All-Inclusive

GDPR-Compliant Privacy Notice for All-Inclusive Processing

Information: This Model Notice is for businesses that use a combination of personal data processing activities, including analytics, e-commerce, social media integration, and email marketing. This policy is designed to be used in conjunction with a Consent Management Platform (CMP) - see our note at the end of this page.

Last Updated: September 28, 2025

1. Summary: Core Principles

We process your personal data for multiple purposes, including fulfilling your orders, providing customer support, and for various marketing and analytics activities. Our legal basis for processing your data depends on the context, but it includes the performance of a contract (for e-commerce) and your explicit consent (for marketing and media). We are committed to transparency and to protecting your data throughout all our activities.

2. Types of Personal Data We Collect

To provide our services, we collect and process the following categories of personal data:

• Identity and Contact Data: Your name, billing address, shipping address, email, and phone number.

• Transaction Data: Details about payments, orders, and services you've purchased.

• Website Usage Data: Information about how you use our site, including pages visited, time spent on site, and navigation paths.

• Device and Technical Data: Your IP address, browser type, operating system, and other identifiers from the device you use.

• Profile Data: Your username, password, order history, preferences, and feedback.

3. Purposes and Legal Basis for Processing

We process your personal data for the following specific purposes and based on the legal grounds outlined in the GDPR:

• Order Fulfillment and Customer Support: To process payments, ship products, and manage our customer relationship with you. The legal basis is the performance of a contract.

• Website Analytics: To analyze website traffic and improve our website's performance and user experience. The legal basis is your explicit consent.

• Targeted Advertising: To show you relevant ads and measure the effectiveness of our marketing campaigns on social media and other platforms. The legal basis is your explicit consent.

• Email Marketing: To send you newsletters, updates, and promotional content. The legal basis is your explicit consent.

• Legal and Regulatory Compliance: To comply with legal obligations for tax, accounting, and anti-fraud purposes. The legal basis is compliance with a legal obligation.

4. Recipients of Your Personal Data

We may share your personal data with various third parties who assist us in our operations. These include:

• Payment Processors (for secure payments).

• Shipping Partners (for order delivery).

• Analytics Providers (for website data).

• Advertising Platforms (for targeted ads).

• Email Service Providers (for marketing communications).

• Tax Authorities and other government bodies (for legal compliance).

If we transfer your data to a country outside of the EU/EEA, we will ensure that it is done using appropriate data protection safeguards, such as Standard Contractual Clauses (SCCs).

5. Cookies, Tracking, and Consent

Our website uses cookies and similar tracking technologies. These are managed via a Consent Management Platform (CMP) that allows you to easily give or withdraw your consent for non-essential cookies at any time.

When you interact with social media plugins or pixels, we act as joint data controllers with the social media provider. This means we share responsibility for the data collected. We encourage you to review their privacy policies for more information on how they process your data.

6. Your Rights

Under the GDPR, you have the right to:

• Access your personal data.

• Rectify inaccurate data.

• Erase your data (the "right to be forgotten").

• Restrict or object to processing.

• Withdraw your consent at any time, which you can do via our CMP or by unsubscribing from emails.

We do not use any automated decision-making, including profiling, that produces a legal or similarly significant effect on you. To exercise these rights, please contact us using the details below.

7. Changes and updates to this policy

This GDPR-compliant Model Privacy Policy Notice is regularly reviewed by Joon Han Legal, who monitors changes in Data Protection Laws. Only the latest version, which is currently applicable, is published on the SME Privacy website (www.smeprivacy.org).

8. Contact Information and Supervisory Authority

For any questions or concerns regarding this Notice or our data processing activities, you can contact us at the email address provided in our Data Protection Clause. You also have the right to lodge a complaint with a Data Protection Authority (https://www.edpb.europa.eu/about-edpb/about-edpb/members_en).

—

SME Privacy’s Recommended Data Protection Clause to be Embedded on your Website:

"Data Protection: we use an All-Inclusive Privacy Policy developed by SME Privacy. You can read it at https://www.smeprivacy.org/notice/all-inclusive. This policy, along with the details below, explains how we process your personal data.

Specifics of Processing: We collect and process your personal data for multiple purposes, including:

• E-commerce: For order fulfillment (billing, shipping, and customer support), with our legal basis being the fulfillment of a contract with you. We use [Payment Processor, e.g., Stripe] and [Shipping Partner, e.g., DHL]. We retain your data for [Retention Period, e.g., 7 years] for tax and accounting purposes.

• Marketing & Analytics: We use a Consent Management Platform (CMP) provided by [CMP Provider, e.g., UserCentrics, OneTrust]. We process data for analytics with [Analytics Provider, e.g., Google Analytics] and for advertising with [Advertising Provider, e.g., Facebook Pixel]. We are joint controllers with social media platforms like [Social Media Platform, e.g., Meta (Facebook)]. For email marketing, we use [Email Service Provider, e.g., MailChimp].

Controller: For all enquiries regarding your personal data, please contact [FULL NAME (sole proprietor) or COMPANY NAME (registered company)] at [EMAIL ADDRESS]."

Optional Clauses to be Included as Applicable:

• EU Representative: If you are based outside of the EU/EEA, please also mention the identity and contact details of the controller's EU Representative.

• Data Protection Officer: Where applicable, please also mention the identity and contact details of the controller's Data Protection Officer.

—

Note: A Word on Consent Management

For websites that use analytics, advertising, or social media plugins, having a privacy notice alone isn't enough. The GDPR requires you to prove you have a user's explicit consent before processing their data for these purposes. This is where a Consent Management Platform (CMP) comes in. A CMP is a tool that allows you to easily display a cookie banner, collect valid consent, and give users a simple way to change their mind at any time. We highly recommend implementing a reputable CMP to ensure you are fully compliant and to protect your business.