Privacy Policy 

 Contents

  1. Overview 2
  2. Who are we? 3
  3. What personal data do we process and when/how? 3
  4. On which legal basis and for which purposes do we process your personal data? 5
  5. What about Akulaku’s profiling activities? 7
  6. For how long will we process your personal data ? 7
  7. To whom do we send your personal data? 8
  8. Do we transfer your personal data to third countries? 8
  9. What are your rights and how can you exercise them? 9
  10. Updates to this Privacy Policy 11
  11. Questions and complaints – Contact information 11

1.  Overview

This privacy policy (the “Privacy Policy”) gives you an overview of how [Akulaku], as a data controller,([Akulalu], “we”, “us”, “our”) processes personal data in relating to the merchants using Akulaku’s e-commerce platform (the “Platform”) and/or Akulaku’s services (the “Service(s)”), as well as to the commercial suppliers of Akulaku (altogether our “Partners”). The purpose of this Privacy Policy is to inform you about our data processing activities and your data protection rights.

For the purpose of the relevant data protection legislation, the data controller responsible for your personal data is Akulaku (as further described in section 2 below).

You are welcome to contact us (see our contact information below) if you have any questions relating to our data protection activities that are not answered in this data protection declaration.

Our Platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third-parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our Platform or Service(s), we encourage you to read the privacy policy of every third-party website you visit.

We may also process your personal data using cookies. For a complete overview of our data processing, we recommend you to read also our Cookie Policy, which can be found here.

2.  Who are we? 

[Akulaku], with registered address [xxx], email: [xxx] and phone number [xxxx] [Akulaku] is a cross border e-commerce platform connecting consumers with the best goods and services suppliers across the world.

 

[Akulaku] also offers an own brand BNPL service, which facilitates customers’ purchase decision with payment solutions of Pay Later in 14 or 30 days and Pay in 3, among other regular payment options (altogether “payment solutions”).

3.  What personal data do we process and when/how?

Personal data means any information relating to an identified or identifiable natural person and therefore concerns all information about a (directly identified or identifiable) merchant (natural person) or a supplier (natural person) or if the merchant or supplier is a corporate body, a (directly identified or identifiable) representative of the merchant (“representative”) on the basis of which the identity of the latter can be derived.

3.1 If you are a merchant using our Platform or Service(s)

a) What personal data do we process?

We collect the following personal data from you when you sell your goods or provide your services through our Platform, and broadly use our Service(s):

b) When/how do we collect your personal data?

The personal data described in section 3.1 are directly collected from you by [Akulaku], in the following manner:

3.2 If you are one of our suppliers

a) What personal data do we process?

We collect the following personal data from you:

c) When/how do we collect your personal data?

The personal data described in section 3.2 are directly collected from you by [Akulaku] when you enter in a contractual relationship with us and when you update these information throughout the duration of the contract;

4.  On which legal basis and for which purposes do we process your personal data?

1.1 On which legal basis do we process your personal data?

We process your personal data only in accordance with the applicable data protection laws. We only process your personal data for the purposes specified in this Privacy Policy.

We will process your personal data on the basis of one of the following legal grounds:

Please note that, when processing your personal data on this basis, we always seek to maintain a balance between our legitimate interest and your privacy. In order to strike such balance, we do not process sensitive data. The data will remain strictly confidential. Such legitimate interests include fraud prevention, marketing, know your business (“KYB”). You can contact us for more information on how we strike a balance (see section 11 for our contact details).

4.1 For which purposes do we process your personal data?

We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose.

Accordingly, we process your personal data for one of the following purposes:

4.2 Overview of our processing activities

 

Purposes

(namely, what we are doing, why and when)

Categories of personal data used for this purpose

(See section 3 for more information on each category)

Legal basis for the processing under the GDPR
Fraud Prevention (on a continuous basis when you use our App/Website)

 

· identification information;

· contact information;

· delivery data;

 

The processing is based on [Akulaku]’s legitimate interest (to prevent any fraud in the use of our services, which also benefits our customers).

 

Marketing · contact information The processing is based on [Akulaku]’s legitimate interest. (our interest to inform you of our products and services).
Fulfilment of Service(s) · contact information;

· information about goods/services;

· information about your services;

· delivery data;

· payment data;

· accounting and payment data

The processing is necessary for the performance of the contract you concluded with us.

 

Improvement of our Service(s)

 

· any category of personal data (to the extend necessary for the purpose for which they are processed); The processing is based on [Akulaku]’s legitimate interest (being to improve our services).
Compliance with applicable rules · any category of personal data (to the extend necessary for the purpose for which they are processed); The processing is necessary for compliance with legal obligations to which [Akulaku] is subject.

5.  What about Akulaku’s profiling activities?

Profiling is an automated processing of personal data to assess certain personal matters, for example by analysing or predicting your behaviour and your personal preferences as a customer (e.g. shopping interests). The categories of personal data processed are further described under section 3.

When you are a merchant using our Platform or Service(s), we use profiling to provide you a better service, namely to provide:

You have the right to object to our profiling for marketing purposes at any time by contacting us (see our contact details in section 11). If you object to such processing, we will stop our profiling for marketing purposes. Please note that once you terminate your contract with us, we will also stop our profiling for marketing purposes.

Please contact us should you have any questions/remarks about how we proceed to our profiling (see our contact details in section 11).

6.  For how long will we process your personal data ? 

We only keep personal data in an identifiable format (i) for as long as is necessary for the purpose for which we are processing it (see more information on this in section 4.3), and duly restricted for as long as prescribed to comply with applicable laws and regulations (e.g. anti-money laundering laws, tax laws).

In particular, where we have a contractual relationship with you, we keep your personal data for as long as this contractual relationship lasts, and thereafter, duly restricted for as long as necessary for keeping legal evidence, protecting us against claims and safeguarding our legal rights. We may also keep the data for a longer period if required by law.

In any case, we will protect the confidentiality of your data, and where appropriate take steps to anonymise your personal data and any other information.

7.  To whom do we send your personal data?

[We may transfer data to third parties who process data in the context of performing or offering our Service(s) on our behalf (subcontractors which have integrated our services into their own platforms or applications and offer them to their customers or merchants with which we do not have a contractual relationship). Those actors act either as processors for us, or for the customers or merchants to which they offer their services. When acting as our processors, they are not authorized to use the data or disclose it in any way except as here above described or to comply with legal requirements. We contractually require these third parties to appropriately safeguard the privacy and security of personal data they process on our behalf. The processors accessing your personal data generally operate in the (please specify the main sectors of activity of the processors: i.e: information systems and technology sectors…).

We also may disclose data about you: (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials in accordance with their competences, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm, or (iv) in connection with an investigation of suspected or actual fraudulent or illegal activity, as obliged by applicable law. Moreover, we can reasonably share your personal data with third party service providers for the purpose of improvement of our Service(s) as set forth in section 4.2 above. We also reserve the right to transfer any personal data we have about you in the event we sell or transfer all or a portion of our business or assets affecting the App. Should such a sale or transfer occur, we will ensure that (i) you are informed of such event and (ii) personal information you have provided to us remains to be treated in a manner that is consistent with this Privacy Policy.]

If you want more information on the entities to whom we disclose, please contact [xxx]

8.  Do we transfer your personal data to third countries?

Akulaku may (i) enter into agreements with subcontractors located outside the European Economic Area whereby those have access to personal data or (ii) transfer personal data to entities, including Akulaku Group entities, located outside the European Economic Area (such as China and/or Indonesia).

The level of data protection in countries outside the European Economic Area may be less than the level of data protection offered within the European Economic Area and transfers outside the European Economic Area. Akulaku shall ensure that an adequate level of protection for such personal data is guaranteed by implementing one or more of the safeguards as set forth in Chapter V of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”)).

In case Akulaku cannot rely on an adequacy decision taken by the European Commission under Article 45 GDPR for a data transfer outside of the European Economic Area, Akulaku will enter into Standard Contractual Clauses (as approved by the European Commission) under Article 46.2 GDPR with the recipient of your personal data. In addition and where necessary, Akulaku may take supplementary measures in order to ensure compliance with the level of protection guaranteed within the European Economic Area.

For more info about these safeguards: Please consult our website [XXX] or contact our DPO (see contact details in section 11 below).

We are committed to processing your personal data within the European Economic Area (the “EEA”), but your personal data may be transferred outside the EEA in certain situations, including (without this list being limitative) within the [Akulaku Group] or to one of our merchants outside the EEA, with a supplier or processor established outside the EEA.

If you want more information on the entities, countries where your data is transferred, and safeguarding measures we take, please contact our DPO (see contact details in section 11. below).

9.  What are your rights and how can you exercise them?  

1.1 Data protection rights

In accordance with applicable regulations, you have the following rights:

d) Right to access

At any time, you have the right to access your personal data that we process, meaning that you have the right to obtain a copy of your personal data that is processed by us.

e) Right to rectification

You have the right to have inaccurate or incomplete personal data rectified, respectively completed (which may involve providing a supplementary statement to the incomplete data).

f) Your right to erasure

You may ask us to erase the personal data concerning you in the following circumstances:

However, we do not have to agree to delete all your personal data in those situations as prescribed by law where we are allowed or required to keep your personal data for a longer period of time.

g) Your right to restrict processing

If you have an issue with the content of the information we hold or with the way we have processed your personal data, you may limit the way we process your personal data.

You have the right to obtain restriction of processing by us in the following circumstances:

h) Your right to data portability

Where legally applicable, you have the right to have the personal data you have provided to us to be returned to you or, where technically feasible, transferred to a third party in a structured, commonly used and machine-readable format. Upon your request, we will provide you or the recipient designated by you in your written request, a copy of such personal data in a CSV or similar format.

i) Your right to object

You have the right to object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing. In some cases and depending on the legal basis of our processing of your data, your right to object may be limited.

j) Your right to withdraw your consent

Where the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time.

k) Your right not to be subject to a decision based solely on automated processing

You have the right to ask that we do not make our decision solely based on automated processes, including profiling. You can object to such an automated decision, and ask that a person reviews it unless such decision is authorised by applicable law to which we are subject.

9.1 How to exercise your data protection rights?

You may exercise all of your data protection rights as mentioned in this section 9 of this Privacy Policy in accordance with the applicable data protection laws and regulations, by sending us a request mentioning your first and last name, signature and, when necessary to verify your identity, a copy of your ID card / identification document (passport or other proof of identity) via the following contact details:

We do our best efforts to respond to your request within a reasonable timeframe.

Exercising any of your data protection rights as mentioned in this section 9 of this Privacy Policy is free of charge. However, we reserve the right to charge reasonable fees if your request if clearly unfounded, repetitive or excessive.

10.  Updates to this Privacy Policy

We reserve the right to amend or modify this Privacy Policy in accordance with the applicable laws. You will be informed of any material changes through our Platform, or through other regular means of communication. Your continued use of the App, Website or Service(s) after a modification of this Privacy Policy entails your acceptance of the modified Privacy Policy.

We will ensure that you are informed of the changes sufficiently in advance thereof, taking into account the potential impact of the change on you.

11.  Questions and complaints – Contact information

In case of any questions or complaints regarding this Privacy Policy or with regard to how we process your personal data, please contact us / our DPO using the following contact details:

In case you contact us by email or post, you are required to provide at least your first and last name, signature and a copy of your ID card / identification document, when necessary to identify you (passport or other proof of identity). Otherwise we won’t be able to identify you and, consequently, reply to your complaint.

If you feel like we have not addressed your questions or concerns adequately, you have the right to lodge a complaint at any time with the Belgian Data Protection Authority, which regulates and supervises the processing of personal data in Belgium, using the following contact details:

by writing to Rue de la Presse / Drukpersstraat 35, 1000 Brussels.

If you are not a Belgian resident, you have the right to lodge your compliant with your local Data Protection Authority. Please find below the list of contact details of competent Data Protection Authorities:

Spain (the Agencia Española de Protección de Datos (“AEPD”))

Germany (Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (“BfDI”))