1) Information on the collection of personal data and contact details of the person responsible.
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.
1.2 The controller of data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Michelle Mohr, Michelle Mohr – Textildesign aus Schafwolle, Gohlau 10, 29496 Waddeweitz, Germany, Tel: 017620034742, e-mail: firstname.lastname@example.org. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses an SSL or SSL protocol. TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.
2) Data collection when visiting our website
During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect such data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
– Our visited website
– Date and time at the time of access
– Amount of data sent in bytes
– Source/reference from which you reached the page
– Browser used
– Operating system used
– IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
If personal data are also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the execution of the contract, according to Art. 6 para. 1 lit. a DSGVO in the case of granted consent or pursuant to Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
When contacting us (e.g. via contact form or e-mail), personal data is processed – exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose. The legal basis for the processing of this data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR. If your contact is aimed at a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted when it is clear from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal obligations to retain the data.
5) Use of customer data for direct marketing purposes
5.1 Subscription to our e-mail newsletter
If you subscribe to our e-mail newsletter, we will send you regular information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. For the newsletter dispatch, we use the so-called double opt-in procedure, which ensures that you will only receive newsletters if you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the specified e-mail address.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In doing so, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later date. The data we collect when you register for the newsletter is used strictly for the intended purpose. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for any other purpose that is permitted by law and about which we inform you in this declaration.
5.2 – Newsletter dispatch via Sendinblue
Our e-mail newsletters are sent via the technical service provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, to whom we pass on the data you provided when registering for the newsletter. This disclosure is made in accordance with Art. 6 para. 1 lit. f DSGVO and serves our legitimate interest in using a promotional, secure and user-friendly newsletter system. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on Sendinblue’s servers in the EU.
Sendinblue uses this information to send and statistically evaluate the newsletters on our behalf. For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Furthermore, Sendinblue may use this data in accordance with Art. 6 para. 1 lit. f DSGVO itself on the basis of its own legitimate interest in the needs-based design and optimization of the service as well as for market research purposes, for example to determine from which countries the recipients come. However, Sendinblue does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
We have concluded an order processing contract with Sendinblue, with which we oblige Sendinblue to protect our customers’ data and not to pass it on to third parties.
6) Data processing for order processing
6.1 – Transmission of image files for order processing by e-mail
On our website, we offer customers the opportunity to request personalization of products by sending image files via email. The submitted image motif is used as a template for the personalization of the selected product.
The customer can send one or more image files from the memory of the end device used to us via the mail address provided on the website. We then collect, store and use the files transmitted in this way exclusively for the production of the personalized product as defined in the respective service description on our website. If the transmitted image files are passed on to special service providers for the preparation and processing of the order, you will be explicitly informed about this in the following paragraphs. Any further disclosure will not take place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all the processing operations just mentioned are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 Para. 1 lit. b GDPR. After final processing of the order, the transmitted image files are automatically and completely deleted.
6.2 As far as necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be processed in accordance with Art. 6 para. 1 lit. b DSGVO to the contracted transport company and the contracted credit institution.
Insofar as we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data (name, address, e-mail address) provided by you when placing the order in order to inform you within the scope of our statutory information obligations pursuant to Art. 6 Para. 1 lit. c DSGVO by appropriate means of communication (e.g. by mail or e-mail) about upcoming updates in person within the period provided for by law. Your contact data will be used strictly for the purpose of notifying you of updates we owe you and will be processed by us for this purpose only to the extent necessary for the information in question.
In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.
6.3 Transfer of personal data to shipping service providers
If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany), we will disclose your e-mail address pursuant to Art. 6 para. 1 lit. a DSGVO before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification to DHL, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery, we will disclose in accordance with Art. 6 para. 1 lit. b DSGVO only the name of the recipient and the delivery address to DHL. The disclosure is made only to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with DHL or the delivery notice is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider DHL.
If the delivery of the goods is carried out by the transport service provider GLS (General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 – 7, 36286 Neuenstein), we will pass on your e-mail address to GLS in accordance with Art. 6 Para. 1 lit. a DSGVO before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent for this in the ordering process.Otherwise, we will only pass on the name of the recipient and the delivery address to GLS for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b DSGVO. The transfer will only take place insofar as this is necessary for the delivery of goods. In this case, a prior coordination of the delivery date with GLS or the transmission of status information of the shipment delivery is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider GLS.
If the delivery of the goods is carried out by the transport service provider Hermes (Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg, Germany), we will disclose your e-mail address prior to the delivery of the goods in accordance with Art. 6 para. 1 lit. a DSGVO for the purpose of coordinating a delivery date or for delivery notification to Hermes, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b DSGVO only the name of the recipient and the delivery address to Hermes. The disclosure is made only to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with Hermes or the transmission of status information of the shipment delivery is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider Hermes.
6.4 Use of payment service providers (payment services)
In case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) within the framework of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b DSGVO and only insofar as this is necessary for payment processing.
PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal. For this purpose, your payment data may be processed in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
If you choose a payment method of the payment service provider Stripe, the payment will be processed via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b DSGVO. You can find more information about Stripe’s data protection at the URL https://stripe.com/de/privacy#translation.
Stripe reserves the right to perform a credit check based on mathematical-statistical methods in order to safeguard its legitimate interest in determining the User’s ability to pay. The personal data necessary for a credit check and received in the course of payment processing may be transmitted by Stripe to selected credit agencies, which Stripe discloses to Users upon request. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Stripe uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the authorization to use the selected payment method.
You can object to this processing of your data at any time by sending a message to Stripe or the appointed credit agencies.
However, Stripe may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
7) Rights of the data subject
7.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise prerequisites:
– Right to information according to Art. 15 DSGVO;
– Right to rectification pursuant to Art. 16 DSGVO;
– Right to erasure according to Art. 17 DSGVO;
– Right to restriction of processing pursuant to Art. 18 DSGVO;
– Right to information pursuant to Art. 19 GDPR;
– Right to data portability according to Art. 20 DSGVO;
– Right to revoke consent given in accordance with Art. 7 para. 3 GDPR;
– Right to lodge a complaint pursuant to Article 77 of the GDPR.
7.2 RIGHT OF OBJECTION
IF, IN THE CONTEXT OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
8) Duration of the storage of personal data
The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of processing and – if relevant – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a DSGVO, this data is stored until the data subject revokes his/her consent.
If there are legal retention periods for data that are required in the context of legal transactions or obligations similar to legal transactions on the basis of Art. 6 Para. 1 lit. b DSGVO, this data is routinely deleted after expiry of the retention periods, provided that it is no longer required for the fulfillment of the contract or the initiation of the contract and/or there is no legitimate interest on our part to continue storing it.
When processing personal data on the basis of Art. 6 para. 1 lit. f DSGVO, this data is stored until the data subject exercises his or her right to object pursuant to Art. 21 Para. 1 DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f DSGVO, this data is stored until the data subject exercises his or her right to object pursuant to Art. 21 Para. 2 GDPR exercises.
Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.