Thank you for your interest in our online shop. The protection of your privacy is important to us. In the following we will inform you in detail about the handling of your data.
1) Information about the collection of personal data and contact details of the responsible person
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we will inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.
1.2 Julia Kitschenberg, Blanda Beauty, Memmingerstr. Is responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR). 71, 72762 Reutlingen, Germany, Tel .: 01707258098, E-Mail: firstname.lastname@example.org. The person responsible for processing personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses an SSL or. TLS encryption. You can recognize an encrypted connection by the character string "https: //" and the lock symbol in your browser line.
2) Data collection when visiting our website
In the case of merely informative use of our website, ie if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following information that is technically necessary for us to display the website:
- Our visited website
- Date and time at the time of access
- Amount of transmitted data in bytes
- Source/reference from which you accessed the site
- Used browser
- Operating system used
- Used IP address (possibly in anonymous form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to retrospectively check the server logfiles should concrete evidence point to unlawful use.
Hosting through Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), for the purpose of hosting and displaying the online shop on the basis of a Processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned Shopify services, data can also be processed in the context of further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc . or Shopify (USA) Inc. In the event that data is transmitted to Shopify Inc. in Canada, the European Commission's adequacy decision guarantees the appropriate level of data protection. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned by Shopify will only take place within the framework communicated below.
In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, ie after closing your browser (so-called session cookies). Other cookies remain on your device and allow you to recognize your browser the next time you visit it (so-called persistent cookies). If cookies are set, they collect and process specific user information, such as browser and location data as well as IP address values, to an individual extent. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. The duration of each cookie storage can be found in the overview of the cookie settings of your web browser.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the content of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of a given consent or according to Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
Please note that you can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or can exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browser under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that if you do not accept cookies, the functionality of our website may be limited.
5) contact us
When you contact us (e.g. using the contact form or email), personal data is collected. Which data is collected when a contact form is used can be seen from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 lit.f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no statutory retention requirements.
6) Data processing when opening a customer account and for contract execution
According to Art. 6 para. 1 lit. b DSGVO, personal data will continue to be collected and processed if you provide it to us for the purpose of concluding a contract or opening a customer account. The data collected is shown in the respective input forms. A deletion of your customer account is possible at any time and can be done by a message to the above-mentioned address of the person in charge. We store and use the data you have provided for the execution of the contract. After completion of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after expiration of these periods, unless you have expressly consented to further use of your data or a legally permitted further data use by our side has been.
7) Use of customer data for direct advertising
7.1 Registration for our e-mail newsletter
If you subscribe to our e-mail newsletter, we will send you regular information about our offers. Mandatory information for sending the newsletter is your e-mail address alone. The specification of further data is voluntary and will be used to address you personally. For sending the newsletter we use the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you agree to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm by clicking on a link that you wish to receive the newsletter in the future.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When registering for the newsletter, we will save your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your e-mail address at a later date. The data collected by us when registering for the newsletter will be used exclusively for promotional purposes by means of the newsletter. You can cancel the newsletter at any time via the provided link in the newsletter or by sending a message to the person named above. After cancellation, your e-mail address will be deleted immediately in our newsletter distribution, as far as you have not expressly consented to a further use of your data or we reserve the right to further data usage, which is permitted by law and about which we inform you in this statement.
7.2 Sending the e-mail newsletter to existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services, such as those already purchased, from our range by e-mail. For this we do not have to obtain a separate consent from you according to § 7 Abs. 3 UWG. In this respect, data processing takes place solely on the basis of our legitimate interest in personalized direct mail in accordance with Art. 6 para. 1 lit. f DSGVO. If you have initially objected to the use of your e-mail address for this purpose, we will not send you a mail. You are entitled to object to the use of your e-mail address for the purpose described above at any time with effect for the future by a message to the person named at the beginning. For this purpose, you only have to pay delivery costs according to the basic rates. Upon receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately.
7.3 Sending newsletters via Omnisend
Our e-mail newsletters are sent via the technical service provider Omnisend (Soundest Ltd., Unit a3, Gateway Tower, 32 Western Gateway, London E16 1YL, United Kingdom), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 Para. 1 lit. f GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) are stored on Omnisend's servers in the EU.
Omnisend uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). The data is collected exclusively in pseudonymized form and is not linked to your other personal data; direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyzes can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
In addition, Omnisend can use this data in accordance with Art. 6 Para. 1 lit.f GDPR due to its own legitimate interest in the needs-based design and optimization of the service and for market research purposes, for example to determine which countries the recipients come from. However, Omnisend does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
We have concluded an order processing contract with Omnisend, with which we oblige Omnisend to protect our customers' data and not to pass it on to third parties.
You can view the data protection provisions of Omnisend here: https://www.omnisend.com/privacy
8) Data processing for order processing
8.1 Insofar as it is necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Article 6 (1) (b) GDPR.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact details you provided when ordering (name, address, e-mail address) in order to meet our statutory information requirements in accordance with Art. 6 Para . 1 lit. c GDPR personally using a suitable means of communication (e.g. by post or email) about upcoming updates in the legally stipulated period. Your contact details will be used strictly for the purpose of notifications about updates we owe and will only be processed by us for this purpose to the extent necessary for the respective information.
In order to process your order, we also work together with the following service provider (s) who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
8.2 Use of special service providers for order processing and processing
The dispatch takes place via the dispatch portal "SendCloud" (SendCloud GmbH, Kanalstr. 10, 80538 Munich). According to Art. 6 para. 1 lit. b GDPR, we pass on your data to SendCloud exclusively for the purpose of processing your online order. The data will only be passed on if this is actually necessary for processing. Details on SendCloud's data protection can be found on the SendCloud website at www.sendcloud.de/datenschutz/.
- Shopify Order Printer
For the accounting and logistical organization of orders, we use the “Order Printer” service from Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”) for automated creation of invoices, receipts, shipping labels and other business documents. If personal order data is processed via the service for the preparation of these documents, the processing takes place in accordance with Art. 6 Paragraph 1 lit.
8.3 Use of payment service providers (payment services)
- Amazon Pay
If you select the payment method "Amazon Pay", the payment will be processed by the payment service provider Amazon Payments Europe sca, 38 avenue JF Kennedy, L-1855 Luxembourg (hereinafter: "Amazon Payments"), to whom we will provide your information as part of the ordering process along with the Pass on information about your order in accordance with Art. 6 Para. 1 lit. b GDPR. Your data is passed on exclusively for the purpose of processing payments with the payment service provider Amazon Payments and only insofar as it is necessary for this. If cookies, i.e. small text files that are stored on the end device, are set when using Amazon Pay, this is done exclusively on the basis of your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. This consent can be revoked at any time using the "cookie consent tool" implemented on the website. You can find more information about the data protection provisions of Amazon Payments at the following Internet address: https://pay.amazon.com/de/help/201751600
- Apple Pay
If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the "Apple Pay" function of your end device operated with iOS, watchOS or macOS by debiting a payment card deposited with "Apple Pay". Apple Pay uses security features built into your device's hardware and software to help protect your transactions. To release a payment, you have to enter a code that you have previously defined, as well as verification using the "Face ID" or "Touch ID" function on your device.
For the purpose of payment processing, the information you provide during the ordering process and the information about your order are passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is sent to the payment service provider of the payment card stored in Apple Pay in order to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the outgoing website to confirm payment success.
If personal data are processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Apple retains anonymized transaction information, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes personal references. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
When you use Apple Pay on the iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can be used to identify you personally. You can turn off the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.
Further information on data protection with Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027
When paying via "giropay", payment is processed by giropay GmbH, An der Welle 4, 60322 Frankfurt / Main, to whom we pass on the information you provided during the ordering process along with information about your order. The transfer of your data takes place in accordance with Art. 6 Paragraph 1 lit. b GDPR exclusively for the purpose of payment processing and only insofar as it is necessary for this. You can find more information about the data protection provisions of giropay GmbH at the following Internet address: https://www.giropay.de/rechtliches/datenschutzerklaerung
If you choose a Klarna payment service, the payment will be processed by Klarna Bank AB (publ), https://klarna.com/de/, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable the processing of the payment, your personal data (first and last name, street, house number, zip code, city, gender, email address, telephone number and IP address) as well as data related to the order are stored (e.g. invoice amount, article, type of delivery) passed on to Klarna for the purpose of identity and credit checks, provided that you have expressly consented to this in accordance with Article 6 (1) (a) GDPR as part of the ordering process. You can see here which credit agencies your data can be forwarded to:
The credit information can contain probability values (so-called score values). As far as score values are included in the results of the credit rating, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, but is not limited to, address data. The received information about the statistical probability of a payment default uses Klarna for a balanced decision on the creation, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the controller or to Klarna. However, Klarna may continue to be entitled to process your personal data, if this is necessary for the contractual payment.
Your personal details are processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna’s data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for those affected based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we will transfer your payment data in the course of payment to PayPal (Europe) Sarl et Cie, SCA, 22- 24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), continue. The transfer takes place in accordance with Art. 6 para. 1 lit. b DSGVO and only insofar as this is necessary for the payment process.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may continue to be entitled to process your personal data, if this is necessary for the contractual payment.
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment is processed by the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will receive the information you provided during the ordering process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) according to Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only insofar as it is necessary for this. You can find more information on data protection at Shopify Payments at the following Internet address: https://www.shopify.com/legal/privacy.
Data protection information on Stripe Payments Europe Ltd. you'll find here: https://stripe.com/de/privacy
If you select the payment method "SOFORT", the payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we will provide the information you provided during the ordering process, together with the information about your order in accordance with Art. 6 para. 1 lit. b Pass on GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with the payment service provider IMMEDIATELY and only to the extent that it is necessary for this. You can find more information about SOFORT's data protection regulations at the following Internet address: https://www.klarna.com/sofort/datenschutz
9) contact the evaluation reminder
Valuation reminder by Trustpilot
If you have given us your express consent to this during or after your order in accordance with Article 6 (1) (a) GDPR, we will transmit your email address to the Trustpilot rating platform at Trustpilot A / S, Pilestræde 58, 1112 Copenhagen K, Denmark (www.trustpilot.com) so that they can send you a review reminder by email.
You may revoke your consent at any time by posting a message to the controller or to the rating platform.
10) rights of the person concerned
10.1 The applicable data protection law grants you the following rights of data subjects (information and intervention rights) vis-à-vis the person responsible with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise requirements:
- Right to information in accordance with Art. 15 GDPR;
- Right to rectification in accordance with Art. 16 GDPR;
- Right to deletion in accordance with Art. 17 GDPR;
- Right to restriction of processing in accordance with Art. 18 GDPR;
- Right to information in accordance with Art. 19 GDPR;
- Right to data portability in accordance with Art. 20 GDPR;
- Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR;
- Right to lodge a complaint in accordance with Art. 77 GDPR.
10.2 RIGHT TO OBJECT
IF, IN THE CONTEXT OF INTEREST ACCOUNTABILITY, WE PROCESS OUR PERSONAL DATA BASED ON OUR MAJOR LEGITIMATE INTEREST, YOU HAVE ANY PRESENT RIGHT TO SUBMIT AGAINST THIS PROCESSING FOR CONSEQUENCES WITH EFFECT ON THE FUTURE FOR REASONS OBTAINED FROM YOUR SPECIFIC SITUATION.
MAKE USE OF YOUR OPPOSITION RIGHT, WE FINISH THE PROCESSING OF THE AFFECTED DATA. FURTHER PROCESSING REMAINS SUBJECT TO EXERCISE WHEN WE MAY PROVIDE IMPERATIVE REASONABLE REASONS FOR PROCESSING WHICH EXCEED ITS INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING SERVES THE PRESENTATION, EXERCISE OR DEFENSE OF LEGAL CHARGES.
IF YOUR PERSONAL DATA IS PROCESSED BY US TO OPERATE DIRECT ADVERTISING, YOU HAVE THE RIGHT TO INTRODUCE ANY CONTESTING AGAINST THE PROCESSING OF YOU OF PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE THE OPPOSITE AS DESCRIBED ABOVE.
MAKE USE OF YOUR CONTINGENCY RIGHT, WE FINISH THE PROCESSING OF THE DATA CONCERNED FOR DIRECT ACCEPTANCE.
11) Duration of storage of personal data
The duration of the storage of personal data is based on the respective legal basis, the purpose of processing and - if applicable - additionally based on the respective legal retention period (eg commercial and tax retention periods).
In the processing of personal data based on an explicit consent in accordance with Art. 6 para. 1 lit. a DSGVO, these data are stored until the person withdraws his consent.
There are statutory retention periods for data which, in the context of legal or similar obligations, are based on Art. 6 para. 1 lit. b DSGVO are processed, these data are routinely deleted after expiry of the retention periods, if they are no longer required for fulfillment of the contract or for initiating a contract and / or if there is no legitimate interest in the re-storage on our part.
In the processing of personal data on the basis of Art. 6 para. 1 lit. f DSGVO, these data will be stored until the person concerned exercises his right of objection under Art. 21 para. 1 DSGVO, unless we can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the person concerned, or the processing serves the assertion, exercise or defense of legal claims.
In the processing of personal data for the purpose of direct advertising on the basis of Art. 6 para. 1 lit. f DSGVO these data will be stored until the person concerned exercises his right of objection under Art. 21 para. 2 DSGVO.
Unless otherwise stated in the other information in this Declaration on Specific Processing Situations, stored personal data will be erased if they are no longer necessary for the purposes for which they were collected or otherwise processed.