Privacy policy

Entry

In the following data protection declaration, we would like to explain to you which types of your personal data (hereinafter also referred to as "data") we process for which purposes and to what extent. The data protection declaration applies to any processing of personal data that we carry out, both as part of the provision of our services and in particular on our websites, in mobile applications and as part of external online presences, such as our social media profiles (hereinafter collectively referred to as "internet offer").

The terms used are not gender specific.

Contents

• entry
• Responsible
• Processing overview
• Relevant Legal Basis
• Security measures
• Transfer and disclosure of personal information
• Data processing in third countries
• Use of cookies
• Commercial and business services
• Providing an online offer and hosting
• contact
• Newsletters and electronic notifications
• Network analysis, monitoring and optimization
• Presence in social networks (social media)
• Plugins and built-in features and content
• data deletion
• Changing and updating the privacy policy
• Rights of data subjects
• term definitions

Responsible

KAROLINA RAJCHEL ZURI CERAMIC STUDIO
DONOSY 47, 28-500 KAZIMIERZA WIELKA

Email address: zuriceramics@gmail.com

Processing overview

The following overview summarizes the types of data processed and the purposes of their processing and relates to the data subjects.

Types of data processed

• Inventory data (e.g. names, addresses).
• Content data (e.g. online form entries).
• Contact information (e.g. email address, phone numbers).
• Meta/communication data (e.g. device information, IP addresses).
• Usage data (e.g. visited websites, interest in content, access times).
• Contract data (e.g. subject of the contract, date, customer category).
• Payment details (e.g. bank details, invoices, payment history).

Categories of data subjects

• business and contractual partners.
• Interested people.
• communication partner.
• Customers.
• Users (e.g. website visitors, users of online services).

Purposes of processing

• Ensuring our online offer and user-friendliness.
• Conversion measurement (measuring the effectiveness of marketing activities).
• office and organizational procedures.
• Direct marketing (e.g. by e-mail or post).
• Interest-based and behavioral marketing.
• Contact Requests and Communications.
• Profiling (creating user profiles).
• remarketing.
• Range measurement (e.g. visit statistics, recognition of returning guests).
• Security measures.
• Tracking (e.g. interest/behavioral profiling, use of cookies).
• Provision of contract services and customer service.
• Manage and respond to inquiries.

Relevant Legal Basis

Below we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, there may be national data protection laws in your or our country of residence and residence. If more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.

• Consent (Article 6(1)(1)(a) of the GDPR) - The data subject has consented to the processing of his/her personal data for a specific purpose or several specific purposes.
• Performance of the contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b DSGVO) - Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of prior - contractual measures that are required for request of the data subject.
• Legal obligation (Article 6 (1) sentence 1 (c) GDPR) - Processing is necessary to comply with a legal obligation to which the responsible person is subject.
• Legitimate interests (Article 6 (1) sentence 1 (f) of the GDPR) - Processing is necessary to protect the legitimate interests of the administrator or a third party, unless the interests or fundamental rights and freedoms of the data subject, which protection of Personal Data requires priority.

Security measures

We use appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, implementation costs and the type, scope, circumstances and purposes of processing as well as various probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons in order to ensure a level of protection appropriate to the threat.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to data as well as access, entry, sharing, securing availability and their separation. In addition, we have established procedures to ensure the exercise of the rights of data subjects, data deletion and response to data threats. In addition, we consider the protection of personal data already in the development or selection of hardware, software and processes in accordance with the principle of data protection, through the design of technologies and default settings conducive to data protection.

Transfer and disclosure of personal information

As part of the processing of personal data by us, it may happen that this data will be transferred to other authorities, companies, legally independent organizational units or persons or will be disclosed to them. The recipients of this data may be, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into the website. In such a case, we comply with legal requirements, and in particular, we conclude appropriate agreements or agreements with the recipients of your data to protect your data.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), European Economic Area (EEA)) or processing as part of using third party services or disclosing or transferring data to other persons, authorities or companies, this is done only in accordance with legal requirements.

Subject to express consent or a contractually or legally required transfer, we process or have data processed in third countries with a recognized level of data protection, contractual obligation through the so-called standard protection clauses of the EU Commission, if there are certificates or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection /international-dimension-data-protection_de ).

Use of cookies

Cookies are text files containing data from visited websites or domains and are saved by the browser on the user's computer. The cookie is primarily used to store information about the user during or after his visit to the online offer. The information stored may include, for example, language settings on the website, login status, shopping cart or where the video was watched. The term "cookies" also includes other technologies that perform the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as "user IDs").

The following types and functions of cookies are distinguished:

• Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after the user leaves the online offer and closes the browser.
• Persistent cookies: Persistent cookies remain stored even after you close your browser. For example, the login status can be saved or the preferred content displayed directly when the user visits the site again. Similarly, user interests may be stored in such a cookie for reach measurement or marketing purposes.
• First party cookies: First party cookies are set by us.
• Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
• Necessary (also: necessary or absolutely necessary) cookies: Cookies may be absolutely necessary for the operation of the website (e.g. to save logins or other user entries or for security reasons).
• Statistical, marketing and personalization cookies: Cookies are also typically used to measure reach and record your interests or behavior (e.g. viewing certain content, using features, etc.) on individual websites in your profile. Such profiles are used to show users, for example, content that corresponds to their potential interests. This procedure is also called "tracking", i.e. following the potential interests of users. If we use cookies or "tracking" technologies, we will inform you of this separately in our data protection declaration or when obtaining consent.

Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you agree to the use of cookies, the legal basis for the processing of your data is your consent. Otherwise, the data processed via cookies will be processed on the basis of our legitimate interests (e.g. for the commercial operation of our online offer and its improvement) or if the use of cookies is necessary for the fulfillment of our contractual obligations.

Storage period: If we do not provide you with clear information about the storage period of permanent cookies (e.g. as part of the so-called consent to cookies), please assume that the storage period may be up to two years.

General information on withdrawal and objection (opt-out): Depending on whether the processing is based on consent or legal consent, you have the option at any time to withdraw consent or object to the processing of your data by cookie technologies (collectively referred to as " opt-out"). You can initially object to this via the settings in your browser, e.g. by deactivating cookies (which may also limit the functionality of our online offer). You can also object to the use of cookies for online marketing purposes using various services, in particular in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ . In addition, you can receive further objections as part of the information about the service providers and the cookies used.

Processing of cookie data based on consent: We use a cookie consent management procedure where the user's consent to the use of cookies is obtained or the processing and providers listed in the context of the cookie consent management procedure and managed by users and can be revoked . The declaration of consent is stored here so that you do not have to ask again and to be able to prove consent in accordance with the legal obligation. Storage may be server-side and/or in a cookie (so-called opt-in cookie or comparable technologies) to be able to attribute consent to you or your device. Subject to individual information about cookie management service providers, the following applies: Consent may be stored for up to two years. A pseudonymous user ID is created and stored along with the time of consent, information about the scope of consent (e.g. what categories of cookies and/or service providers) and the browser, system and end device used.

• Types of data processed: usage data (e.g. websites visited, interest in content, access time), meta/communication data (e.g. device information, IP addresses).
• Affected persons: users (e.g. website visitors, users of online services).
• Legal basis: Consent (Article 6(1)(1)(a) of the GDPR), legitimate interest (Article 6(1)(1)(f) of the GDPR).

Commercial and business services

We process the data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the framework of contractual and comparable legal relationships and related measures and in the context of communication with contractual (or pre-contractual) partners, e.g. to respond.

We process this data to fulfill our contractual obligations, protect our rights and for administrative tasks related to this information and corporate organization. We transfer data of contractual partners to third parties only within the framework of applicable law, insofar as this is necessary for the aforementioned purposes or to comply with legal obligations or with the consent of the data subjects (e.g. to telecommunications, transport and other involved ancillary services as well as subcontractors banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the framework of this data protection declaration.

We inform the contracting parties which data is required for the aforementioned purposes before or during data collection, e.g. in web forms, by means of special markings (e.g. colors) or symbols (e.g. asterisks or similar) or in person.

We delete the data after the expiry of the warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in the customer's account, e.g. years). We delete the data provided to us by the contractual partner as part of the order in accordance with the order specifications, usually after completion of the order.

Insofar as we use third-party providers or platforms to provide our services, the terms and data protection notices of the relevant third-party providers or platforms apply between users and providers.

Shop and e-commerce: We process our customers' data in order to enable them to select, purchase or order selected products, goods and related services, as well as their payment and delivery or fulfillment. If it is necessary for the execution of an order, we use the services of suppliers, in particular postal, forwarding and forwarding companies, for the purpose of delivery or fulfillment for our customers. We use banks and payment service providers to process payment transactions. The required information is marked as such in the context of the ordering or comparable acquisition process and includes information required for delivery or performance and billing, as well as contact details to be able to carry out a possible consultation.

• Types of data processed: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. e-mail, telephone numbers), contract data (e.g. subject of the contract , term, customer category), usage data (e.g. websites visited, interest in content, access time), meta/communication data (e.g. device information, IP addresses).
• Interested parties: interested parties, business partners and contractors, customers.
• Purposes of processing: provision of contractual services and customer service, contact requests and communication, office and organizational procedures, management and response to requests, security measures.
• Legal basis: performance of the contract and pre-contractual inquiries (Article 6(1)(1)(b) of the GDPR), legal obligation (Article 6(1)(1)(c) of the GDPR), legitimate interest (Art. 6(1)(c) of the GDPR) 1 point 1 letter f GDPR).

Providing an online offer and hosting

In order to be able to provide our online offer securely and efficiently, we use one or more hosting service providers from whose servers (or servers managed by them) the online offer can be accessed. For this purpose, we may use infrastructure and platform services, computing power, storage and database services, as well as security and technical maintenance services.

The data processed as part of the provision of the hosting service may include all information about the users of our online offer that arises in the context of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the content of online offers to browsers, and all entries made within our online offer or on websites.

Collection of access data and log files: We (or our hosting provider) collect data about each access to the server (so-called server log files). Address and name of downloaded websites and files, date and time of download, amount of data transferred, notification of successful download, browser type and version, user's operating system, referrer URL (previously visited page) and, as a rule, IP addresses and the requesting provider belong .

Server log files can be used on the one hand for security purposes, eg to avoid overloading the server (especially in the case of misuse, so-called DDoS attacks), and on the other hand to ensure the use and stability of the server.

• Types of data processed: content data (e.g. online form entries), usage data (e.g. websites visited, content interest, access time), meta/communication data (e.g. device information, IP addresses).
• Affected persons: users (e.g. website visitors, users of online services).
• Legal basis: legitimate interest (Article 6(1)(1)(f) of the GDPR).

contact

When contacting us (e.g. via the contact form, e-mail, telephone or social media), the requesting person's data will be processed, as long as it is necessary to respond to the contact request and to take any requested action.

The response to contact inquiries within the framework of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre-)contractual inquiries or otherwise based on a legitimate interest in responding to inquiries.

• Types of data processed: Inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers), substantive data (e.g. entries in web forms).
• Interested persons: communication partners.
• Purposes of processing: contact requests and communication.
• Legal basis: Performance of the contract and pre-contractual inquiries (Article 6(1)(1)(b) of the GDPR), legitimate interests (Article 6(1)(1)(f) of the GDPR).

Newsletters and electronic notifications

We send newsletters, e-mails and other electronic notifications (hereinafter "newsletters") only with the consent of the recipient or legal permission. If the content of the newsletter is described in detail when registering for the newsletter, these are decisive for the user's consent. Our newsletter also contains information about our services and ourselves.

To register for our newsletters, it is usually sufficient to enter your e-mail address. However, we may ask you for your name so that we can address you personally in the newsletter or other information if this is necessary for the purposes of the newsletter.

Double opt-in procedure: Registration for our newsletter takes place in the so-called double consent procedures. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else's email address. Newsletter registrations are logged in order to be able to prove that the registration process complies with legal requirements. This includes the storage of the time of registration and confirmation as well as the IP address. Changes to your data held by the shipping service provider are also logged.

Deletion and restriction of processing: We may retain unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them to prove prior consent. The processing of this data is limited to the purpose of possible defense against claims. An individual request for deletion is possible at any time, provided that the prior consent has been confirmed at the same time. In the event of an ongoing obligation to comply with a contradiction, we reserve the right to store your e-mail address in the block list for this sole purpose.

The registration takes place on the basis of our legitimate interest in order to demonstrate that it has been carried out correctly. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.

Notes on the legal basis: The newsletter is sent on the basis of the recipient's consent or, when consent is not required, on the basis of our legitimate interest in direct marketing, if and to the extent permitted by law, e.g. in the case of advertising for current customers. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interest in order to demonstrate that it was carried out in accordance with the law.

Content: Information about us, our services, promotions and offers.

Analysis and performance measurement: The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is downloaded from our server when you open the newsletter or, if we use the services of a shipping service provider, from their server. As part of this search, technical information is initially collected, such as browser and system information, as well as the IP address and time of download.

This information is used to technically improve our newsletter based on technical data or target groups and their reading behavior based on their search location (which can be determined by IP address) or access time. This analysis also includes determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, neither our purpose nor, if applicable, the purpose of the shipping service provider is to monitor individual users. Rather, the ratings serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The evaluation of the newsletter and the measurement of success takes place, with the express consent of the user, based on our legitimate interests to use a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of users.

Unfortunately, a separate performance measurement reference is not possible. In this case, you must unsubscribe from the entire newsletter or file an objection.

• Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. pages visited internet, content interest, access times).
• Interested persons: communication partners.
• Purposes of processing: direct marketing (e.g. by e-mail or post).
• Legal basis: Consent (Article 6(1)(1)(a) of the GDPR), legitimate interest (Article 6(1)(1)(f) of the GDPR).
• Option to object (opt-out): You can unsubscribe from our newsletter at any time, i.e. withdraw your consent or object to further receipt. The link to unsubscribe from the newsletter can be found either at the end of each newsletter, or you can use one of the contact options listed above, preferably by e-mail.

Network analysis, monitoring and optimization

Web analysis (also known as "reach measurement") is used to evaluate the visitor flow to our online offer and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymised values. With the help of the reach analysis, we can, for example, determine the time when our online offer or its functions or content are used most often or invite users to use them again. We can also understand which areas need optimization.

In addition to web analytics, we may also use test procedures, for example to test and optimize different versions of our online offer or its components.

For this purpose, so-called user profiles may be created and stored in a file (so-called "cookies") or similar processes may be used for the same purpose. This information may include, for example, the content viewed, the websites visited and the elements used there, and technical information such as the browser used, the computer system used and information about the time of use. If users have consented to the collection of their location data, this may also be processed depending on the provider.

Users' IP addresses are also stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. Basically, in the context of web analytics, A/B testing and optimization, no clear user data (e.g. e-mail addresses or names) is stored, but pseudonyms. This means that neither we nor the suppliers of the software used know the actual identity of users, but only the information stored in their profiles for the purposes of a given process.

Legal basis notes: If we ask users to consent to the use of third party providers, the legal basis for data processing is consent. Otherwise, the user's data is processed on the basis of our legitimate interest (i.e. interest in an efficient, economical and recipient-friendly service). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

• Types of data processed: usage data (e.g. websites visited, interest in content, access time), meta/communication data (e.g. device information, IP addresses).
• Affected persons: users (e.g. website visitors, users of online services).
• Purposes of processing: range measurement (e.g. visit statistics, recognition of returning guests), tracking (e.g. interest/behavioral profiling, use of cookies), conversion measurement (measuring the effectiveness of marketing activities), profiling (creating user profiles).
• Security measures: IP masking (pseudonymisation of the IP address).
• Legal basis: Consent (Article 6(1)(1)(a) of the GDPR), legitimate interest (Article 6(1)(1)(f) of the GDPR).

Services and service providers used:

• Matomo: The information generated by the cookie about the use of this website is stored exclusively on our server and is not passed on to third parties; Service provider: network analysis/range measurement on own hosting; Website: https://matomo.org/ ; Data deletion: Cookies are stored for a maximum of 13 months.

Presence in social networks (social media)

We maintain an online presence on social networks and process user data in this context to communicate with users active there or to offer information about us.

Please note that user data may be processed outside the European Union. This may pose a risk to you as, for example, it may make it difficult to enforce your rights.

In addition, user data is usually processed on social networks for market research and advertising purposes. For example, usage profiles can be created based on user behavior and resulting user interests. Usage profiles can in turn be used, for example, to place advertisements inside and outside the network that are presumably relevant to the user's interests. For this purpose, cookies are usually stored on users' computers where user behavior and user interests are recorded. In addition, data may be stored in usage profiles regardless of the devices users use (especially if users are members of the respective platforms and are logged in to them).

A detailed description of the individual forms of processing and the possibility of objection (opt-out) can be found in the data protection declarations and information provided by the operators of the relevant networks.

Also in the case of requests for information and the assertion of the rights of data subjects, we would like to point out that these can be asserted most effectively with the providers. Only providers have access to user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

• Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest content, access time), meta/communication data (e.g. device information, IP addresses).
• Affected persons: users (e.g. website visitors, users of online services).
• Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioral profiling, use of cookies), remarketing.
• Legal basis: legitimate interest (Article 6(1)(1)(f) of the GDPR).

Services and service providers used:

• Instagram: social network; Service Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, Parent Company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.instagram.com ; Privacy Policy: https://instagram.com/about/legal/privacy .

Plugins and built-in features and content

We integrate functional and content elements into our online offer, which are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may be, for example, graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as "content").

The integration always requires the third-party providers of this content to process the user's IP address, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required to display these contents or functions. We try to use only content whose providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. "Pixel tags" may be used to evaluate information such as visitor traffic on the pages of this website.

Legal basis notes: If we ask users to consent to the use of third party providers, the legal basis for data processing is consent. Otherwise, the user's data is processed on the basis of our legitimate interest (i.e. interest in an efficient, economical and recipient-friendly service). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

Instagram plugins and content: We work with Facebook Ireland Ltd. to collect or receive as part of the transmission (but not further processing) "event data" that Facebook collects through Instagram features (e.g. embed content features) that are implemented in as part of our online offer or as part of the transmission for the following jointly responsible purposes: a) displaying content and advertising information that correspond to the user's presumed interests; b) delivery of commercial and transactional messages (e.g. directing to users via Facebook Messenger); c) Improving ad delivery and personalizing features and content (e.g. improving recognition of which content or advertising information is likely to match users' interests). https://www.facebook.com/legal/controller_addendum ), which regulates in particular which security measures Facebook must comply with ( https://www.facebook.com/legal/terms/data_security_terms ) and in which Facebook agrees that it must meet the rights of the data subject (i.e. users can, for example, send information or requests for deletion directly to Facebook). Note: If Facebook provides us with measurements, analyzes and reports (which are aggregated, i.e. they do not contain information about individual users and are anonymous to us), then this processing does not take place under joint responsibility, but on the basis of an order processing contract ( "Conditions of data processing"). , https://www.facebook.com/legal/terms/dataprocessing ), "Data Security Terms" ( https://www.facebook.com/legal/terms/data_security_terms ) and in relation to processing in the USA based on Standard Contractual Clauses (“Facebook EU Data Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum ”). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not limited by contracts with Facebook.

• Types of data processed: usage data (e.g. websites visited, interest in content, access time), meta/communication data (e.g. device information, IP addresses), contact details (e.g. e-mail, telephone numbers), regarding content (e.g. entries in web forms).
• Interested persons: users (e.g. website visitors, users of online services), communication partners.
• Purposes of processing: Provision of our online offer and user friendliness, provision of contractual services and customer service, contact inquiries and communication, direct marketing (e.g. by e-mail or post), tracking (e.g. interest/behavioral profiling, use of cookies) ), interest-based and behavioral marketing, Profiling (creating user profiles).
• Legal basis: legitimate interest (Article 6(1)(1)(f) of the GDPR), consent (Article 6(1)(1)(a) of the GDPR).

Services and service providers used:

• Google Fonts: We integrate fonts ("Google Fonts") from the provider Google, whereby user data is used only to display the fonts in the user's browser. The integration takes place on the basis of our legitimate interests, consisting in the technically secure, maintenance-free and efficient use of fonts, their uniform representation and taking into account possible licensing restrictions regarding their integration. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; website: https://fonts.google.com/ ; Privacy Policy: https://policies.google.com/privacy .
• Instagram plugins and content: Instagram plugins and content - this can be content such as images, videos or text, and buttons with which users can share content from this online offer within Instagram. Service provider: https://www.instagram.com , Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com ; Privacy Policy: https://instagram.com/about/legal/privacy .

data deletion

The data processed by us will be deleted in accordance with the legal requirements as soon as your consent to the processing is withdrawn or other permissions no longer apply (e.g.).

If the data is not deleted because it is necessary for other legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and will not be processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose retention is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data can also be obtained in the context of the individual data protection information in this data protection declaration.

Changing and updating the privacy policy

Please inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing we carry out require it. We will inform you as soon as changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this privacy statement, please note that these addresses may change over time and please check this information before contacting us.

Rights of data subjects

As a data subject, you have various rights under the GDPR, which result in particular from art. 15 to 21 GDPR:

• Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on art. 6 sec. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct advertising, you have the right to object to the processing of your personal data for such advertising at any time; this also applies to profiling, insofar as it is related to such direct advertising.
• Right to withdraw consent: You have the right to withdraw your consent at any time.
• Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with legal requirements.
• Right to rectification: As required by law, you have the right to request supplementation of your data or rectification of incorrect data concerning you.
• Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request the immediate erasure of data concerning you, or alternatively to request restriction of data processing in accordance with legal requirements.
• Right to data portability: You have the right to receive the data you have provided to us in accordance with legal requirements in a structured, commonly used and machine-readable format or to request that it be sent to another responsible person.
• Complaint to the supervisory authority: You also have the right, in accordance with statutory provisions, to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of personal data concerning you violates the provisions GDPR.

term definitions

This section provides an overview of the terms used in this data protection declaration. Many terms are taken from the law and defined primarily in Art. 4 GDPR. Legal definitions are binding. The following explanations, however, are primarily for understanding. The terms are sorted alphabetically.

• IP masking: "IP masking" is a method of removing the last octet, i.e. the last two digits of an IP address, so that the IP address can no longer be used to uniquely identify a person. Therefore, masking IP addresses is a way to pseudonymise processing methods, especially in online marketing
• Interest-Based and Behavioral Marketing: There is talk of interest-based and/or behavioral marketing when users' potential interests in advertisements and other content are predetermined as accurately as possible. This is done using information about their previous behavior (e.g. visiting and staying on certain websites, shopping behavior or interactions with other users), which is stored in the so-called cookies. profile. Cookies are usually used for these purposes.
• Conversion measurement: Conversion measurement (also known as "visit performance evaluation") is a method by which the effectiveness of marketing activities can be determined. For this purpose, a cookie is usually stored on the user's device as part of the website where the marketing activities take place and then recalled on the target website. For example, it allows us to understand whether advertisements we have placed on other websites have been successful.
• Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by being assigned to an identifier, such as a name, identification number, location data, online identifier (e.g. cookie) or one or more specific characteristics are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Profiling: "Profiling" means any type of automated processing of personal data that consists of using this personal data to obtain certain personal data about a natural person (depending on the type of profiling, this includes information regarding Age, gender, location and movement data, interactions with websites and their content, shopping behavior, social interactions with other people) for the purpose of analyzing, evaluating or predicting them (e.g. interest in certain content or products, behavior related to clicking on a website or place of residence). Cookies and web beacons are often used for profiling purposes.
• Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the visitor flow to the online offer and may include the visitor's behavior or interests with regard to certain information, such as the content of the website. With the help of reach analysis, website owners can, for example, see what time visitors visit their website and what content they are interested in. Thanks to this, they can, for example, better adapt the content of the website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for range analysis purposes to recognize returning visitors and thus obtain more accurate analyzes of the use of the online offer.
• Remarketing: There is talk of "remarketing" or "retargeting" when, for example, for advertising purposes, it is noted what products a user was interested in on a website in order to remind him of those products on other websites, e.g. in advertisements.
• Tracking: There is talk of "tracking" when user behavior can be traced across several online offerings. As a rule, information about your behavior and interests is stored in cookies or on the servers of the tracking technology providers in relation to the online offers you use (so-called profiling). This information can then be used, for example, to show you advertisements that may be relevant to your interests.
• Responsible person: The "responsible person" is the natural or legal person, authority, institution or other body which, alone or jointly with others, decides on the purposes and means of processing personal data.
• Processing: "Processing" is any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data. The term goes a long way to cover virtually any handling of data, be it collection, evaluation, storage, transmission or deletion.

Cookies Necessary for the functioning of the Store

Name	Function	Duration
_ab	Used in connection with root access.	2 years
_secure_session_id	Used in connection with navigating the storefront.	24h
_shopify_country	Used in connection with the cash register.	session
_shopify_m	Used to manage customer privacy settings.	1 year
_shopify_tm	Used to manage customer privacy settings.	30 minutes
_shopify_tw	Used to manage customer privacy settings.	2 weeks
_storefront_u	It is used to facilitate the updating of customer account information.	1 minute
_consent_tracking	Tracking preferences.	1 year
c	Used in connection with the cash register.	1 year
cart	Used in conjunction with a basket.	2 weeks
basket_currency	Used in conjunction with a basket.	2 weeks
cart_mark	Used in connection with the cash register.	2 weeks
cart_ts	Used in connection with the cash register.	2 weeks
cart_ver	Used in conjunction with a basket.	2 weeks
check out	Used in connection with the cash register.	4 weeks
cash_token	Used in connection with the cash register.	1 year
dynamic_checkout_shown_on_cart	Used in connection with the cash register.	30 minutes
hide_shopify_pay_for_checkout	Used in connection with the cash register.	session
keep alive	Used in connection with the buyer's location.	2 weeks
master_id	Used in conjunction with merchant login.	2 years
previous step	Used in connection with the cash register.	1 year
Remember me	Used in connection with the cash register.	1 year
secure_clientsign	Used in connection with client login.	Twenty years
shopify_pay	Used in connection with the cash register.	1 year
shopify_pay_redirect	Used in connection with the cash register.	30 minutes, 3 weeks or 1 year depending on value
shop_overview	Used in connection with client login.	2 years
tracked_start_checkout	Used in connection with the cash register.	1 year
checkout_one_experiment	Used in connection with the cash register.	session

Reporting and Analytics

Name	Function	Duration
_entry	Track landing pages.	2 weeks
_orig_referrer	Track landing pages.	2 weeks
_S	Shopify analytics.	30 minutes
_shopify_d	Shopify analytics.	session
_shopify_s	Shopify analytics.	30 minutes
_shopify_sa_p	Shopify analytics related to marketing and referrals.	30 minutes
_shopify_sa_t	Shopify analytics related to marketing and referrals.	30 minutes
_shopify_y	Shopify analytics.	1 year
_y	Shopify analytics.	1 year
_shopify_evids	Shopify analytics.	session
_shopify_ga	Shopify and Google Analytics.	session

[INSERT OTHER COOKIES OR TRACKING TECHNOLOGIES YOU USE]

The length of time a cookie stays on your computer or mobile device depends on whether it is a "persistent" or "session" cookie. Session cookies last until you stop browsing, and persistent cookies until they expire or are deleted. Most of the cookies we use are permanent and expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please note that deleting or blocking cookies may adversely affect your user experience and some parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies using your browser settings, which are often found in your browser's "Tools" or "Preferences" menu. For more information on changing your browser settings or how to block, manage or filter cookies, please refer to your browser's help file or via websites such as: www.allaboutcookies.org .

In addition, please note that blocking cookies may not completely prevent information from being shared with third parties, such as our advertising partners. To exercise your rights or to opt out of some of the ways these parties use your information, please follow the instructions in the "Behavioral Advertising" section above.

Do not track

Please note that because there is no uniform industry understanding of how to respond to "Do Not Track" signals, we do not change our data collection and use practices when we detect such a signal from your browser.

Changes

We may update this Privacy Policy from time to time to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.