PRIVACY POLICY
PRIVACY STATEMENT
1. Information on the Collection of Personal Data and Contact Data
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when using our website. Personal data refers to any information that can be used to personally identify you.
1.2 The data controller of this website, within the meaning of the General Data Protection Regulation (GDPR), is cathleen's Boutique. The data controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string ‘https://’ and the padlock symbol in your browser's address bar.
2. Data Collection on Visiting Our Website
When using our website for informational purposes only, i.e., if you do not register or provide us with information in any other way, we only collect the data that your browser sends to our server (so-called ‘server log files’). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- The website you visited
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you arrived at the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
Processing takes place based on Article 6(1)(f) GDPR, grounded in our legitimate interest in improving the stability and functionality of our website. This data will not be transferred or otherwise used. However, we reserve the right to subsequently check server log files if there are concrete indications of unlawful use.
COOKIES To make your visit to our website attractive and enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies used by us are deleted after the end of the browser session, i.e. after closing your browser (session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognise your browser the next time you visit (permanent cookies). If cookies are set, they collect and process certain user information such as browsing and location data and IP address values. Permanent cookies are automatically deleted after a predetermined period, which may vary depending on the cookie. Some cookies serve to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data are also processed by some of our implemented cookies, the processing is done in accordance with Article 6(1)(b) AVG, either for the performance of a contract or
based on Article 6(1)(f) AVG to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit. We may cooperate with advertising partners who help us to make our internet offer more interesting for you. For this purpose, cookies from partner companies are also stored on your hard disk when you visit our website (third-party cookies). If we cooperate with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in the following sections. Please note that you can set your browser to inform you about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for specific cases or in general. Each browser manages cookie settings differently. These are described in each browser's help menu, which explains how to change your cookie settings. You can find these for the respective browsers under the following links: Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en Safari: https://support.apple.com/kb/ph21411?locale=de_DE Opera: https://help.opera.com/en/latest/web-preferences/#cookies Please note that if you do not accept cookies, the functionality of our website may be limited.
-
CONTACT US When contacting us (e.g. via a contact form or e-mail), personal data is collected. What data is collected when using a contact form can be seen on the relevant contact form. This data is stored and used exclusively for the purpose of answering your request or for the contact and related technical administration. Legal basis for processing the data is our legitimate interest in responding to your request according to Article 6(1)(f) AVG. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) AVG. Your data will be deleted after your request has been dealt with, provided the circumstances show that the matter in question has been conclusively dealt with and no legal retention periods prevent this.
-
DATA PROCESSING IN THE OPENING OF A CUSTOMER ACCOUNT AND FOR THE COMPLETION OF THE AGREEMENT According to Article 6(1)(b) AVG, personal data will still be collected and processed if you provide it to us for the performance of a contract or when opening a customer account. Which data is collected can be seen on the relevant entry forms. Deleting your customer account is possible at any time and can be done by sending a message to the address of the responsible party mentioned above. We store and use the data provided by you for processing the agreement. After full completion of the contract or deletion of your customer account, your data will be blocked for the purposes of tax and commercial law retention periods and deleted upon expiry of these periods, unless you have expressly consented to further use of your data or unless we reserve the right to further use your data in a legally permissible manner, about which we inform you below.
-
USE OF YOUR DATA FOR DIRECT MARKETING
6.2 Sending Email Newsletters to Existing Customers If you have provided us with your email address when purchasing goods or services, we reserve the right to periodically send you offers for similar goods or services to those already purchased, from our range by email. We do not need to obtain your separate consent for this. Data processing is carried out solely on the basis of our legitimate interest in personalised direct marketing according to Article 6(1)(f) AVG. If you have initially objected to the use of your e-mail address for this purpose, no e-mail sending from our side will take place. You have the right to object at any time to the use of your e-mail address for advertising purposes as described above, with future effect, by sending a message to the responsible person mentioned above. You will only bear the cost of transmission according to the basic rates. Upon receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately.
-
DATA PROCESSING FOR ORDER ADMINISTRATION The personal data collected by us will be passed on to the transport company in charge of the delivery within the framework of contract settlement, insofar as this is necessary for the delivery of the goods. Your payment data will be passed on by us to the competent banking institution within the framework of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we explicitly inform about this below. The legal basis for the data transfer in this case is Article 6(1)(b) AVG.
CONTACTING FOR ASSESSMENT REMINDER Own review reminder (no sending by customer review system)
We will use your e-mail address to remind you once to provide a review of your order for the review system we use, provided you have given us your express consent to do so during or after your order according to Art. 6 paragraph 1 lit. a AVG. You may withdraw your consent at any time by sending a message to the controller.
USE OF SOCIAL MEDIA: SOCIAL PLUGINS 9.1 Facebook plugins with Shariff solution Specific additional customs fees and/or import duties are not included in the price and are borne by the customer. Our website uses so-called social plugins (‘plugins’) from the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (‘Facebook’). To increase the protection of your data when visiting our website, these buttons are not used indefinitely as plugins, but only embedded in the page using an HTML link. This method of integration ensures that when opening a page on our website with such buttons, no connection to Facebook's servers is yet established. When you click on the button, a new browser window is opened and the Facebook page is loaded where you can interact (if necessary after entering your login data) with the available plugins. Facebook Inc. headquartered in the United States is certified under the EU-US Privacy Shield, which ensures compliance with the level of data protection applicable in the EU.
The purpose and scope of data collection and further processing and use of data by Facebook, as well as your rights and setting options to protect your privacy, can be found in Facebook's privacy statement: https://www.facebook.com/policy.php
9.2 Google+ plugins as Shariff solution Our website uses so-called social plugins ("plugins") of the social network Google+, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"). In order to increase the protection of your data when visiting our website, these buttons are not used without restriction as plugins, but are only embedded in the page using an HTML link. This type of integration ensures that when you open a page on our website with such buttons, no connection is yet established to the Google+ servers. When you click on the button, a new browser window opens and the Google+ page is loaded on which you can interact with the existing plugins (if necessary after entering your login data). Google LLC, headquartered in the USA, is certified under the EU-US Privacy Shield, which guarantees compliance with the data protection level applicable in the EU.
The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights and setting options for protecting your privacy, can be found in Google's privacy policy: https://www.google.com/intl/de/policies/privacy/
9.3 Instagram plugin as a Shariff solution
So-called social plugins ("plugins") of the online service Instagram are used on our website, which is operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram"). In order to increase the protection of your data when visiting our website, these buttons are not used unrestrictedly as plugins, but only embedded in the page using an HTML link. This type of integration ensures that when you open a page on our website with such buttons, no connection to Instagram's servers is established. When you click on the button, a new browser window opens and the Instagram page is loaded, on which you can interact with the existing plugins (if necessary after entering your login data). Instagram LLC, headquartered in the USA, is certified under the EU-US Privacy Shield, which guarantees compliance with the level of data protection applicable in the EU.
The purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights and setting options to protect your privacy, can be found in Instagram's privacy policy: https://help.instagram.com/155833707900388/
ONLINE MARKETING 10.1 DoubleClick by Google This website uses the online marketing tool DoubleClick by Google from the operator Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick"). DoubleClick uses cookies to display relevant ads to users, improve campaign performance reports, or prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed multiple times. The processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 para. 1 lit. f GDPR. In addition, DoubleClick can use cookie IDs to record so-called conversions that relate to ad requests. This is the case, for example, if a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you to the best of our knowledge: By embedding DoubleClick, Google receives information that you have visited the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address. If you want to participate in this tracking process, you can disable cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com, https://www.google.de/settings/ads, whereby this setting is deleted if you delete your cookies. Alternatively, you can obtain information about setting cookies and adjusting these settings from the Digital Advertising Alliance at the following Internet address www.aboutads.info. Finally you can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for specific cases or in general. If you refuse cookies, the functionality of our website may be limited.
Google LLC, headquartered in the USA, is certified under the EU-US Privacy Shield, which guarantees compliance with the level of data protection applicable in the EU. You can find further information about the privacy policy of DoubleClick by Google at the following Internet address: https://www.google.de/policies/privacy/
10.2 Use of Google AdWords Conversion Tracking This website uses the online advertising program "Google AdWords" and within Google AdWords the Conversion Tracking of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use the offer of Google AdWords to draw attention to our attractive offers with the help of advertising material (so-called Google AdWords) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. We strive to show you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
The conversion tracking cookie is set when a user clicks on an AdWords ad placed by Google. Cookies are small text files that are placed on your computer system. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can see that the user clicked on the ad and was forwarded to this page. Each Google AdWords customer receives a different cookie. Cookies cannot therefore be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers are shown the total number of users who clicked on their ad and were forwarded to a page with a conversion tracking label. However, they do not receive any information that can be used to personally identify users. If you do not want to participate in tracking, you can prevent this by disabling the Google Conversion Tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics. We use Google AdWords because of our legitimate interest in targeted advertising in accordance with Art. 6 para. 1 lit. f GDPR.
Google LLC, headquartered in the USA, is certified under the EU-US Privacy Shield, which guarantees compliance with the level of data protection applicable in the EU.
You can permanently disable cookies for advertising preferences by blocking them via a corresponding setting in your browser software or by downloading and installing the available browser plug-in via the following link: https://www.google.com/settings/ads/plugin?hl=de Please note that certain functions of this website may not be available or may only be available to a limited extent if you have disabled the use of cookies.
WEB ANALYSIS SERVICES Google (Universal) Analytics
Google Universal Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address, which is anonymized by adding the code "_anonymizeIp()") is usually sent to a Google server in the USA and stored there.
This website uses Google Analytics exclusively with the extension "_anonymizeIp()", which guarantees anonymization of the IP address by shortening and excludes direct personal identification. With this extension, your IP address is first shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there. In these exceptional cases, processing takes place in accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR) on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined merged with other data from Google.
You can prevent the storage of cookies by adjusting the appropriate settings in your browser software; however, we point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plug-in or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that prevents Google Analytics from collecting data within this website in the future (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): Disable Google Analytics
Google LLC, based in the USA, is certified under the EU-US Privacy Shield, which guarantees compliance with the level of data protection applicable in the EU.
This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. When visiting a page for the first time, the user is assigned a unique, permanent and anonymised ID, which is set across devices. This makes it possible to assign interaction data from different devices and sessions to a single user. The user ID does not contain any personal data and does not transmit it to Google.
The collection and storage of data via the user ID can be contested at any time and with effect for the future. To do this, you must disable Google Analytics on all systems you use, for example in another browser or on your mobile device.
You can perform the deactivation using a browser plug-in from Google (https://tools.google.com/dlpage/gaoptout?hl=de). As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that prevents Google Analytics from collecting data within this website in the future (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): Disable Google Analytics
For more information about Universal Analytics, please visit: https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=601037
12. RETARGETING/ REMARKETING/ RECOMMENDATION ADVERTISEMENTS Facebook Custom Audience via the Pixel Method This website uses the "Facebook Pixel" of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). If explicit consent has been given, this can be used to track the behavior of users after they have seen or clicked on a Facebook ad. This process is intended to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising campaigns.
The data collected is anonymous to us and does not provide us with any insight into the identity of the users. However, the data is stored and processed by Facebook, which enables a connection to the respective user profile and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Privacy Policy (https://www.facebook.com/about/privacy/). You can allow Facebook and its partners to display ads on and outside of Facebook. A cookie may also be stored on your computer for this purpose. This processing takes place exclusively with your express consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR).
Consent to the use of the Facebook Pixel may only be given by users over the age of 13. If you are under the age of consent, we ask your legal guardians to give their consent. Facebook Inc., headquartered in the USA, is certified under the EU-US Privacy Shield, which guarantees compliance with the level of data protection applicable in the EU.
To disable the use of cookies on your computer, you can set your internet browser so that no more cookies are placed on your computer in the future or so that cookies that have already been placed are deleted. However, disabling all cookies may result in some functions on our websites no longer being able to be performed. You can also disable the use of cookies by third parties such as Facebook on the following website of the Digital Advertising Alliance: https://www.aboutads.info/choices/
Google AdWords Remarketing Our website uses the functions of an Google AdWords Remarketing, which allows us to advertise this website in Google search results and on other third-party websites. The provider of this is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"). For this purpose, Google places a cookie in the browser of your device, which automatically enables interest-based advertising based on the pages you have visited.
The processing takes place on the basis of our legitimate interest in the optimal use of our website in accordance with Article 6 paragraph 1 letter f) of the General Data Protection Regulation (GDPR). Further data processing only takes place if you have given Google permission to link your internet and app browser history to your Google account and use information from your Google account to personalize ads that you view on the internet. If you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked to Google Analytics data to create target groups.
You can permanently disable the setting of cookies for advertising preferences by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/
Alternatively, you can obtain information about the setting of cookies and adjust your preferences on the website of the Digital Advertising Alliance: www.aboutads.info. Finally, you can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.
Google LLC, headquartered in the USA, is certified under the EU-US Privacy Shield, which guarantees compliance with the data protection level applicable in the EU. More information and the privacy policy regarding advertising and Google can be found here: https://www.google.com/policies/technologies/ads/
13. RIGHTS OF THE DATA SUBJECT 1 3.1 The applicable data protection law grants you as a data subject extensive rights (rights of information and intervention) with regard to the processing of your personal data by the controller, about which we inform you below: Right to information according to Article 15 GDPR: In particular, you have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned retention period or the criteria for determining the retention period, the existence of the right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making, including profiling, and possibly relevant information about the logic involved and the consequences of such processing for you, as well as your right to be informed about which guarantees exist under Article 46 GDPR when transferring your data to third countries; Right to rectification under Article 16 GDPR: You have the right to immediate rectification of your incorrect data and/or completion of your incomplete data stored with us; Right to deletion under Article 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Article 17, paragraph 1 GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims; Right to restriction of processing according to Article 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data is contested, if you object to the erasure of your data due to unlawful processing and instead request the restriction of the processing of your data, if you need your data for the establishment, exercise or defense of legal claims after we no longer need the data for the purpose for which it was collected, or if you have objected on grounds relating to your particular situation, pending the confirmation of whether our legitimate grounds override ; Right to information pursuant to Article 19 GDPR: If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed of these recipients. Right to data portability pursuant to Article 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request their transmission to another controller, insofar as this is technically feasible; Right to withdraw consent pursuant to Article 7 paragraph 3 GDPR: You have the right to withdraw your previously given consent to the processing of data at any time with future effect. In the event of withdrawal, we will delete the data concerned immediately, unless further processing can be based on a legitimate basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal; Right to lodge a complaint under Article 77 GDPR: If you consider that the processing of your personal data infringes the GDPR, you have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
13.2 RIGHT TO OBJECT IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCE OF INTERESTS AND OUR PREDOMINANT INTEREST, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL FINISH THE PROCESSING OF THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING WILL REMAIN POSSIBLE IF WE CAN PROVE COMPELLING LEGITIMATE REASONS FOR THE PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS. IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT TO DIRECT MARKETING, WE WILL TERMINATE THE PROCESSING OF THE DATA CONCERNED FOR SUCH MARKETING PURPOSES.
RETENTION PERIOD OF PERSONAL DATA The duration of the storage of personal data is determined by the respective statutory retention period (e.g. commercial and tax retention periods). After expiry of the period, the data in question is routinely deleted, unless it is no longer required for the performance or conclusion of a contract and/or we have no legitimate interest in further storage.