The following provides you with an overview of the type of data collected and how it is used and passed on, the security measures WRPSA takes to protect your data and how you can exercise your rights.
The responsible entity according to Art. 24 GDPR is:
World Rock Paper Scissors Association
100 Metcalfe Street, Suite 200 Ottawa,
Ontario, Canada, K1P 5M1
You may contact us via our Contact Form. if you:
- have any questions about this Policy Statement,
- wish to file a complaint about a possible violation of data protection laws,
- have any requests related to your rights, and
- wish to access, correct incomplete, inaccurate or outdated data.
Please note that deletion of information essential to WRPSA’s account management and services may result in termination of your registration and consequent cancellation of services provided to you.
We will make every effort to respond to your requests in the shortest possible time, and always in strict compliance with applicable law. In some cases, requests for deletion may not be honored immediately, due to a legal obligation.
First of all, we would like to inform you about your rights as a data subject. These rights are standardized in Art. 15 – 22 GDPR. This includes:
- The right to information (Art. 15 GDPR),
- The right to erasure (Art. 17 GDPR),
- The right to rectification (Art. 16 GDPR),
- The right to data portability (Art. 20 GDPR),
- The right to restriction of data processing (Art. 18 GDPR),
- The right to object to data processing (Art. 21 GDPR).
To assert these rights, please contact us. The same applies if you have questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.
Legal Bases for Processing
The processing of your personal data may be based on the following legal grounds:
- 6 (1) lit. a GDPR serves as our legal basis for processing operations where we obtain your consent for a specific processing purpose.
- 6 (1) lit. b GDPR, insofar as the processing of personal data is necessary for the performance of a contract, e.g., if you purchase a product. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in the case of enquiries about our products or services.
- 6 (1) lit. c GDPR, insofar as we are subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations.
- 6 (1) lit. d GDPR in the event that vital interests of you or another natural person require the processing of personal data.
- 6 (1) lit. f GDPR applies on the basis of our legitimate interests, e.g., when using service providers as part of order processing, such as shipping service providers or when carrying out statistical surveys and analyses and logging registration procedures. Our interest is directed towards the use of a user-friendly, appealing, and secure presentation as well as optimization of our website, which serves our business interests as well as meeting your expectations.
Duration of Storage and Routine Deletion of Personal Data
We process and store your personal data only for the period of time required to fulfil the purpose of storage or if this has been provided for, in laws or regulations. After the purpose has ceased to exist or has been fulfilled, your personal data will be deleted or blocked.
In the case of blocking, deletion will take place as soon as legal, statutory, or contractual retention periods do not conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.
If you visit our website for information purposes only, without providing personal data via registration or in any other way, only the Internet connection data that your browser transmits to our server will be processed. Our website collects a series of general data and information with each call, which is temporarily stored in log files of a server. A log file is created in the course of an automatic protocol of the processing computer system. The following can be recorded:
- Access to the website (date, time and frequency)
- How you arrived at the website (previous page, hyperlink etc.)
- Amount of data sent
- Which browser and browser version you are using
- The operating system you are using
- Which internet service provider you use
- Your IP address, which your Internet access provider assigns to your computer when you connect to the Internet
The legal basis for this data processing is Article 6 (1) sentence 1 lit. b of the GDPR, as the collection and storage of this data is necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly.
In addition, the data serve us to optimize our website and to ensure the security of our IT systems and the processing is based in this respect on Art. 6 (1) lit. f GDPR. For this reason, the data is stored for a maximum of 7 days as a technical precaution.
We also use this data for the purposes of advertising, market research and to design our services to meet your needs by creating and evaluating user profiles under pseudonyms, but only if you have not exercised your right to object to this use of your data (see information on the right to object under “Your rights”).
In order to establish or implement the contractual relationship with our customers, it is regularly necessary to process the personal master, contract and payment data provided to us. The legal basis for this processing is Art. 6 (1) b) GDPR. We also process customer and prospect data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 (1) lit. f GDPR and serves our interest in further developing our offer and informing you specifically about WRPSA offers. Further data processing may take place if you have consented (Art. 6 para. 1 letter a) GDPR) or if this serves the fulfilment of a legal obligation (Art. 6 para. 1 letter c) GDPR).
Exercising our rights
Based on Art. 6 para. 1 lit. c and f GDPR, we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behavior on our website, e.g., to maintain data security in the event of attacks on our IT systems. This also takes place insofar as we are legally obliged to do so, for example due to official or court orders, and for the exercise of our rights and claims as well as for legal defense.
Enquiries by e-mail
When contacting us via the provided e-mail address, the personal data transmitted with the e-mail will be stored. This data is processed exclusively for the purpose of answering the enquiry. The legal basis for the processing is Art. 6 (1) lit. f.) GDPR or Art. 6 (1) lit. b) GDPR if the enquiry is aimed at concluding a contract. The data will be deleted when the purpose of the processing no longer applies, e.g., the enquiry has been conclusively answered. You can object to the processing of your personal data at any time by contacting us.
Use of customer data for direct marketing purposes
If you have provided us with your e-mail address when using our Services, we reserve the right to regularly send you e-mail offers for similar goods or services. We do not need to obtain your separate consent for this. In this respect, the data processing is carried out solely on the basis of our legitimate interest Art. 6 (1) lit. f.) GDPR in personalized direct advertising. If you have initially objected to the use of your e-mail address for this purpose, we will not send you any e-mails.
You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible person named at the beginning. After receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the marketing.
Insofar as you have given your consent to this in accordance with Art. 6 (1) lit. f.) GDPR, we use the following cookies and other technologies from third-party providers on our web site. After the end of the purpose and the end of the use of the respective technology by us, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future.
Disclosure of personal data to third parties
Your personal data will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of data protection law.
- a) Disclosure within affiliated companies pursuant to Art. 6 Para. 1 lit. b GDPR
We pass on your personal data for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact a store or our customer hotline with questions, complaints or returns as well as other complaints, they will also receive access to your order data in order to be able to process your request.
- b) Disclosure to service providers according to Art. 6 para. 1 lit. b and f GDPR
For the operation and optimization of our website and our services and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the payment and delivery of products or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).
Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.
In contrast to order processing, in the following cases we transmit data to third parties for their own use in order to process the contract. In the case of payment for goods to the payment service provider specified when the order was placed.
We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to our payment service provider. The transmission of your personal information during an order transaction is encrypted using industry standard Secure Socket Layer (“SSL”) technology, (SSL encryption version 3). Any credit card information you provide will not be stored by us but will be encrypted and collected directly.
- c) Disclosure to other third parties pursuant to Art. 6 para. 1 lit. c and f GDPR
We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.
Data transfer to third countries
As a service provider based outside the EU, we take additional measures to ensure an adequate level of data protection for the transfer of personal data in accordance with Art. 44 of the GDPR and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g. by concluding EU standard contracts and additional guarantees, supplementary technical and organizational measures such as encryption or anonymization).For further information on processing please refer to our processing terms.
General technical organizational measures
WRPSA has taken a variety of security measures to protect personal information to an appropriate extent and adequately. All information held by WRPSA is protected by physical, technical, and procedural measures that limit access to the information to specifically authorised persons in accordance with this Policy Statement.
The WRPSA website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.
The transmission of your personal information during an order transaction in the online shop is encrypted using industry standard Secure Socket Layer (“SSL”) technology, (SSL encryption version 3).
Analysis and targeting tools
On our website, we use various services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
You can find more information about Google services at https://www.google.com/privacy/ads/.
Our web site uses Google Analytics to design and improve the web site according to your needs. Google Analytics uses so-called cookies, which are stored on your terminal device, and which enable an analysis of your use of the website. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. We use the extension of IP anonymization (so-called IP masking) on this website, i.e., your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The legal basis for the data processing is Art. 6 para. 1 lit. f) GDPR.
Google’s services also include reports on the effectiveness of our advertising measures (including across devices), on the demographics and interests of our users, as well as functions for the cross-device delivery of online advertising if you are the owner of a Google account and have consented to the personalization of advertising (“Ads Personalization”). In this case, the legal basis for data processing is your consent to Google (Art. 6 para. 1 lit. a) GDPR).
You can object to the collection or analysis of your data by Google Analytics by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
The data sent by us and linked to cookies, user IDs (e.g., user ID) or advertising IDs are automatically deleted after 14 months.
Google remarketing function
Google’s remarketing function enables us to present our users with advertisements based on their interests on other websites within the Google Ads network (so-called “Google Ads” or ads on other websites). For this purpose, the interaction of users on our website is analyzed in order to be able to display targeted advertising to users on other sites even after they have visited our website. For this purpose, Google stores a number in the browsers of users who visit certain Google services or websites in the Google display network. This number, known as a “cookie”, is used to record the visits of these users. This number is used to uniquely identify a web browser on a specific computer and not to identify a person; personal data is not stored.
The legal basis for the data processing is Art. 6 para. 1 lit. f) GDPR.
Google Conversion Tracking
We also use Google’s conversion tracking in this context. When you click on an ad placed by Google, a conversion tracking cookie valid for 30 days is stored on your terminal device. This cookie is not used for personal identification. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers.
The legal basis for this data processing is Art. 6 (1) f GDPR.
You can deactivate interest-based Google Ads on Google in your browser by activating the “Off” button at https://adssettings.google.com/authenticated or by deactivating it at http://www.aboutads.info/choices/.
Other services of the Google Marketing Platform
Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Google can use cookie IDs to record so-called conversions, i.e., whether a user sees an ad and later visits the advertiser’s website and makes a purchase there. According to Google, these cookies do not contain any personal information.
Your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this service. According to Google, the integration of these services provides Google with the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is still possible for the provider to obtain and store your IP address.
In addition, cookies enable us to understand whether you perform certain actions on our website after you have called up one of our ads on Google or on another platform or clicked on it (conversion tracking) (“floodlight”). Google uses this cookie to understand the content you have interacted with on our websites in order to send you targeted advertising later.
You can prevent the tracking process by making the appropriate setting in your browser software (e.g., third-party cookies deactivated), deactivating cookies for conversion tracking by blocking cookies from the domain www.googleadservices.com in your browser settings, with regard to interest-based ads from providers that are part of the self-regulation campaign “About Ads” via the link http://www.aboutads.info/choices or at the link http://www.google.com/settings/ads/. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR.
On our website, we use Google Maps to display our location and to create directions. Google guarantees that the data protection requirements of the EU are also complied with when processing data in the USA. To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when you access our website.
If you call up the Google Maps component integrated into our website, Google stores a cookie on your terminal device via your Internet browser. In order to display our location and provide directions, your user settings and data are processed. Here, we cannot exclude that Google uses servers in the USA.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.
Through the connection to Google established in this way, Google can determine from which website your request was sent and to which IP address the directions are to be transmitted.
If you do not agree to this processing, you have the option to prevent the installation of cookies by making the appropriate settings in your internet browser.
In our website we use Jetpack. This is a web analytics service provided by Automattic Inc, 132 Hawthorne Street, San Francisco, CA 94107, USA, hereinafter referred to as “Automattic”. Automattic guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.
The Jetpack – WordPress Stats service is used to analyze the usage behavior of our website. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our website. To analyze usage behavior, Jetpack stores cookies on your end device via your internet browser.
During processing, your IP address, the website(s) of our internet presence that you visit, the website from which you accessed our internet presence (referrer URL), the time you spend on our internet presence and the frequency with which you access one of our websites are recorded. The data collected in the process is stored on an Automattic server in the USA. However, your IP address is anonymized immediately after processing and before it is stored.
This Policy Statement and our commitment to protecting the privacy of your personal data can result in changes to this Policy Statement. Please regularly review this policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this Policy Statement should be directed to us. If you believe that we have not complied with this Policy Statement or acted otherwise than in accordance with data protection law, then you should notify us.