Privacy
Privacy and Data Protection
Privacy Policy
The controller responsible for data processing is:
Mandy Geddert
Plönzeile 41
12459 Berlin
Germany
info@premium-haberdashery.de
We would like to thank you for your interest in our online shop. We place high value on protecting your privacy. In this Privacy Policy, we provide you with detailed information on how we handle your data.
1. Access data and hosting
You can visit our website without providing personal details. Every time a web page is accessed, the web server only automatically saves a so-called server log file, which contains data such as the name of the file requested, your IP address, the date and time on which the page was accessed, the data volume transmitted and the provider requesting access (data). This log file documents the visit to the page.
These access data are solely used to ensure the failure-free operation of the page and improve our website. In accordance with Article 6 paragraph 1 sentence 1 lit. f of the General Data Protection Regulation (GDPR), this serves to protect our legitimate interests in the correct presentation of our website, which override within the scope of a weighing of interests. All access data will be erased seven days after the end of your visit to the web page at the latest.
Third-party hosting services
When processing data on our behalf, a third-party provider provides us with website hosting and design services. All data that are collected within the scope of use of this website or in forms intended for this purpose in the online shop as described below are processed on the service provider’s servers. Processing on other servers only takes place within the scope explained in this Privacy Policy.
This service provider is based in a member state of the European Union or in other contractual states of the Agreement on the European Economic Area.
2. Collection and use of data for the implementation of contracts, establishing contact and opening customer accounts
We collect personal data when you provide it to us voluntarily within the scope of your order or when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such because it is essential that these data are provided for the implementation of contracts or to process your contact request. You will not be able to submit your order or contact request without providing these data. The specific data collected are specified in each form. We use the data provided by you to implement contracts and to process your enquiries in accordance with Article 6 paragraph 1 sentence 1 lit. b GDPR.
If you have granted your consent in accordance with Article 6 paragraph 1 sentence 1 lit. a GDPR by deciding to open a customer account, we will use your data to open your customer account.
Once the contract has been fully implemented or your customer account has been deleted, your data will be limited for further processing. They will be erased after the expiration of the periods of retention according to fiscal and business law unless you have given your express consent to the further use of your data or we have reserved the right to continue to use your data in a way that is legally permitted and about which we inform you in this Privacy Policy. The deletion of your customer account is possible at any time. It can be done either by sending a message via the contact details specified below or using the account deletion function in your customer account.
3. Data transfer
For the performance of your contract in accordance with Article 6 paragraph 1 sentence 1 lit. b GDPR, we transmit your data to the shipping company contracted to deliver the goods if this is required for the delivery of the goods ordered. Depending on the payment provider that you select in the order process, we transmit the payment data collected for the purpose of processing payments to the bank contracted to handle your payment and, where applicable, to the payment provider contracted by us or the selected payment service. In some cases, the selected payment providers also collect these data themselves if you create an account with them. In this case, you have to use your login details to log into your account with the payment provider during the order process. In this respect, the privacy policy of the payment provider in question applies.
The same applies accordingly to the transfer of data to our manufacturers or retailers in cases in which they handle the shipping of goods for us (drop shipping).
Data transfer to debt collection agencies
For the performance of your contract in accordance with Article 6 paragraph 1 sentence 1 lit. b GDPR, we transmit your data to a contracted debt collection agency if our payment demand has not been settled despite a prior payment reminder. In this case, the receivables will be collected directly by the debt collection agency. In accordance with Article 6 paragraph 1 sentence 1 lit f. GDPR, the data transfer additionally serves to protect our legitimate interests in the effective assertion or enforcement of our payment demand, which override within the scope of a weighing of interests.
4. E-mail newsletter
E-mail advertising with newsletter registration
If you sign up to receive our newsletter, we use the data required for this or provided by you separately to send you our e-mail newsletter on a regular basis based on your consent, in accordance with Article 6 paragraph 1 sentence 1 lit. a GDPR.
Unsubscribing from the newsletter is possible at any time and can be done either by sending a message via the contact details specified below or using the unsubscribe link provided in the newsletter. Once you have unsubscribed from the newsletter, we will delete your e-mail address from the list of recipients unless you have given your express consent to the further use of your data or we have reserved the right to continue to use your data in a way that is legally permitted and about which we inform you in this Privacy Policy.
5. Integration of the Trusted Shops Trustbadge
In order to display our Trusted Shops seal of approval and any reviews that may have been collected and to offer the Trusted Shops products for buyers after they have placed an order, the Trusted Shops Trustbadge is incorporated into this website.
In accordance with Article 6 paragraph 1 sentence 1 lit f. GDPR, this serves to protect our legitimate interests in achieving optimal marketing by facilitating a secure purchase, which override within the scope of a weighing of interests. The Trustbadge and the services advertised with it are a service provided by the company Trusted Shops GmbH, Subbelrather Strasse 15C, 50823 Cologne, Germany. The Trustbadge is provided by a content delivery network (CDN) provider within the scope of commissioned data processing. The company Trusted Shops GmbH also uses service providers from the USA. A suitable level of data protection is ensured. You can find more information on the data protection policy of the company Trusted Shops GmbH here.
When the Trustbadge is accessed, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time on which the page was accessed, the data volume transmitted and the provider requesting access (access data) and documents the visit to the page. Individual access data are stored in a secure database for the analysis of security anomalies. The log files are automatically deleted 90 days after creation at the latest.
Further personal data are transmitted to Trusted Shops GmbH if you decide to use Trusted Shops products after completing your order or have already registered for the use of these products. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data are automatically collected from your order details. A neutral parameter, the e-mail address hashed using a cryptographic one-way function, is used to automatically check whether you are already registered to use the products as a buyer. The e-mail address is converted into this hash value that cannot be decrypted by Trusted Shops before being transmitted. After the existence of a match has been checked, the parameter is automatically deleted.
This is required to meet both our and Trusted Shops’ overriding legitimate interests in providing the buyer protection and transactional review services connected to each concrete order in accordance with Article 6 paragraph 1 sentence 1 lit. f GDPR. Further details, including those on how to object to this procedure, can be found in the Privacy Policy above and in the Trusted Shops Privacy Policy linked in the Trustbadge.
6. Cookies and web analysis
In order to make visits to our website attractive, to enable the use of certain functions and to show you suitable products, as well as for market research, we use so-called cookies on different pages of our website. In accordance with Article 6 paragraph 1 sentence 1 lit f. GDPR, this serves to protect our legitimate interests in achieving optimised presentation of our website, which override within the scope of a weighing of interests. Cookies are small text files that are automatically stored on your device. Some of the cookies that we use are deleted at the end of your browser session, namely when you close your browser (so-called session cookies). Other cookies remain on your device and allow us to identify your browser the next time you visit our website (persistent cookies). You can find details on the duration of storage in the overview in your browser’s cookie settings. You can change your browser settings so that you are informed as soon as cookies are installed on your device and to decide whether to allow cookies in individual cases or to deactivate the acceptance of cookies in specific cases or in general. Each browser is different when it comes to the management of its cookie settings. This is described in each browser’s help menu, which explains to you how you can change your cookie settings. You can find these settings for each browser via the following links:
Internet Explorer™
Safari™
Chrome™
Firefox™
Opera™
Please note that the decision to reject cookies may mean that you are unable to use all of the functions of our website.
Use of Google (Universal) Analytics for web analysis
This website uses Google (Universal) Analytics for website analysis purposes. The web analysis service is a service provided by Google Ireland Limited, a company registered and operated in accordance with Irish law and based at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.com). In accordance with Article 6 paragraph 1 sentence 1 lit. f GDPR, the use of Google (Universal) Analytics serves to protect our legitimate interests in achieving optimised presentation of our website, which override within the scope of a weighing of interests. Google (Universal) Analytics uses methods that allow the analysis of how you use the website, for example cookies. The information automatically collected by the cookies about your use of this website is normally transmitted to and stored on a Google server in the USA. The activation of the anonymisation function for IP addresses on this website ensures that your IP address is abbreviated before being transmitted within member states of the European Union or in other contractual states of the Agreement on the European Economic Area. Full IP addresses are only transmitted to a Google server in the USA and abbreviated on this server in exceptional cases. The anonymised IP address transmitted from your browser within the scope of Google Analytics is generally not combined with other Google data. After the expiration of the purpose and the end of the use of Google Analytics by us, the data collected within this context will be erased.
If information is transmitted to and stored on a Google server in the USA, the American company Google LLC is certified under the EU-US-Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the European Commission has identified a suitable level of data protection for companies certified under the Privacy Shield.
You can prevent the collection of the data generated by the cookie with regard to your use of the website (including your IP address) for Google and the processing of these data by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser plug-in, you can click on this link to prevent the collection of data on this website by Google Analytics in the future. When you click on the link, an opt-out cookie will be stored on your device. If you delete your cookies, you will need to click on this link again.
7. Online marketing
Google reCAPTCHA
To protect against misuse of our online forms and prevent spam, we use the Google reCAPTCHA service in some of the forms available on this website. Google reCAPTCHA is a service provided by Google Ireland Limited, a company registered and operated in accordance with Irish law and based at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.com). By checking manual input, this service prevents automated software (so-called bots) from conducting abusive activity on the website. In accordance with Article 6 paragraph 1 sentence 1 lit. f GDPR, this serves to protect our legitimate interests in protecting our website again misuse and ensuring the uninterrupted presentation of our website, which override within the scope of a weighing of interests.
When carrying out its checks, Google reCAPTCHA uses methods that allow an analysis of your use of the website, for example cookies, by means of a code incorporated into the website, a so-called JavaScript. The information automatically collected about your use of this website, including your IP address, is normally transmitted to and stored on a Google server in the USA. In addition, other cookies stored in your browser by Google services are evaluated by Google reCAPTCHA.
No personal data from the input boxes of the form in question are read or stored.
If information is transmitted to and stored on a Google server in the USA, the American company Google LLC is certified under the EU-US-Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the European Commission has identified a suitable level of data protection for companies certified under the Privacy Shield.
You can prevent the collection of the data generated by the JavaScript or cookie with regard to your use of the website (including your IP address) for Google and the processing of these data by Google by disabling the execution of JavaScript and installation of cookies in your browser settings. Please note that doing so may mean that you are unable to use all of the functions of our website.
You can find more information on Google’s Privacy Policy here.
8. Social media
Use of social plug-ins from Facebook, Twitter, Instagram and Pinterest
Our website uses so-called social plug-ins (hereinafter referred to as “plug-ins”) from social networks.
When you visit a page of our website that contains such a plug-in, your browser will establish a direct connection with the servers of the social network concerned. The content of the plug-in will be transmitted from the respective provider directly to your browser and integrated into the page. This integration of the plug-ins informs the providers that your browser has visited the corresponding page of our website, even if you do not have a profile or are currently not logged in. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider (possibly in the USA), where it is stored. If you are logged into one of the services, the providers can directly associate your visit to our website with your profile on the respective social network. If you interact with the plug-ins, for example by clicking the “Like” or “Share” button, the corresponding information will also be transmitted directly to a server of the provider, where it will be stored. The information will also be published in the social network and displayed to your contacts. In accordance with Article 6 paragraph 1 sentence 1 lit f. GDPR, this serves to protect our legitimate interests in achieving optimal marketing of our website, which override within the scope of a weighing of interests.
YouTube video plug-ins
Third-party content is incorporated into this website. This content is provided by Google (the “provider”). YouTube is a service provided by Google Ireland Limited, a company registered and operated in accordance with Irish law and based at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.com).
For videos from YouTube that are integrated into our website, the extended data protection setting is activated. This means that YouTube does not collect or save any information on visitors to the website unless they play the video. In accordance with Article 6 paragraph 1 sentence 1 lit f. GDPR, the integration of the videos serves to protect our legitimate interests in achieving optimal marketing of our website, which override within the scope of a weighing of interests.
Vimeo plug-ins
Third-party content is incorporated into this website. This content is provided by Vimeo LLC (the “provider”). In accordance with Article 6 paragraph 1 sentence 1 lit f. GDPR, the integration of the videos serves to protect our legitimate interests in achieving optimal marketing of our website, which override within the scope of a weighing of interests. Vimeo is operated by the company Vimeo LLC, 555 West 18th Street, New York 10011, USA (“Vimeo”).
The tracking tool Google Analytics is automatically integrated into videos from Vimeo that are integrated into our website. We have no influence on and are unable to view the settings of the tracking tool and the analysis results that it collects. The embedding of Vimeo videos also results in the setting of web beacons for visitors to the website.
You can prevent the setting of Google Analytics tracking cookies by using the corresponding setting of your browser software. Please note, however, that doing so may prevent you from being able to use all functions of this website in their entirety. You can also prevent the collection of the data generated by the cookie with regard to your use of the website (including your IP address) for Google and the processing of these data by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser plug-in, you can click on this link to prevent the collection of data on this website by Google Analytics in the future. When you click on the link, an opt-out cookie will be stored on your device. If you delete your cookies, you will need to click on this link again.
You can find information on the purpose and scope of data collection, the further processing and use of these data by the providers on their websites; contact details; information on your rights concerning this issue and the settings that you can use to protect your privacy in the privacy policies of the individual providers:
https://www.facebook.com/policy.php
https://twitter.com/en/privacy
https://help.instagram.com/155833707900388
https://policy.pinterest.com/en/privacy-policy
https://policies.google.com/privacy?hl=en
If you do not want the social networks to associate the data collected via our website directly with your profile in their respective service, you must log out of your social network accounts before visiting our website. You can also fully prevent the plug-ins from being loaded by using add-ons for your browser, for example the script blocker “NoScript”.
9. Review reminders sent via e-mail
Review reminders from Trusted Shops
If you have granted us your express consent to do so in accordance with Article 6 paragraph 1 sentence 1 lit. a GDPR during or after your order, we will transmit your e-mail address to the company Trusted Shops GmbH, Subbelrather Strasse 15c, 50823 Cologne, Germany (www.trustedshops.co.uk), so that it can send you a review reminder via e-mail.
You can withdraw this consent at any time by sending a message to the contact address specified below or contacting Trusted Shops directly.
If you have granted us your express consent to do so in accordance with Article 6 paragraph 1 sentence 1 lit. a GDPR during or after your order, we will use your e-mail address to remind you to submit a review of your order via our chosen review system. You can withdraw this consent at any time by sending a message to the contact address specified below.
10. Contact options and your rights
As the data subject, you have the following rights:
- In accordance with and in the scope specified in Article 15 GDPR, the right to obtain information on the personal data concerning you that are processed by us
- In accordance with Article 16 GDPR, the right to obtain the rectification or completion of inaccurate personal data concerning you that we have stored without undue delay
- In accordance with Article 17 GDPR, the right to obtain the erasure of personal data concerning you that we have saved unless the further processing is required
- to exercise the right of free speech and information
- to comply with a legal obligation
- for reasons of public interest
- to assert, exercise or defend legal claims
- In accordance with Article 18 GDPR, the right to obtain restriction of processing of your personal data where one of the following applies:
- You contest the accuracy of the personal data
- The processing is unlawful but you oppose the erasure of the data
- We no longer need the data, but you require them for the assertion, exercise or defence of legal claims
- You have objected to the processing pursuant to Article 21 GDPR
- In accordance with Article 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to have these data transmitted to another controller
- In accordance with Article 77 GDPR, the right to lodge a complaint with the supervisory authority. You can normally contact the supervisory authority of your usual place of residence or place of work or our company headquarters to lodge a complaint.
If you have any questions concerning the collection, processing or use of your personal data; wish to obtain information on or the rectification, restriction or erasure of data or want to withdraw consent granted to or opposed to a specific use of data, please contact us directly via the contact data provided in our Legal Notice.
Right to object Once you have exercised your right to object, we will no longer process your personal data for these purposes unless we can provide evidence of compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing is required to assert, exercise or defend legal claims. This does not apply if the data are processed for direct marketing purposes. If this is the case, we will no longer process your personal data for this purpose. |