Privacy policy

Data Protection Declaration

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. On

the following pages, we inform you about the handling of your personal data when using

our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge of data processing on this website, within the meaning of

the General Data Protection Regulation (GDPR), is Magdalena Pasieka, Belziger Ring 22,

12689 Berlin, Germany, Phone.: 017643412972, e-mail:

magdalenapasieka2@gmail.com. The controller in charge of the processing of personal

data is the natural or legal person who alone or jointly with others determines the

purposes and means of the processing of personal data.

2) Data Collection When You Visit Our Website

2.1 When using our website for information only, i.e. if you do not register or otherwise

provide us with information, we only collect data that your browser transmits to our

server (so-called "server log files"). When you visit our website, we collect the following

data that is technically necessary for us to display the website to you:

- Our visited website

- Date and time at the moment of access

- Amount of data sent in bytes

- Source/reference from which you came to the page

- Browser used

- Operating system used

- IP address used (if applicable: in anonymized form)

Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of

our legitimate interest in improving the stability and functionality of our website. The

data will not be passed on or used in any other way. However, we reserve the right to

check the server log files subsequently, if there are any concrete indications of illegal

use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the

transmission of personal data and other confidential content (e.g. orders or inquiries to

the controller). You can recognize an encrypted connection by the character string

https:// and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 Shopify

For the hosting of our website and the display of the page content, we use the system of

the following provider: Shopify International Limited, Victoria Buildings, 2nd floor, 1-2

Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have

concluded an order processing agreement with the provider, ensuring the protection of

our site visitors' data and prohibiting unauthorised disclosure to third parties.

In case of data transfer to Canada, an adequate level of data protection is guaranteed

by an adequacy decision of the European Commission.

3.2 Cloudflare

We use a content delivery network offered by the following provider: Cloudflare Inc., 101

Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content or

scripts faster via a network of regionally distributed servers. The processing is carried

out to protect our legitimate interest in improving the stability and functionality of our

website pursuant to Art. 6 (1) point f GDPR. We have concluded an order processing

agreement with the provider, ensuring the protection of our site visitors' data and

prohibiting unauthorised disclosure to third parties.

For data transfers to the USA, the provider participates in the EU-US Data Privacy

Framework, which ensures compliance with the European level of data protection on the

basis of an adequacy decision by the European Commission.

4) Cookies

In order to make your visit to our website more attractive and to enable the use of

certain functions, we use cookies, i.e. small text files that are stored on your end device.

In some cases, these cookies are automatically deleted again after the browser is closed

(so-called "session cookies"), in other cases, these cookies remain on your end device

for longer and allow page settings to be saved (so-called "persistent cookies"). In the

latter case, you can find the duration of the storage in the overview of the cookie

settings of your web browser.

If personal data is also processed by individual cookies set by us, the processing is

carried out either in accordance with Art. 6 (1) point b GDPR for the performance of the

contract, in accordance with Art. 6 (1) point a GDPR in the case of consent given or in

accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best

possible functionality of the website as well as a customer-friendly and effective design

of the page visit.

You can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the

acceptance of cookies for certain cases or in general.

Please note that the functionality of our website may be limited if cookies are not

accepted.

5) Contacting Us

When you contact us (e.g. via contact form or e-mail), personal data is collected. Which

data is collected in the case of a contact form can be seen from the respective contact

form. This data is stored and used exclusively for the purpose of responding to your

request or for establishing contact and for the associated technical administration.

The legal basis for processing data is our legitimate interest in responding to your

request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding

a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your

data will be deleted after final processing of your enquiry; this is the case if it can be

inferred from the circumstances that the facts in question have been finally clarified,

provided there are no legal storage obligations to the contrary.

6) Processing of Data for the Purpose of Order Handling

6.1 Insofar as necessary for the processing of the contract for delivery and payment

purposes, the personal data collected by us will be passed on to the commissioned

transport company and the commissioned credit institution in accordance with Art. 6

Para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis

of a corresponding contract, we will process the contact data (name, address, e-mail

address) provided by you when placing the order in order to inform you personally by

suitable means of communication (e.g. by post or e-mail) about upcoming updates

within the legally stipulated period of time within the framework of our statutory duty to

inform pursuant to Art. 6 Para. 1 lit. c GDPR. Your contact details will be used strictly for

the purpose of informing you about updates owed by us and will only be processed by

us for this purpose to the extent that this is necessary for the respective information.

In order to process your order, we also work together with the following service

provider(s), who support us in whole or in part in the execution of concluded contracts.

Certain personal data is transferred to these service providers in accordance with the

following information.

6.2 Use of Payment Service Providers

- Paypal

Online payment methods from the following provider are available on this website:

PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method of the provider for which you make an advance

payment, your payment data provided during the ordering process (including name,

address, bank and payment card information, currency and transaction number) as well

as information about the content of your order will be passed on to the provider in 

accordance with Art. 6 (1) point b GDPR. In this case, your data will only be passed on

for the purpose of processing payment with the provider and only to the extent

necessary for this purpose.

When selecting a payment method of the provider with which the provider makes

advance payments, you will also be asked to provide certain personal data (first name

and surname, street, house number, postcode, city, date of birth, e-mail address,

telephone number, if applicable data on alternative means of payment) during the

ordering process.

In order to safeguard our legitimate interest in determining the solvency of our

customers, this data is passed on to the provider by us for the purpose of a credit check

in accordance with Art. 6 (1) point f GDPR. On the basis of the personal data provided by

you as well as further data (such as shopping cart, invoice total, order history, payment

history), the provider checks whether the payment option selected by you can be

granted with regard to payment and/or bad debt risks.

The credit report may contain probability values (so-called score values). Insofar as

score values are included in the result of the credit report, they have their basis in a

scientifically recognised mathematical-statistical procedure. The calculation of the score

values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or

to the provider. However, the provider may still be entitled to process your personal

data if this is necessary for the contractual processing of payments.

7) Rights of the Data Subject

7.1 The applicable data protection law grants you the following comprehensive rights of

data subjects (rights of information and intervention) vis-à-vis the data controller with

regard to the processing of your personal data:

- Right of access by the data subject pursuant to Art. 15 GDPR;

- Right to rectification pursuant to Art. 16 GDPR;

- Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR;

- Right to restriction of processing pursuant to Art. 18 GDPR;

- Right to be informed pursuant to Art. 19 GDPR;

- Right to data portability pursuant to Art. 20 GDPR;

- Right to withdraw a given consent pursuant to Art. 7 (3) GDPR;

- Right to lodge a complaint pursuant to Art. 77 GDPR.

7.2 RIGHT TO OBJECT

IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR

PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU

HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE

FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA

CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN

PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH

OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE

PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE

THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA

WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE

OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA

CONCERNED FOR DIRECT ADVERTISING PURPOSES.

8) Duration of Storage of Personal Data

The duration of the storage of personal data is based on the respective legal basis, the

purpose of processing and - if relevant – on the respective legal retention period (e.g.

commercial and tax retention periods).

If personal data is processed on the basis of express consent pursuant to Art. 6 (1) point

a GDPR, this data is stored until the data subject revokes his consent.

If there are legal storage periods for data that is processed within the framework of legal

or similar obligations on the basis of Art. 6 (1) point b GDPR, this data will be routinely

deleted after expiry of the storage periods if it is no longer necessary for the fulfillment

of the contract or the initiation of the contract and/or if we no longer have a justified

interest in further storage.

When processing personal data on the basis of Art. 6 (1) point f GDPR, this data is stored

until the data subject exercises his right of objection in accordance with Art. 21 (1)

GDPR, unless we can provide compelling grounds for processing worthy of protection

which outweigh the interests, rights and freedoms of the data subject, or the processing

serves to assert, exercise or defend legal claims.

If personal data is processed for the purpose of direct marketing based on Art. 6 (1)

point f GDPR, this data is stored until the data subject exercises his right of objection

pursuant to Art. 21 (2) GDPR.

Unless otherwise stated in the information contained in this declaration on specific

processing situations, stored personal data will be deleted if it is no longer necessary for

the purposes for which it was collected or otherwise processed.