Privacy policy

Effective Date: 01.07.23

At LocalHeroBox GmbH ("LocalHeroBox"), we are committed to protecting the privacy and personal data of individuals who use the Brand Shop operated on behalf of SD Worx ("Customer"). This Privacy Policy explains how we collect, use, disclose, and protect personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller and Data Processor: LocalHeroBox acts as the Data Processor and processes personal data on behalf of the Customer, who acts as the Data Controller. Any personal data collected or processed in the Brand Shop is done so in accordance with the instructions provided by the Customer.
Types of Personal Data Collected: In the course of using the Brand Shop, we may collect the following types of personal data:

Name
Contact details (e.g., email address, phone number, shipping address)
Order details (e.g., products purchased, order history)
Communication history (e.g., customer inquiries, support tickets)

Purpose of Data Collection and Use: We collect and use personal data for the following purposes:

Processing and fulfilling orders placed in the Brand Shop
Managing customer accounts and providing customer support
Communicating with customers regarding their orders and inquiries
Delivering products and arranging shipments through third-party shipping providers
Analyzing and improving the performance and usability of the Brand Shop
Complying with legal obligations and protecting our rights and interests

Lawful Basis for Processing: The lawful basis for processing personal data in the Brand Shop is the necessity for the performance of a contract (i.e., order fulfillment) between the Customer and the data subject (i.e., the customer placing an order). Additionally, we may process personal data based on legitimate interests pursued by LocalHeroBox, such as improving our services and ensuring the security of the Brand Shop.
Data Sharing and Disclosure: We may share personal data with third-party service providers, including shipping providers (e.g., DHL, TNT, GLS, UPS, Hermes), solely for the purpose of order fulfillment and delivery. These service providers are also required to comply with applicable data protection laws and safeguard personal data.
Data Transfer Outside the EU/EEA: As part of order fulfillment, personal data may be transferred to third-party service providers located outside the European Union/European Economic Area (EU/EEA). In such cases, we ensure appropriate safeguards are in place to protect the transferred data, such as using standard contractual clauses or relying on the service provider's Privacy Shield certification (if applicable).
Data Security: We implement appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or alteration. This includes regular security assessments, encryption of sensitive data, access controls, and staff training on data protection practices.
Data Retention: We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, as required by law, or as agreed upon with the Customer. After the retention period expires, we securely delete or anonymize the personal data.
Data Subject Rights: Data subjects have certain rights regarding their personal data, including the right to access, rectify, erase, restrict processing, object to processing, and data portability. Data subjects may exercise these rights by contacting the Customer directly.
Updates to the Privacy Policy: We may update this Privacy Policy from time to time to reflect changes in applicable laws or our data processing practices. Any substantial changes will be communicated to the Customer.

If you have any questions or concerns about our data processing practices or this Privacy Policy, please contact us using the provided contact information.

Please note that this Privacy Policy is specific to the Brand Shop operated by LocalHeroBox GmbH on behalf of SD Worx.