Responsible person
Lea Strunk/Studio Hertzberg
Friedrich-Wilhelm-Str. 11-12
16798 Fürstenberg/Havel
Germany
Authorized representatives: Lea Strunk
1. Access data and hosting
You can visit our websites without providing any personal information. Every time a website is accessed, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of retrieval, amount of data transferred and the requesting provider (access data) and documents the retrieval.
This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our offering. In accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR, this serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in a correct presentation of our offer. All access data will be deleted no later than seven days after the end of your visit to the site.
Hosting services provided by a third party
As part of processing on our behalf, a third-party provider provides us with the services of hosting and displaying the website. This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in a correct presentation of our offer. All data collected as part of the use of this website or in the forms provided in the online shop as described below are processed on its servers. Processing on other servers only takes place within the framework explained here.
This service provider is located within a country of the European Union or the European Economic Area.
2. Data collection and use for contract processing and when opening a customer account
We collect personal data if you voluntarily provide it to us as part of your order, when contacting us (e.g. via contact form or email) or when opening a customer account. Required fields are marked as such because in these cases we absolutely need the data to process the contract or to process your contact or open a customer account and without this information you will not be able to complete the order and/or open the account or send the contact message . Which data is collected can be seen from the respective input forms. We use the data you provide in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR to process the contract and process your inquiries. After the contract has been fully processed or your customer account has been deleted, your data will be restricted for further processing and deleted after the tax and commercial law retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this is permitted by law and about which we inform you in this statement. Your customer account can be deleted at any time and can be done either by sending a message to the contact option described below or using a function provided for this purpose in the customer account.
3. Data sharing
In order to fulfill the contract in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR, we pass on your data to the shipping company commissioned with the delivery, to the extent that this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution responsible for the payment and, if applicable, the payment service provider commissioned by us, or to the selected payment service, in order to process payments. In some cases, the selected payment service providers also collect this data themselves if you create an account there. In this case, you must log in to the payment service provider with your access data during the ordering process. The data protection declaration of the respective payment service provider applies.
We use payment service providers that are based in a country outside the European Union. Personal data will only be transmitted to this company if necessary to fulfill the contract.
4. Email newsletter
Email advertising with registration for the newsletter
If you register for our newsletter, we will use the data required for this or provided separately by you to regularly send you our email newsletter based on your consent in accordance with Art. 49 Paragraph 1 Sentence 1 Letter a GDPR.
You can unsubscribe from the newsletter at any time and can do so either by sending a message to the contact option described below or via a link provided in the newsletter. After you unsubscribe, we will delete your email address unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration. The revocation of your consent is effective for the future and does not affect the lawfulness of the processing carried out based on the consent before its revocation.
The newsletter is processed on our behalf by a service provider (Mailchimp – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; website: https://mailchimp.com; data protection declaration: https://mailchimp.com/legal/privacy/) to whom we pass on your email address.
This service provider is based in the USA. There is no EU adequacy decision for data transfers to the USA. This means that data transmitted to these providers is not protected according to the usual data protection level of the GDPR. The provider is subject to US law and may therefore be obliged to release data to secret services if the relevant legal requirements are met. The main risks for those affected are the difficulty in enforcing the law, the lack of control over further processing or transfer of data and the access by government authorities described above.
5. Use of data in payment processing
Identity and creditworthiness check when selecting Klarna payment services
On our website we offer, among other things, payment via Stripe and the associated payment methods. The provider of these payment services is Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2.
If you choose to pay via Stripe, the payment details you enter will be transmitted to Stripe. Your data will be transmitted to Stripe on the basis of Article 6 (1) (a) GDPR (consent) and Article 6 (1) (b ) GDPR (processing to fulfill a contract). The purpose of transmitting the data is to process payments and prevent fraud. The personal data exchanged between Stripe and the data controller may be transmitted by Stripe to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. Stripe may pass on the personal data to affiliated companies and service providers or subcontractors to the extent that this is necessary to fulfill the contractual obligations or the data is to be processed on behalf of.
You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations. All data required for payment processing is used exclusively for making payments and is transmitted via the “SSL” procedure. Stripe is PCI DSS certified.
Stripe’s applicable data protection regulations can be found at https://stripe.com/de/privacy .
Credit check and scoring when selecting BillSAFE (PayPal purchase on account)
If you choose the payment method “purchase on account” from the PayPal service “BillSAFE” (www.billsafe.de), you will be asked during the ordering process to send PayPal the data required to process the payment and an identity and creditworthiness check in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR. If you give your consent, this data will be transmitted to PayPal. For the purpose of checking your identity and creditworthiness, PayPal or partner companies commissioned by PayPal transmit data to credit reporting agencies and receive information from them as well as, if necessary, creditworthiness information based on mathematical and statistical methods, the calculation of which includes, among other things, address data. Detailed information on this and the credit agencies used can be found in PayPal's data protection information.
Paypal uses the information received about the statistical probability of a payment default to make a balanced decision about the establishment, implementation or termination of the contractual relationship.
You can revoke your consent to PayPal at any time. However, PayPal may continue to be entitled to process, use and transfer your personal data if this is necessary for contractual payment processing or is required by law or is ordered by a court or authority. The revocation of your consent is effective for the future and does not affect the lawfulness of the processing carried out based on the consent before its revocation.
6. Cookies and web analytics
In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in an optimized presentation of our offer in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The use of all other cookies and technologies, especially from third-party providers, requires your explicit consent within the meaning of Article 6 Paragraph 1 Letter a GDPR or Article 49 Paragraph 1 Sentence 1 Letter a GDPR. Some of the services listed in the provider overview (in particular Google Analytics) transmit data to the USA. If this is the case, the transmission is carried out exclusively on the basis of your consent in accordance with Article 49 Paragraph 1 Letter a GDPR. You give your consent by making the appropriate selection in the above-mentioned setting options that are displayed to you when you access our pages.
Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser the next time you visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of your web browser. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari™: https://support.apple.com/kb/ph21411?locale=de_DE
Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Firefox™ https://support.mozilla.org/de/kb/cookies-allow-und-reject
Opera™: http://help.opera.com/Windows/10.20/de/cookies.html
If you do not accept cookies, the functionality of our website may be restricted.
If you have given your consent in accordance with Article 49 Paragraph 1 Sentence 1 Letter a GDPR, this website also uses the so-called DoubleClick cookie for advertising purposes as part of the application of Google Analytics (see below), which recognizes your browser when visiting other websites. The information automatically generated by the cookie about your visit to this website is transmitted to a Google server in the USA and stored there. The IP address is shortened by activating IP anonymization on this website before transmission within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.
Google will use this information to compile reports on website activity and to provide other services related to website activity. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Once we no longer use Google DoubleClick, the data collected in this context will be deleted.
Google Double Click is an offer from Google LLC. (www.google.de).
Google LLC is headquartered in the USA. There is no EU adequacy decision for data transfers to the USA. This means that data transmitted to these providers is not protected according to the usual data protection level of the GDPR. The provider is subject to US law and may therefore be obliged to release data to secret services if the relevant legal requirements are met. The main risks for those affected are the difficulty in enforcing the law, the lack of control over further processing or transfer of data and the access by government authorities described above.
You can revoke your consent at any time with future effect by deactivating the DoubleClick cookie via this link. You can also find out more about the setting of cookies and make settings from the Digital Advertising Alliance. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be restricted. The revocation of your consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.
Use of Google (Universal) Analytics for web analysis
If you have given your consent in accordance with Article 49 Paragraph 1 Sentence 1 Letter a GDPR, this website uses Google (Universal) Analytics, a web analysis service provided by Google LLC (www.google.de), for the purpose of website analysis. Google (Universal) Analytics uses methods that enable analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, the IP address is shortened before transmission within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics is generally not combined with other Google data. Once we no longer use Google Analytics, the data collected in this context will be deleted.
Google LLC is headquartered in the USA. There is no EU adequacy decision for data transfers to the USA. This means that data transmitted to these providers is not protected according to the usual data protection level of the GDPR. The provider is subject to US law and may therefore be obliged to release data to secret services if the relevant legal requirements are met. The main risks for those affected are the difficulty in enforcing the law, the lack of control over further processing or transfer of data and the access by government authorities described above.
You can revoke your consent at any time with future effect by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. This prevents the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google. The revocation of your consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.
As an alternative to the browser plug-in, you can click this link to prevent Google Analytics from recording data on this website in the future. An opt-out cookie is stored on your device. If you delete your cookies, you will be asked to give your consent again.
7. Social media plug-ins
Use of social plugins from Facebook, Google, Twitter, Instagram, Pinterest, Xing using the “2-click solution”
So-called social plugins (“plugins”) from social networks are used on our website. In order to increase the protection of your data when you visit our website, the plugins are integrated into the page using a so-called “2-click solution”. This integration ensures that when you access a page on our website that contains such plugins, no connection is established to the servers of the respective social network. Only when you activate the plugins will your browser establish a direct connection to the servers of the respective social network. If you have given your consent in accordance with Article 49 Paragraph 1 Sentence 1 Letter a GDPR, data processing will take place in the USA. The respective service providers are headquartered in the USA. There is no EU adequacy decision for data transfers to the USA. This means that data transmitted to these providers is not protected according to the usual data protection level of the GDPR. The provider is subject to US law and may therefore be obliged to release data to secret services if the relevant legal requirements are met. The main risks for those affected are the difficulty in enforcing the law, the lack of control over further processing or transfer of data and the access by government authorities described above.
The content of the respective plugin is then transmitted directly to your browser by the associated provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the relevant page on our website, even if you do not have a profile with the relevant provider or are not currently logged in. This information (including your IP address) is transmitted from your browser directly to a server of the respective provider (possibly in the USA) and stored there. If you interact with the plugins, for example by clicking the “Like” or “Share” button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published on the social network and displayed there to your contacts. This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.
The purpose and scope of data collection and the further processing and use of the data by the providers as well as contact options and your related rights and setting options to protect your privacy can be found in the providers' data protection information:
http://www.facebook.com/policy.php
http://www.google.com/intl/de/+/policy/+1button.html
https://help.instagram.com/155833707900388
https://about.pinterest.com/de/privacy-policy
Youtube video plugins
Third-party content is integrated into this website. This content is provided by Google LLC (“Provider”).
YouTube is operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
The extended data protection setting is activated for videos from YouTube that are embedded on our site. This means that no information from website visitors is collected and stored on YouTube unless they play the video. The integration of the videos serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.
The purpose and scope of data collection and the further processing and use of the data by the providers as well as your related rights and setting options to protect your privacy can be found in Google's data protection information http://www.google.com/intl/de/+/policy /+1button.html
8. Contact options and your rights
As a data subject, you have the following rights:
- in accordance with Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
- in accordance with Art. 16 GDPR, you have the right to immediately request the correction of incorrect or complete personal data stored by us;
- In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless further processing is required
– to exercise the right to freedom of expression and information;
– to fulfill a legal obligation;
– for reasons of public interest or
– to assert, exercise or defend legal claims
is required; - in accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, to the extent that
– you dispute the accuracy of the data;
– the processing is unlawful but you refuse its deletion;
– we no longer need the data, but you need it to assert, exercise or defend legal claims or
– you have objected to the processing in accordance with Art. 21 GDPR; - in accordance with Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible;
- in accordance with Art. 77 GDPR you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.
If you have any questions about the collection, processing or use of your personal data, information, correction, blocking or deletion of data as well as revocation of consent given or objection to a specific use of data, please contact us directly using the contact details in our legal notice.
**************************************************** *****************
Right to object
To the extent that we process personal data as explained above to protect our legitimate interests, which predominate in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If processing is carried out for other purposes, you only have the right to object if there are reasons that arise from your particular situation.
After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is necessary for the establishment, exercise or defense of serves legal claims.
This does not apply if the processing is carried out for direct marketing purposes. We will then no longer process your personal data for this purpose. **************************************************** *****************