Data protection
We collect and use your personal data exclusively within the framework of the data protection regulations of the Federal Republic of Germany. These are in particular the provisions of the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).
This privacy policy describes how your personal information is collected, used, and shared when you use Susanne Haun's homepage (the "Website") or make a purchase there.
RESPONSIBLE
Responsible for the processing of your data is:
Susanne Haun
Groningerstr. 22
13347 Berlin
T. +49 030 43 00 45 72
M. +49 0177 232 80 70
info@susannehaun.de
As the data protection controller, we decide on the means and purpose of processing your data and are therefore accountable to you (Art. 5 Para. 2 GDPR). You can therefore contact us at any time if you have any questions about the processing of your data.
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including web browser information, IP address, time zone, and some of the cookies installed on your device. As you navigate the Site, we also collect information about the individual web pages or products you visit, the websites or search terms that brought you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as "Device Information."
We collect device information using the following technologies:
- Our website uses so-called “cookies”. Cookies are small text files. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself, an automatic solution is carried out by your web browser or until you revoke any consent you may have given (see below under Right of Withdrawal). In some cases, cookies from third-party companies may also be stored on your device when you visit our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services). Cookies have various functions. Many cookies are technically necessary, others are used to evaluate user behavior or display advertising. Technically necessary cookies are required for the website to function properly. This category only contains cookies that ensure basic functions and security features of the website. Processing is therefore absolutely necessary in order to provide you with the services of our website. We are permitted to do this processing on the basis of Art. 5 Para. 3 of the EU Directive 2002/58/EC of the European Union (ePrivacy Directive). All other cookies, which are used, for example, to analyze your usage behavior, for advertising purposes or for connecting to social media, are only used with your voluntary consent (Art. 6 Para. 1 a and Art. 7 GDPR). You can revoke this consent at any time by changing the cookie settings and blocking the cookies. The cookies will then be deleted. You can make the settings in the cookie settings on the website.
- "Log files" log actions on the website and record data such as IP address, browser type, Internet service provider, referring/exit pages and date/time stamps. We do not combine this data with other data sources. The data is only used to ensure the error-free operation of the website. This data is recorded on the basis of Art. 6 Para. 1 f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website.
- "Web beacons," "tags," and "pixels" are electronic files that collect information about how you navigate the Site.
Additionally, when you register with the Site or make a purchase or attempt to purchase something, we collect certain information about you, including, but not limited to, your name, billing address, shipping address, payment information (including credit card numbers and information from other payment processors), email address, and phone number. We refer to this information as "Order Information."
If you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information required to send the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure to send the newsletter, which ensures that you only receive the newsletter if you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided. We refer to this information as "newsletter information".
If you contact us by email, telephone, fax or via the contact form, your request will be processed, including all personal data resulting from it (e.g. telephone number, time, sender, name, request). Your telephone number will also be processed even if no one has answered your call. The data in your email will also be processed even if no one in our company has read the email.
By "Personal Data" in this Privacy Policy we mean device, order, newsletter and contact information as well as all other personal data collected.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We process your personal data with your consent (Art. 6 Para. 1 a GDPR), which you can revoke at any time. In this case, your data will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your request has been processed). If your request is related to a new or existing contract with us, then we may process the data for this reason (Art. 6 Para. 1 b GDPR). In addition, we are then legally obliged to continue processing this request (Art. 6 Para. 1 c GDPR together with Section 257 HGB). In this case, we are obliged to keep your request for at least six years. Other legal obligations, for example from tax law, can also lead to longer retention periods. According to Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent required in each case if you provide it to us when opening a customer account. You can find out which data is required to open an account in the input mask of the corresponding form on our website. Your customer account can be deleted at any time and can be done by sending a message to the above-mentioned address of the person responsible. After your customer account has been deleted, your data will be deleted provided that all contracts concluded through it have been fully processed, there are no statutory retention periods that prevent this, and we have no legitimate interest in continuing to store the data. By activating the newsletter confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Paragraph 1 Letter a of GDPR. We store your IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data we collect when you register for the newsletter is used strictly for the intended purpose. You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter or by sending a corresponding message to the person responsible named above. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use the data in any other way that is permitted by law and about which we will inform you in this declaration. If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact details you provided when ordering (name, address, email address) in order to personally inform you about upcoming updates within the legally stipulated period via a suitable communication channel (e.g. by post or email) within the scope of our statutory information obligations in accordance with Art. 6 Paragraph 1 Letter c of GDPR. Your contact details will be used strictly for the purpose of notifying you of updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information.
We typically use the order information we collect to fulfill orders we receive through the Site (including, without limitation, processing your payment information, arranging for shipment, and sending you invoices and/or order confirmations).
We also use this order information to:
- Communicating with you;
- Reviewing our orders for potential risks or fraud and
- Providing you with information or advertising related to our products or services, in accordance with your privacy preferences.
We use the device information we collect to screen for potential risk and fraud (in particular, your IP address) and generally to improve and optimize our website (for example, by analyzing how our customers navigate and interact with the website and to assess the success of our marketing and advertising campaigns).
We share your Personal Information with third parties who assist us in using your Personal Information as described above, as follows:
- We use Shopify to power our online store. For more information about how Shopify uses your personal information, please visit: https://www.shopify.com/legal/privacy .
- This website uses so-called “web fonts” provided by Google for the uniform display of fonts. When you visit a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must connect to Google’s servers. This allows Google to know that this website was accessed via your IP address. The use of Google WebFonts is based on a legitimate interest in the uniform display of the typeface on its website (Art. 6 Para. 1 f GDPR). If your browser does not support web fonts, a standard font from your computer will be used. Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq . Further information on the use of your personal data by Google can be found here https://policies.google.com/privacy?hl=de .
- We also use Google Analytics to understand how our customers use the website. For more information about how Google uses your personal data, please visit: https://policies.google.com/privacy?hl=en . You can opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout .
- To the extent necessary for the execution of the contract for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company (e.g. DHL) and the commissioned credit institution (e.g. Visa, Mastercard) in accordance with Art. 6 Paragraph 1 Letter b of GDPR.
- If you choose the payment method “Apple Pay” from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed using the “Apple Pay” function on your iOS, watchOS or macOS device by charging a payment card stored with “Apple Pay”. Apple Pay uses security functions that are integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must enter a code that you have previously specified and verify it using the “Face ID” or “Touch ID” function of your device. For the purpose of processing the payment, the information you provided during the ordering process, along with information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the payment success. If personal data is processed during the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Paragraph 1 Letter b of GDPR. Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services. When you use Apple Pay on iPhone or Apple Watch to complete a purchase that you made via Safari on Mac, the Mac and the authorization device communicate via an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can be used to identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone's settings. Go to "Wallet & Apple Pay" and disable "Allow payments on Mac." Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027 .
- If you choose the payment method “Google Pay” from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment will be processed via the “Google Pay” application on your mobile device running at least Android 4.4 (“KitKat”) and having an NFC function by charging a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To authorize a payment via Google Pay of more than €25, your mobile device must first be unlocked using the verification measure set up in each case (e.g. facial recognition, password, fingerprint or pattern). For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the source website, which is used to verify a payment. This transaction number does not contain any information about the real payment data of your payment method stored with Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google acts merely as an intermediary to process the payment process. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the payment method stored with Google Pay. If personal data is processed during the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Paragraph 1 Letter b of GDPR. Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time and amount of the transaction, the merchant location and description, a description of the goods or services purchased provided by the merchant, photos that you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction. According to Google, this processing is carried out exclusively in accordance with Art. 6 Paragraph 1 Letter f of GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and functionality of the Google Pay service. Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services. The Google Pay terms of use can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de . Further information on data protection at Google Pay can be found at the following internet address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de .
- One or more online payment methods from the following provider are available on this website: PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg. If you select a payment method from the provider for which you make an advance payment, the payment data you provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the contents of your order will be passed on to them in accordance with Art. 6 Paragraph 1 Letter b of GDPR. In this case, your data will be passed on solely for the purpose of processing the payment with the provider and only to the extent that it is necessary for this purpose. If you select a payment method for which we make an advance payment, you will also be asked to provide certain personal data (first and last name, street, house number, postcode, city, date of birth, e-mail address, telephone number, and if applicable, data on an alternative payment method) during the ordering process. In order to protect our legitimate interest in determining your ability to pay in such cases, we will forward this data to the provider for the purpose of a credit check in accordance with Art. 6 Paragraph 1 Letter f of GDPR. The provider will check on the basis of the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option you have selected can be granted with regard to payment and/or default risks. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data. You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- This website uses the Google Maps map service via an API. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. In order to use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. It is only used with your consent by activating the corresponding button. You can find more information about how user data is handled in Google's privacy policy: https://policies.google.com/privacy?hl=de .
- This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users when they visit the page in the form of an interactive user interface on which consent for certain cookies and/or cookie-based applications can be given by ticking boxes. By using the tool, all cookies/services that require consent are only loaded if the respective user gives their consent by ticking the corresponding box. This ensures that such cookies are only placed on the user's respective device if consent has been given. The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this process. If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website. Another legal basis for the processing is Art. 6 (1) (c) GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent. Further information on data protection with our cookie consent tool consentmo" can be found at the following internet address: https://www.consentmo.com/privacy-policy-terms-of-service/en .
- Finally, we may also disclose your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
On the one hand, there are so-called processors who process your data on our behalf (Article 28 GDPR). However, we remain ultimately responsible for the processing. You can find out from us at any time who we have forwarded your data to.
DO NOT TRACK
Please note that we do not alter our website's data collection and use practices when we receive a "Do Not Track" signal from your browser.
YOUR RIGHTS
Since we process your personal data, you have various rights (Art. 15 to 22 and Art. 77 GDPR). We are happy to support you in exercising your rights. We would therefore like to inform you about your rights at this point:
Revocation of your consent to data processing:
If you have consented to processing, you can revoke this consent at any time for the future. All you need to do is send us an informal email. You can also choose any other way to notify us.
Right to lodge a complaint with the competent supervisory authority:
In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority. An overview of the German authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to data portability:
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request that the data be transferred directly to another responsible party, this will only be done if it is technically feasible.
Information, deletion and correction:
Within the framework of the applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time for this purpose (see point "Who processes your data?"). An informal message to us by email is sufficient. You can also choose any other way to inform us.
Right to object to data collection in special cases and direct marketing:
IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARAGRAPH 1 F GDPR (LEGITIMATE INTEREST), YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING. THE RESPECTIVE LEGAL BASIS ON WHICH ANY PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION INFORMATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PARA. 1 GDPR).
Right to restriction of processing:
You have the right to request that the processing of your personal data be restricted. You can contact us to do so.
The right to restrict processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the check, you have the right to request that the processing of your personal data be restricted.
- If the processing of your personal data was/is unlawful, you can request that the data processing be restricted instead of deleted.
- If we no longer need your personal data, but you require it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deleted.
- If you have lodged an objection in accordance with Art. 21 Para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
- If you have restricted the processing of your personal data, these data may - with the exception of storage - only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
DATA RETENTION
When you place an order through the Site, we will retain your order information for our records unless you ask us to delete this information.
CHANGES
We may change this privacy policy from time to time to reflect changes to our practices or for other operational, legal or regulatory reasons.
CONTACT
If you need more information about our privacy practices, have questions, wish to make a complaint, or wish to have your Personal Data deleted, please contact us by email at info@susannehaun.de or by post at:
Susanne Haun
Groningerstr. 22
13347 Berlin