Privacy Policy
We take the protection of your personal data seriously. This Privacy Policy explains what data we collect, how we use it, and what rights you have as a user of the Haptic Trading website.
Controller / Responsible Party
The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws is:
Company: HAPTIC TRADING LIMITED
Registration No.: 79848815
Address: RM03, 24/F, HO KING COMM CTR,
2-16 FAYUEN ST, MONG KOK,
HONG KONG
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Collection on Our Website
When you visit our website without registering or otherwise providing us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following technically necessary data:
- The page visited on our website
- Date and time of access
- Amount of data transmitted in bytes
- Source / referrer from which you reached the page
- Browser used
- Operating system used
- IP address used (where applicable: in anonymized form)
Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used for any other purpose. We reserve the right to review server log files retrospectively if there are concrete indications of unlawful use.
Hosting (IONOS)
Our website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
IONOS provides technical hosting and website delivery on the basis of data processing pursuant to Art. 28 GDPR. We have concluded a data processing agreement with IONOS to ensure that personal data is processed exclusively in accordance with our instructions and in compliance with European data protection standards.
All data collected through the use of our website (e.g. IP address, access data, contact requests, order data) is processed on IONOS servers located in Germany. Processing on other servers only takes place within the scope of this Privacy Policy.
Further information: ionos.de/terms-gtc/datenschutzerklaerung
E-Commerce & Orders (WooCommerce)
We use the plugin WooCommerce, a service of Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, to manage and process orders in our online shop.
WooCommerce processes personal data (e.g. name, address, contact details, order details) to the extent necessary for the fulfilment of contracts and order processing. The legal basis is Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in smooth online shop operations).
Further information: automattic.com/privacy
Payment Providers
To process payments securely, we offer the following payment services:
Stripe
If you select “Stripe” as your payment method, your payment data will be transmitted to Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Stripe processes personal data such as name, email address, billing address, credit card information, transaction amount, and date. Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in secure payment processing).
Further information: stripe.com/privacy
PayPal
If you pay via “PayPal”, your data will be transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.
PayPal processes personal data required for payment processing (name, address, email address, payment information). The legal basis is Art. 6(1)(b) GDPR.
Further information: paypal.com – Privacy Policy
Data Security
We have concluded data processing agreements pursuant to Art. 28 GDPR with all service providers used (IONOS, Automattic/WooCommerce, Stripe, PayPal). This ensures that your personal data is processed only within the framework of statutory requirements.
Your Rights
Applicable data protection law grants you comprehensive rights as a data subject with regard to the processing of your personal data. These include:
- Right of access (Art. 15 GDPR): You have the right to obtain information about your personal data processed by us, including the purposes of processing, categories of data, recipients, planned storage duration, and more.
- Right to rectification (Art. 16 GDPR): You have the right to immediate correction of inaccurate data and/or completion of incomplete data stored by us.
- Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data, provided the conditions of Art. 17(1) GDPR are met.
- Right to restriction of processing (Art. 18 GDPR): You have the right to request restriction of processing of your personal data under certain circumstances.
- Right to notification (Art. 19 GDPR): If you have exercised your right to rectification, erasure, or restriction, we are obliged to notify all recipients of your data accordingly.
- Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw any consent to data processing at any time with future effect.
- Right to lodge a complaint (Art. 77 GDPR): If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority — in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.
Right to Object
WHERE WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A LEGITIMATE INTEREST (ART. 6(1)(F) GDPR), YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME, WITH FUTURE EFFECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME. IF YOU EXERCISE THIS RIGHT, WE WILL IMMEDIATELY CEASE PROCESSING YOUR DATA FOR SUCH PURPOSES.
Data Retention
The duration of storage of personal data is determined by the applicable legal basis, the purpose of processing, and — where relevant — the applicable statutory retention periods (e.g. commercial and tax retention obligations).
- Personal data processed on the basis of explicit consent (Art. 6(1)(a) GDPR) will be stored until the data subject withdraws their consent.
- Data processed for contractual purposes (Art. 6(1)(b) GDPR) will be deleted upon expiry of the statutory retention periods, provided it is no longer required for contract fulfilment.
- Data processed on the basis of a legitimate interest (Art. 6(1)(f) GDPR) will be stored until the data subject exercises their right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds that override the interests of the data subject.
- Data processed for direct marketing purposes will be retained until the data subject exercises their right to object under Art. 21(2) GDPR.
Unless otherwise stated in this Privacy Policy, stored personal data will be deleted once it is no longer necessary for the purposes for which it was collected or otherwise processed.