Hereinafter we inform you about the nature, scope and purpose of the processing of your personal data when using our online shop at “www.sarahjohann.com“. Personal data is any information that relates to an identified or identifiable natural person.
The person responsible (“Controller”) within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. Controller within the meaning of the GDPR for the personal data processed by this shop is Sarah Johann, Naugartener Str. 26, 17291 Nordwestuckermark, phone 0172-4561652, e-mail firstname.lastname@example.org (hereinafter “we”).
2. When you visit our web site
When you visit our website, our server collects the following information from your device: browser type and version, operating system used, the previously visited web page, IP address, and time of the page view.
We collect and process this data in order to ensure the trouble-free operation of our website and to detect, fend off and prosecute a misuse of our services. Furthermore, we use the collected data for statistical purposes to evaluate, for example, by which devices and browsers our shop is accessed in order to improve and adapt our offer to our customers’ needs on an ongoing basis. This data processing is based on Article 6 par. 1 f GDPR.
We will delete the aforementioned data no later than twelve months after they have been collected.
3. When you place an order
When you place an order in our online shop, we process your name, the delivery address, and your e-mail address, as entered by you during the ordering process. We will also process any additional information provided by you voluntarily during the ordering process (such as a differing billing address or a telephone number).
We process this data electronically for the proper performance of the contract, in particular for shipping, invoicing, accounting, and processing of returns and complaints. This data processing is based on Article 6 par. 1 b GDPR.
We store this data until all mutual claims arising from the respective contractual relationship with you have been completely settled and the commercial and fiscal retention periods to which we are subject have expired.
To conclude a contract between you and us, it is necessary that we receive your name, delivery address and e-mail address. The necessity of providing this data arises from various statutory regulations (eg. § 312i par. 1 and 3 BGB [German Civil Code], § 14 par. 4 UStG [German Turnover Tax Act]. Without providing this data, you cannot conclude a contract with us.
We refrain from using automated decision-making or profiling for deciding whether or not to conclude a contract.
4. Shipping and Payment
When we ship physical goods in order to perform a contract, we may transmit your name and delivery address, and, if you have given your consent, your e-mail address, to DHL (DHL Paket GmbH, 53113 Bonn) as our shipping service provider for the purpose of delivering the shipment to you, including, if applicable, a prior e-mail notification of the expected time of delivery, and, if necessary, for returns back to us, on the basis of Article 6 par. 1 b GDPR.
Upon receipt of a payment, we process the data transmitted to us by the payment service provider.
When we receive a transfer to our account, we process in particular the name of the transferring account holder, the account number (IBAN and BIC) and the purpose of the transfer.
This data processing takes place according to Article 6 par. 1 b GDPR. We shall store this data until all mutual claims arising from the respective contractual relationship with you have been completely settled and all commercial and fiscal retention periods to which we are subject have expired.
As a technical service provider for the operation of our website on the Internet, we use the services of 1&1 (1&1 Internet AG, 56410 Montabaur) as Processor according to Article 28 GDPR
6. Contacting us
If you send us a message by e-mail, we will save your message along with the sender details (your name, e-mail address, and any additional information added by your e-mail program) in order to be able to answer it and also to respond to possible subsequent questions (legal basis: Article 6 par. 1 f GDPR). For reception, storage and sending of e-mails, we use an e-mail provider who acts for us as a processor in accordance with Article 28 GDPR.
This data processing is based on our legitimate interest to answer your request and handle possible follow-up requests from you (Article 6 par. 1 f GDPR). We will erase the information collected from your message no later than twelve months after the last communication with you on your request, subject to the provision in the following paragraph.
If you send us a message with information legally relevant for the contractual relationship (e.g. a withdrawal or a complaint), the legal basis for the processing is Article 6 par. 1 b GDPR, regardless of how you transmitted your message to us. In such a case, we will erase the data related to your message as soon as all mutual claims arising from the contractual relationship have been completely settled and the commercial and fiscal retention periods have expired.
If you have subscribed to our newsletter, we will inform you by e-mail about new offers and functions of our shop. You will not receive more than one newsletter a week. You can object to the use of your e-mail address for advertising purposes at any time in any form, without incurring any costs other than transmission costs at the basic rate.
This data processing is based on your consent in accordance with Article 6 par. 1 a GDPR. If you revoke your consent to the use of your e-mail address for advertising purposes, we will delete your e-mail address from our mailing list.
As a technical service provider for the dispatch of our newsletter we use services of MailChimp / The Rocket Science Group, LLC / Atlanta, GA 30308 USA (Processor according to Article 28 GDPR).
When you visit our shop, we place one or more “cookies” on your device. A cookie is a small text file that we use to recognize your device when you return to our shop for a later visit. With the help of cookies we can also analyze certain user behavior, for example, which products you are looking at, how long you stay on our site and when and how often you return to our shop. Cookies placed by us will be deleted no later than twelve months after your last visit to our shop.
This data processing is carried out on the basis of our legitimate interest to better tailor our product range to the wishes of our shop visitors and to optimise the shop functions and the efficiency of advertising measures (legal basis: Article 6 par. 1 f GDPR).
9. Social Media
You may find Social Media buttons on our website; they can be recognized by the logos of the social media platforms (hereinafter “Platforms”) (Facebook: „f“ logo, Instagram: square camera logo). Clicking on such a button calls the respective Platform’s website; at the same time, the IP address of your device and the address of the page where the link is placed (“Referrer”) will be transmitted to the Platform. However, we neither collect nor otherwise process any data related to the use of these social media buttons.
10. Your Rights
With regard to your personal data we process, you have the following rights:
You have the right to obtain a confirmation from us as to whether we process personal data concerning you. If this is the case, we will inform you about the personal data stored about you and the further information in accordance with Article 15 par. 1 and 2 GDPR.
You have the right to have your inaccurate personal data rectified without undue delay. Taking into account the purposes of processing, you also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.
You can demand the erasure of your personal data concerning you under the conditions of Article 17 par. 1 GDPR without undue delay, as far as their processing is not necessary according to Article 17 par. 3 GDPR.
You may demand that we restrict the processing of your data if one of the requirements of Article 18 par. 1 GDPR applies. In particular, you can request the restriction instead of an erasure.
We will communicate any rectification or erasure of your personal data and a restriction of processing to all recipients to whom we have disclosed your personal data, unless this proves impossible or involves a disproportionate effort. We will also inform you about these recipients if you request it.
You have the right to receive the personal data which you provide to us in a structured, commonly used and machine-readable format. You may also request that we transmit the data to another controller without hindrance, where technically feasible.
As far as a data processing is based on your given consent, you have the right to, withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of the data processing based on consent before its withdrawal.
RIGHT TO OBJECT: ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, YOU MAY, AT ANY TIME, OBJECT TO PROCESSING OF YOUR PERSONAL DATA; this right applies to a processing, according to Article 6 par. 1 f DPRG, necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. If you exercise your right to object, we will no longer process the personal data in question unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of you, or for the establishment, exercise or defense of legal claims.
IN CASE WE PROCESS PERSONAL DATA FOR DIRECT MARKETING PURPOSES (E.G. NEWSLETTER), YOU MAY, AT ANY TIME, OBJECT TO PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING, WITH THE RESULT THAT WE WILL NO LONGER PROCESS YOUR DATA FOR THESE PURPOSES.
If you believe that the processing of your personal data is in breach of the GDPR, you may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. This does not exclude other administrative or judicial remedies.