Privacy policy

Personal data (hereinafter referred to as “data”) is processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

In accordance with Art. 4 no. 1. of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to only as “GDPR”), “processing” shall mean any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following privacy policy, we inform you in particular about the nature, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of processing. In addition, we inform you below about the third-party components used by us for optimization purposes as well as to increase the quality of use, insofar as third parties process data through this, again under their own responsibility.

Our data protection declaration is structured as follows:

I. Information about us as the responsible party
II. rights of users and data subjects
III. general information
IV. Information on data processing
V. Plugins & Tools
VI. data processing for order processing
VII. security

I. INFORMATION ABOUT US AS THE RESPONSIBLE PARTY

The responsible provider of this website in the sense of data protection law is:

Alina, Hermann
Friedrich-Ebert-Str. 52
69502, Hemsbach

phone: 015733086165
e-mail: alina.hermann.art@gmail.com

II. RIGHTS OF USERS AND DATA SUBJECTS

With regard to the data processing described in more detail below, users and data subjects have the right to

To confirmation as to whether data concerning them is being processed, to information about the data processed, to further information about the data processing and to copies of the data (cf. also Art. 15 DSGVO);
to correction or completion of incorrect or incomplete data (cf. also Art. 16 DSGVO);
to the immediate erasure of the data concerning them (cf. also Art. 17 DSGVO), or, alternatively, insofar as further processing is necessary pursuant to Art. 17 (3) DSGVO, to the restriction of processing in accordance with Art. 18 DSGVO;
to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 DSGVO);
to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions (cf. also Art. 77 GDPR).

In addition, the Provider is obliged to inform all recipients to whom data has been disclosed by the Provider about any correction or deletion of data or restriction of processing that takes place on the basis of Articles 16, 17 (1), 18 DSGVO. However, this obligation does not exist insofar as this notification is impossible or involves a disproportionate effort. Notwithstanding the above, the user has a right to information about these recipients.

Likewise, according to Art. 21 DSGVO, users and data subjects have the right to object to the future processing of data concerning them, insofar as the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) DSGVO. In particular, an objection to data processing for the purpose of direct advertising is permitted.

III. General Information

Hosting (Dogado)

When visiting this website, personal data is processed. Categories of data processed: technical connection data of the server access (IP address, date, time, requested page, browser information). Purpose of processing:monitoring of the technical function and to increase the operational security of our web server, delivery and provision of the website and anonymization and compilation of statistics. The legal basis for processing:a legitimate interest that overrides the rights and freedoms of data subjects (Art. 6 (1) f DSGVO). Legitimate interests in this context:strong economic interest in the safe and functioning operation of the technical systems. A transfer of data takes place: to the processor dogado GmbH, Saarlandstraße 25, 44139 Dortmund, Germany (https://www.dogado.de/). Duration of processing: is variable and ends when the purpose of processing ceases.

Order processing agreement

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Links to other websites

Our Internet offer contains links to contents of other providers. These can be identified by explicit links (e.g. www.internetseite.de), by corresponding notes in the text or by marking them with the symbol. In addition, external links are opened in a separate browser window. The use of these external contents may be subject to other specifications than those presented here.

IV. INFORMATION ON DATA PROCESSING

Your data processed during the use of our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information is provided below on individual processing procedures.

Cookies

Our website uses cookies. Cookies are small text files which are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is called up again.

Cookies will be stored on your computer. You therefore have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can be notified before the setting of cookies and you can decide whether to accept this setting in each individual case as well as prevent the storage of cookies and transmission of the data they contain. Cookies which have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website. Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically necessary cookies

Insofar as no other information is given in the data protection declaration below we use only these technically necessary cookies cookies to make our offering more user-friendly, effective and secure. Cookies also allow our systems to recognise your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognised again after a page change.

The use of cookies or comparable technologies is carried out on the basis of Art. 25 para. 2 TDDDG. Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our largely justified interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our range of services.
You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.

Cookie consent with Real Cookie Banner

This website uses the cookie consent technology “Real Cookie Banner” to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this consent in accordance with data protection law. The provider of this technology is devowl.io GmbH, Tannet 12, 94539 Grafling, website:
https://devowl.io/de/wordpress-real-cookie-banner/ (hereinafter “Real Cookie Banner”). When you enter my website, the following personal data is transferred to Real Cookie Banner:
(1) Your consent(s) or revocation of your consent(s).
(2) Your IP address
(3) Information about your browser
(4) Information about your terminal device
(5) Time of your visit to the website

Furthermore, Real Cookie Banner stores a cookie in your browser in order to be able to assign the consent(s) given to you or their revocation.The data collected in this way will be stored until you request us to delete it, until you delete the Real Cookie Banner cookie yourself, or until the purpose for storing the data no longer applies.Mandatory legal storage obligations remain unaffected.
The use of Real Cookie Banner takes place in order to obtain the legally required consents for the use of certain technologies.The legal basis for this is Art. 6 p. 1 lit. c DSGVO.

Contact requests / contact option

If you contact us via contact form or e-mail, the data you provide will be used to process your request.The provision of the data is necessary for processing and answering your request – without their provision, we can not answer your request or at best limited.

The legal basis for this processing is Art. 6 para. 1 lit. b) DSGVO. Your data will be deleted if your inquiry has been answered conclusively and the deletion does not conflict with any statutory retention obligations, such as in the case of any subsequent contract processing.

Collection and processing when images are sent by e-mail

You have the option to send us images via e-mail in connection with the order of a personalized product. With the transmission of your images, we may collect your personal data (image of an identifiable person) only to the extent provided by you. The purpose of data processing is to create personalized products. The sent image serves as a template for the product and is used for this purpose (e.g. commission). The processing is carried out on the basis of Art. 6 para. 1(b) GDPR and is required for the completion of a contract with you. Your data will not be transferred. We only use the image you send within the scope of service provision. Your data will then be deleted subject to legal retention periods, provided that you have not consented to further processing and use.

NEWSLETTER DATA

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example by clicking on a link at the end of each newsletter. You can also send us an email with the corresponding request to unsubscribe from the mailing list to info@alina-hermann-art.com. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

FLODESK

This website uses FloDesk to send newsletters. The provider is FloDesk GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. FloDesk is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on FloDesk’s servers in Germany or Ireland.

Our newsletters sent with FloDesk enable us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. Conversion tracking can also be used to analyze whether a predefined action (e.g. purchase of a product on this website) has taken place after clicking on the link in the newsletter. Further information on data analysis by FloDesk newsletters can be found at: https://www.FloDesk.com/de/funktionen/reporting-und-tracking/

The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

If you do not want FloDesk to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

We have also concluded an order processing agreement (data processing agreement) with Flodesk, with which this company documents compliance with appropriate technical and organizational measures. You can find out how Flodesk stores and processes the data in Flodesk’s privacy policy. This is available at https://flodesk.com/privacy-policy. By subscribing to the newsletter, you consent to the transfer of data to Flodesk.

Facebook

To advertise our products and services and to communicate with interested parties or customers, we operate a company presence on the Facebook platform.

On this social media platform, we are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Facebook’s data protection officer can be reached via a contact form:https://www.facebook.com/help/contact/540977946302970

We have regulated the joint responsibility in an agreement regarding the respective obligations in terms of the GDPR. This agreement, from which the mutual obligations arise, can be accessed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of personal data that thereby takes place and is reproduced below is Art. 6 (1) lit. f DSGVO. Our legitimate interest is in the analysis, communication and sales and promotion of our products and services.The legal basis may also be the user’s consent pursuant to Art. 6 (1) lit. a DSGVO vis-à-vis the platform operator. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 (3) DSGVO.When calling up our online presence on the Facebook platform, data of the user (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as operator of the platform in the EU.This user data is used for statistical information about the use of our company presence on Facebook.Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create profiles of users.On the basis of these profiles, it is possible for Facebook Ireland Ltd., for example, to advertise users within and outside of Facebook according to their interests.If the user is logged into his account on Facebook at the time of the call, Facebook Ireland Ltd. can also link the data with the respective user account.

In the event that the user contacts us via Facebook, the user’s personal data entered on this occasion will be used to process the request.The user’s data will be deleted by us, provided that the user’s inquiry has been conclusively answered and there are no legal retention obligations, such as in the case of a subsequent contract processing, to the contrary.

In order to process the data, Facebook Ireland Ltd. may also set cookies.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been stored can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by the corresponding setting of the Flash player.If the user prevents or restricts the installation of cookies, this may mean that not all functions of Facebook can be fully used.More details about the processing activities, their prevention and the deletion of data processed by Facebook can be found in Facebook’s data policy:https://www.facebook.com/privacy/explanation

It is not excluded that processing by Meta Platforms Ireland Limited also takes place via Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Instagram

To advertise our products and services and to communicate with interested parties or customers, we operate a company presence on the Instagram platform.

On this social media platform, we are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Instagram’s privacy officer can be reached via a contact form: https://www.facebook.com/help/contact/540977946302970

We have regulated the joint responsibility in an agreement regarding the respective obligations in terms of the GDPR. This agreement, from which the mutual obligations arise, can be accessed at the following link:https://www.facebook.com/legal/terms/page_controller_addendum

When calling up our online presence on the Instagram platform, data of the user (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as operator of the platform in the EU.This user data is used for statistical information about the use of our company presence on Instagram.Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create profiles of users. Based on these profiles, it is possible for Facebook Ireland Ltd., for example, to advertise users within and outside of Instagram based on their interests. If the user is logged into his account on Instagram at the time of the call, Facebook Ireland Ltd. can also link the data with the respective user account.

In the event that the user contacts us via Instagram, the user’s personal data entered on this occasion will be used to process the request.The user’s data will be deleted by us, provided that the user’s inquiry has been conclusively answered and no legal retention obligations, such as in the case of subsequent contract processing, are opposed to this.

In order to process the data, Facebook Ireland Ltd. may also set cookies.If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly.Cookies that have already been stored can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by the corresponding setting of the Flash player.If the user prevents or restricts the installation of cookies, this may mean that not all functions of Facebook can be fully used.

More details about the processing activities, their prevention and the deletion of data processed by Instagram can be found in the Instagram data policy:

https://help.instagram.com/519522125107875

It is not excluded that processing by Facebook Ireland Ltd. also takes place via Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

We maintain an online presence on Pinterest to present our company as well as our services and to communicate with customers/prospects. Pinterest is a service of Pinterest Inc, 651 Brannan Street, San Francisco, CA, 94107, USA.In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may pose increased risks to users in that, for example, it may be more difficult to access user data at a later date. We also do not have access to this user data. The access possibility lies exclusively with Pinterest.The data protection information of Pinterest can be found at https://policy.pinterest.com/de/privacy-policy

General linking to third-party profiles

The provider uses a link on the website to the social networks listed below.

The legal basis for this is Art. 6 para. 1 lit. f DSGVO.

The legitimate interest of the provider is to improve the quality of use of the website.

The integration of the plugins takes place via a linked graphic.Only by clicking on the corresponding graphic, the user is forwarded to the service of the respective social network.After the customer has been redirected, information about the user is collected by the respective network. This is initially data such as IP address, date, time and page visited. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the specific visit of the user to the personal account of the user. If the user interacts via a “Share” button of the respective network, this information can be stored in the user’s personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his user account, the user must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.The following social networks are linked by the provider:FacebookMeta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.Privacy policy: https://www.facebook.com/policy.phpInstagram

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Pinterest Inc, 651 Brannan Street, San Francisco, CA, 94107, USA.

V.Plugins & Tools

Polylang (language switch)

Provider is WP SYNTEX, 28, rue Jean Sébastien Bach, 38090 Villefontaine, France.
Polylang creates the functional cookie pll_language. It stores a language preference for the visitor to support multilingual websites.The use of Polylang is in the interest of an appealing presentation of our online offers and is based on our legitimate interest.(Art. 6 para. 1 lit. f DSGVO).

The storage period is one year.

You can find Polylang’s privacy policy here: https://polylang.pro/privacy-policy/

WooCommerce and WooCommerce Germanized

This website uses the WordPress plugins Woocommerce and Woocommerce Germansized to ensure the sale of products technically smooth. This is a local plugin.No personal data is transferred to Woocommerce. The Woocommerce plugin adds the functionality of an online store to our content management system. WooCommerce Germanized extends WooCommerce and ensures the technical adaptation to the specific German legal conditions. In this way, we ensure compliance with data protection regulations when using WooCommerce.Independent Analytics

In accordance with the provisions of the General Data Protection Regulation (DSGVO), the data collected by Independent Analytics is stored exclusively on our servers. No personal data is collected or tracked, which is why no cookies are used.

For more information about Compete Themes LLC’s privacy policy, please click here:

https://independentwp.com/privacy-policy/ (English)

hCaptcha

We use hCaptcha (hereinafter “hCaptcha”) on this website. The provider is Intuition Machines Inc 2211 Selig Dr, Los Angeles, CA 90026, United States (hereinafter “IMI”).

The purpose of hCaptcha is to verify whether data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, hCaptcha analyzes the behavior of the website visitor based on various characteristics.

This analysis starts automatically as soon as the website visitor enters a website with activated hCaptcha. For the analysis, hCaptcha evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to IMI. If hCaptcha is used in “invisible mode”, the analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TDDDG. The consent can be revoked at any time.

The data processing is based on the Standard Contractual Clauses (SCC) contained in the Data Processing Addendum to IMI’s General Terms and Conditions or the Data Processing Agreements.

For more information about hCaptcha, please see the Privacy Policy and Terms of Use at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms .

Yoast SEO

On our website we use plugins from Yoast SEO. This is an offer from Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, The Netherlands, Tel: +31 (0)24 82 00 337 (Chamber of Commerce / KvK: 55404367, VAT Number: NL851692540B01). This plugin takes care of the complete technical optimization of our websites for search engines. It also assists with content development. For more information, please refer to Yoast BV’s privacy policy, which you can view at https://yoast.com/privacy-policy/. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Google Web Fonts (local hosting)

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.

Further information on Google Web Fonts can be found at
https://developers.google.com/fonts/faq and in Google’s privacy policy:
https://policies.google.com/privacy?hl=de

Pinterest-Tag

This website uses the Pinterest tag of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

The Pinterest tag is used on the basis of Article 6(1f) GDPR. The website operator has a legitimate interest in effective advertising that includes social media. If consent is requested in this regard (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6(1a) GDPR. Consent can be revoked at any time.

The Pinterest tag allows Pinterest first of all to identify the visitors to our website as a target group for the advertisements that are displayed (known as “Pinterest Ads”). Accordingly, we use the Pinterest tag to display the Pinterest ads we place only to those Pinterest users who have actually shown an interest in our website or who have certain characteristics (e.g. interests in certain topics or products identified based on the websites they have visited) that we transmit to Pinterest (known as “ActALike Audiences”). We also aim to use the Pinterest tag to make sure that our Pinterest Ads match users’ potential interests and do not end up being perceived as a nuisance. With the help of the Pinterest tag, we can also track the effectiveness of the Pinterest Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Pinterest Ad (a process known as “conversion”).

The Pinterest tag is incorporated directly by Pinterest when you access our websites and can save a “cookie”, i.e. a small file, on your device. If you then log in to Pinterest or visit Pinterest while you are logged in, your visit to our website will be added to your profile. The data collected about you is anonymous to us, so it does not allow us to draw any conclusions as to the user’s identity.

The data is processed by Pinterest in line with Pinterest’s Data Use Policy. Accordingly, general information on the display of Pinterest ads can be found in Pinterest’s Data Use Policy:
https://policy.pinterest.com/en/privacy-policy.

You can object to the collection of data via the Pinterest tag and the use of your data to display Pinterest ads. To configure what types of advertisements are displayed to you within Pinterest, you can visit the page set up by Pinterest and follow the instructions there on settings for usage-based advertising: https://www.pinterest.com/settings/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

You can also object to the use of cookies for reach measurement and advertising purposes by visiting the deactivation page of the Digital Advertising Alliance: https://optout.aboutads.info.

V. Collection, processing, and transfer of personal data in orders

When you submit an order we only collect and use your personal data insofar as this is necessary for the fulfilment and handling of your
order as well as processing of your queries. The provision of data is necessary for conclusion of a contract. Failure to provide it will prevent
the conclusion of any contract. The processing will occur on the basis of Article 6(1) b) GDPR and is required for the fulfilment of a contract
with you.

Your data is transferred here for example to the shipping companies and dropshipping providers, payment service providers, service
providers for handling the order and IT service providers that you have selected. We will comply strictly with legal requirements in every
case. The scope of data transmission is restricted to a minimum.

Your data may be transferred to third countries outside the European Union for which an adequacy decision has been made by the EU
Commission.

Use of special service providers for order processing and handling (Printful).

Order processing for print products is carried out via the service provider “Printful” of Printful,Inc. 11025 Westlake Drive,
Charlotte, NC28273, USA. Name, address and, if applicable, other personal data will be passed on to Printful in accordance with Art. 6 Para. 1 lit. b DSGVO exclusively for the purpose of processing the online order. Your data will only be passed on to the extent that this is actually necessary for the processing of the order. Details on the data protection of Printful and the privacy policy of Printful, Inc. can be viewed at https://www.printful.com/policies/privacy.

Use of PayPal Express

Our website uses the payment service PayPal Express from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg; “PayPal”). The processing of data enables us to offer you the option of paying via the PayPal Express payment service. To integrate this payment service it is essential that PayPal collects, stores, and analyses data when you access the website (e.g. IP address, device type, operating system, browser type, device location). Cookies may be used for this purpose. Cookies allow your internet browser to be recognised. The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in a customer-oriented offer of different payment methods. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.

By selecting and using “PayPal Express”, the data required for payment processing will be submitted to PayPal to execute the agreement with you using the selected payment method. The data is processed on the basis of Article 6(1)(b) GDPR.
Further information on data processing when using the Paypal Express payment service can be found here https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS in the associated data privacy policy.

The use of PayPal Check-Out

We use the PayPal Check-Out payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”) on our website. The data processing serves the purpose of being able to offer you payment via the payment service. With the selection and use of payment via PayPal, credit card via PayPal, direct debit via PayPal or “Pay Later” via PayPal, the data required for payment processing is transmitted to PayPal in order to be able to fulfill the contract with you with the selected payment method. This processing is based on Art. 6 para. 1 lit. b DSGVO.

Cookies may be stored that enable your browser to be recognised. The resulting data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interest in a customer-oriented range of varying payment methods. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.

Credit card via PayPal, direct debit via PayPal & “Pay later” via PayPal

For individual payment methods such as credit card via PayPal, direct debit via PayPal or “Pay later” via PayPal, PayPal reserves the right, if necessary, to obtain credit information on the basis of mathematical-statistical methods using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a weighed decision on the establishment, implementation or termination of the contractual relationship. The credit information may include probability values (score values), which are calculated on the basis of scientifically recognized mathematical-statistical methods and in the calculation of which, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for a contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO for our overriding legitimate interest in protecting against payment default when PayPal makes advance payments.

You have the right to object at any time to this processing of personal data relating to you based on Art. 6 (1) (f) DSGVO for reasons arising from your particular situation by notifying PayPal. The provision of the data is necessary for the conclusion of the contract with the payment method requested by you. Failure to provide it will result in the contract not being concluded with the payment method you have chosen.

Use of Sofortüberweisung as a payment method

If you decide to pay with the online payment service provider Sofortüberweisung during your order process, your contact details will be transmitted to Sofortüberweisung as part of the order triggered in this way.

Sofortüberweisung is an offer from SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. Sofortüberweisung takes on the function of an online payment service provider, which enables cashless payment for products and services on the Internet.

The personal data transmitted via immediate transfer is mostly first name, last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order such as number of items, item number, invoice amount and tax percentage, billing information, etc.

This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to manage your payment and the customer relationship. The transmission of your data to SOFORT GmbH is therefore based on Article 6 (1) (b) GDPR.

However, please note: personal data can also be passed on to service providers, a subcontractor or other affiliated companies on the part of Sofortüberweisung, insofar as this is necessary to fulfill the contractual obligations from your order or the personal data is to be processed in the order.

In the case of immediate transfer, personal data may be transmitted to credit agencies. This transmission is used to verify the identity and creditworthiness of the order you have purchased.

You can find out which data protection principles the processing of your data is based on by Sofortüberweisung from the data protection information that is displayed to you during the payment process by Sofortüberweisung.

If you have further questions about the use of your personal data, you can contact Sofortüberweisung by email (datenschutz@sofort.com) or in writing (SOFORT GmbH, Datenschutz, Theresienhöhe 12, 80339 Munich).

Use of Stripe as a payment option

We offer the option of processing the payment transaction via the payment service provider Stripe, ℅ Legal Process, 510, Townsend St., San Francisco, CA 94103 (Stripe). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 Para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe, insofar as this is necessary for the fulfillment of the contract (Art. 6 Para. 1 lit b. DSGVO).

Name of Cardholder
E-mail address
customer number
Order number
Bank details
credit card details
Validity period of the credit card
Credit Card Verification Number (CVC)
Date and time of the transaction
transaction total
Vendor name
Location

The processing of the data specified under this section is not required by law or contract. Without the transmission of your personal data, we cannot make a payment via Stripe. [You have the option to choose another payment method.] Stripe takes on a dual role as controller and processor in data processing activities.

As the controller, Stripe uses your transmitted data to fulfill regulatory obligations. This corresponds to Stripe’s legitimate interest (according to Art. 6 Para. 1 lit. f GDPR) and serves to execute the contract (according to Art. 6 Para. 1 lit. b GDPR). We have no influence on this process. Stripe acts as a processor in order to be able to complete transactions within the payment networks. As part of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obliged to comply with the data protection regulations within the meaning of Art. 28 DSGVO.

Stripe has implemented compliance measures for international data transfers. These apply to all worldwide activities in which Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Address: Stripe Payments Europe Limited 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland Attention: Stripe Legal

You can find more information on how to object to and remove Stripe from: https://stripe.com/privacy-center/legal

Use of giropay as a payment option

The processing of the payment giropay takes place via the external payment provider Stripe and additionally via giropay GmbH. The payment provider giropay GmbH transfers, processes and stores, if necessary, personal data that are required for the processing of the payment. Only giropay GmbH is responsible for the processing of this data.

giropay GmbH
An der Welle 4
60322 Frankfurt/Main
Germany

For details on payment with giropay, please refer to the terms and conditions and privacy policy of the payment provider at: https://www.giropay.de/agb/index.html

VII. Security

Firewall

To protect our website, we use the firewall plugin “Ninja Firewall” from NinTechNet, 38, Soi Ladprao 94, Wang Thonglang, Bangkok 10310, Thailand. This plugin saves the IP address required for the protective function of the firewall in an anonymous form by removing the last 3 characters. These are stored on our own server for 7 days and then automatically deleted.

“Ninja Firewall” protects our website from unauthorized access through unwanted network access. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. We do not transfer any data to NinTechNet. Cookie notice: Ninja Firewall uses mandatory authentication cookies to whitelist the admin(s). Cookies are set when an administrator logs into the administration console. They do not apply to visitors to our website. Here, too, we do not store any personal data of visitors and do not use such either. For more information about data protection at NinTechNet, visit: blog.nintechnet.com/ninjafirewall-general-data-protection-regulation-compliance/

Limit Login Attempts Reloaded

The WordPress plugin “Limit Login Attempts Reloaded” is used to defend against brute force attacks. This stores all logged IP addresses in encrypted form in the WordPress database. The use of “Limit Login Attempts Reloaded” is in the interest of protecting our online offering. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.

Sources:https://www.e-recht24.de & sample data protection declaration of the law firm Weiß & Partner