our website
On our website, there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us, i.e. at least your e-mail address. The registration is carried out by means of the so-called double opt-in procedure.  

After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection notice. If you register for our newsletter, which informs you about our latest products and services, the personal data you provide in this context (such as name, address and e-mail address) will be processed by us for the purpose of sending you the newsletter. 

b) Dispatch due to the sale of goods 
If you purchase goods or services on our website, we may send you information on our own similar goods to your specified e-mail address even without your consent. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f GDPR, because advertising related products and services by way of direct advertising represents a legitimate interest for us as the provider of this website. You may object to the processing of your personal data for the purpose of direct advertising at any time. We will then refrain from further processing for such purposes. You can send us your objection as described below. In addition, you can object to the sending of such newsletters at any time in the future without giving reasons by unsubscribing via the unsubscribe link at the end of each newsletter or by contacting us in any other way. 

We would like you to enjoy reading our e-mails. Therefore, we try to only include content that you are likely to be interested in. We, therefore, measure and store opening and click-through rates in your usage profile, i.e. whether and when you open our emails, which content of the emails you click on and when, as well as whether and why our emails could possibly not be delivered. We also use this data for statistical purposes. In particular, this serves our legitimate interest to evaluate the performance of the individual newsletter campaigns and to define optimisation measures in order to make the newsletter as attractive and suitable as possible for you. The legal basis for the processing is therefore Art. 6 para. 1 lit. f GDPR.

Of course, you can unsubscribe from receiving our information at any time, i.e. revoke your consent with effect for the future or object to data processing. For this purpose, you will find a corresponding unsubscribe link in every mail or newsletter and can confirm the unsubscription on our website. You can also contact us for a cancellation at any time. Our Newsletter provider is ActiveCampaign LLC


We use Convertkit to manage our email marketing subscriber list and to send emails to our subscribers. Convertkit is a third-party provider, which may process your data using industry standard technologies to help us monitor and improve our newsletter.

ConvertKit’s privacy policy is available at https://convertkit.com/privacy.

You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of each newsletter.


Contacting us, registration or placing orders

a) Contacting us
When you contact us, the data you provide will be stored by us based on Art. 6 (1) lit. b of the GDPR, insofar as it is necessary to answer your questions. The contact is logged in order to be able to prove the contact in accordance with the legal requirements. We delete the data accruing in this context when the respective conversation with you has ended and the facts concerned have been conclusively clarified. 

b) Registration
On our website, we offer you the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. Registration is necessary in order to set up your customer account, which you can use to place orders and services. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of pre-contractual measures and is based on Art. 6 para. 1 lit. b GDPR. You can delete your customer account at any time on our website. 

c) Storage of data in the user account
For the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen, depending on the individual case. You can store this data in your user account. In addition, we use your data to maintain our customer database so that only accurate data is stored there. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it. 

Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfil our legal information obligations for an effective conclusion of a contract with you. The processing of your data is, therefore, necessary for the conclusion of the contract with you and is therefore based on Art. 6 para. 1 lit. b GDPR. 

d) Guest order
You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order. 

We collect, process and use the information you provide in the context of a guest order for the purpose of executing the contract in accordance with Art. 6 Para. 1 lit. b GDPR. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory or contractual retention obligations will be blocked instead of being deleted to prevent it from being used for other purposes. 

f) Order confirmation
In order to process the contract and provide you with our services, for example the web shop or to send you a package for which a fee is charged, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary for the conclusion of the contract with you and is based on Art. 6 para. 1 lit. b GDPR. 

g) Other
Based on Art. 6 para. 1 lit. c and f GDPR, we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behaviour on our website, e.g. to maintain data security in the event of attacks on our IT systems. This also takes place insofar as we are legally obliged to do so, for example due to official or court orders, and for the exercise of our rights and claims as well as for legal defence. 

Disclosure of personal data to third parties

Your personal data will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of data protection law. 

a) Disclosure within affiliated companies pursuant to Art. 6 Para. 1 lit. b GDPR
We pass on your personal data for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact a store or our customer hotline with questions, complaints or returns as well as other complaints, they will also receive access to your order data in order to be able to process your request.

b)Disclosure to service providers according to Art. 6 para. 1 lit. b and f GDPR
For the operation and optimisation of our website and our services and for the processing of contracts, various service companies work for us, e.g. for central IT services or the hosting of our website, for the payment and delivery of products or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g. name, address). 

Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.

In contrast to order processing, in the following cases we transmit data to third parties for their own use in order to process the contract. In the case of payment for goods to the payment service provider specified when the order was placed. (Paypal, or Shopify Pay or GPay)

We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider.  

c) Disclosure to other third parties pursuant to Art. 6 para. 1 lit. c and f GDPR
We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g. due to official or court orders, or if we are entitled to do so, e.g. because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.

 Google Pay

If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment will be processed via the "Google Pay" application of your mobile device running at least Android 4.4 ("KitKat") and equipped with an NFC function by charging a payment card deposited with Google Pay or a payment system verified there (e.g., PayPal). For the release of payment via Google Pay in the amount of more than £25, the prior unlocking of your mobile end device by the respective verification measure set up (such as facial recognition, password, fingerprint or pattern) is required.

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the source website, which is used to verify a payment that has been made. This transaction number does not contain any information about the real payment data of your payment means deposited with Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment deposited with Google Pay.

Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b of the GDPR.

Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos you have attached to the transaction, the name, and email address of the seller and buyer or sender and recipient, the payment method used, your description for the reason for the transaction and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6 para.1 lit. f GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data and optimisation and functional maintenance of the Google Pay service.

Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.

Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only insofar as this is necessary for the payment processing.

For the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. 

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

Payments

We use the payment service provider Stripe. If you choose a payment method offered via the payment service provider Stripe Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process, together with information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction number). 

Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose.You can find data protection information on Stripe Payments Europe Ltd. here: https://stripe.com/privacy 

Data transfer to third countries

If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of personal data in accordance with Art. 44 of the GDPR and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g. by concluding EU standard contracts and additional guarantees, supplementary technical and organizational measures such as encryption or anonymization).

Your rights

Of course, you have rights with regard to the collection of your data, which we are pleased to inform you of herewith. If you would like to make use of one of the following free rights, a simple message to us will suffice. For your own protection, we reserve the right, in the case of an existing inquiry, to obtain further information necessary to confirm your identity and, if identification is not possible, to refuse to process the inquiry. 

a) Right to information
You have the right to request information and/or copies of the personal data stored about you. 

b) Right to rectification
You have the right to request that personal data relating to you be corrected and/or completed without delay. 

c) Right to object to processing
You have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have lodged an objection to the processing. 

d) Right to deletion
You have the right to request the erasure of your personal data stored by us, unless the exercise of the right to freedom of expression and information, the processing is necessary for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims. 

e) Right to information
Where you have exercised the right to rectification, erasure or restriction of processing, we will notify all recipients to whom personal data relating to you has been disclosed of such rectification or erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. 

f) Right to data portability
You have the right to have personal data that you have provided to us handed over to you or to a third party in a structured, common and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible. 

g) Right of objection
Insofar as your personal data are processed on the basis of legitimate interests pursuant to Article 6 (1) (f) of the GDPR, you have the right to object to the processing at any time pursuant to Article 21 (1) of the GDPR. 

If we process your for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Art. 21 (2) GDPR; this also applies to profiling insofar as it is related to such direct marketing. 

h) Right to withdraw consent
You have the right to cancel your consent to the collection of data at any time with effect for the future. The data collected until the cancellation becomes legally effective will remain unaffected. Please understand that the implementation of your cancellation may take a little time for technical reasons and that you may still receive messages from us in the meantime. 

i) Right to complain to a supervisory authority
If the processing of your personal data violates data protection law or if your data protection rights have otherwise been violated in any way, you may complain to the supervisory authority. 

You can also exercise your rights of rectification and deletion most quickly, easily and conveniently by logging into your customer account and directly editing or deleting your data stored there.  

j) Automated decision making including profiling
You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.

 Google Analytics

We use the Google Analytics service of Google to analyze our website visits. Google uses cookies that enable an analysis of your use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about your interaction with our website. Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser is not merged with other data from Google.

You can also prevent the storage of cookies by Google Analytics by selecting the appropriate settings in your browser software. You can also prevent the collection of information generated by the cookie by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout. If you are visiting our website via a mobile device, you can deactivate Google Analytics by clicking on this link.

Social Media

The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is our legitimate interest. The data processing is carried out in the interest of our public relations and communication. 

If you wish to object to certain data processing over which we have an influence, please contact us. We will then examine your objection. If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You always have the option of sending us confidential enquiries to our address stated in the imprint.

As already stated, where the social media platform provider gives us the opportunity, we take care to design our social media pages to be as data protection compliant as possible. With regard to statistics that the provider of the social media platform makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.

Data processing by the operator of the social media platform

The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can unfortunately hardly influence the web tracking methods of the social media platform. We cannot, for example, switch this off.

Please be aware: It cannot be ruled out that the provider of the social media platform uses your profile and behavioral data, for example, to evaluate your habits, personal relationships, preferences, etc. We have no influence on this. In this respect, we have no influence on the processing of your data by the provider of the social media platform.


Automated decision-making

We do not use automated decision-making or profiling.

Do Not Track

Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our Platform responds to Do Not Track requests.

Do Not Sell My Personal Information 

We do not sell information that directly identifies you, like your name, address, or phone records. 

Accuracy

The data we hold about you must be accurate and current, therefore please keep us informed of any changes to your data.

Children Data

Our website is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us, and we take the necessary steps to remove that information from our server.

External Links

Our website contains links to the online offers of other providers. We hereby point out that we do not influence the content of the linked online offers and the compliance with data protection regulations by their providers.

Changes and updates to the privacy policy

We kindly ask you to inform yourself about the content of our privacy policy regularly. We will amend the privacy policy as soon as changes to our data processing activities make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Queries and Complaints 

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise by data protection law, you should notify us.