About Nella Online
Hereinafter we inform you about the nature, scope and purpose of the processing of your personal data when using our online shop at “www.nellaearcuffs.de“. Personal data is any information that relates to an identified or identifiable natural person.
1. Controller, Data Protection Officer
The person responsible (“Controller”) within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. Controller within the meaning of the GDPR for the personal data processed by this shop is Nelly Günther, Kiefernstraße 2, 49565, phone 017663199160, e-mail firstname.lastname@example.org (hereinafter “we”).
We have designated Sina Günther, Helmkämper Ort 15, 49565 Bramsche 017663199160 as our Data Protection Officer.
2. When you visit our web site
When you visit our website, our server collects the following information from your device: browser type and version, operating system used, the previously visited web page, IP address, and time of the page view.
We collect and process this data in order to ensure the trouble-free operation of our website and to detect, fend off and prosecute a misuse of our services. Furthermore, we use the collected data for statistical purposes to evaluate, for example, by which devices and browsers our shop is accessed in order to improve and adapt our offer to our customers’ needs on an ongoing basis. This data processing is based on Article 6 par. 1 f GDPR.
We will delete the aforementioned data no later than twelve months after they have been collected.
3. When you place an order
When you place an order in our online shop, we process your name, the delivery address, and your e-mail address, as entered by you during the ordering process. We will also process any additional information provided by you voluntarily during the ordering process (such as a differing billing address or a telephone number).
We process this data electronically for the proper performance of the contract, in particular for shipping, invoicing, accounting, and processing of returns and complaints. This data processing is based on Article 6 par. 1 b GDPR.
We store this data until all mutual claims arising from the respective contractual relationship with you have been completely settled and the commercial and fiscal retention periods to which we are subject have expired.
To conclude a contract between you and us, it is necessary that we receive your name, delivery address and e-mail address. The necessity of providing this data arises from various statutory regulations (eg. § 312i par. 1 and 3 BGB [German Civil Code], § 14 par. 4 UStG [German Turnover Tax Act]). Without providing this data, you cannot conclude a contract with us.
We refrain from using automated decision-making or profiling for deciding whether or not to conclude a contract.
4. Customer Account
You may, optionally, open a customer account in our online shop. For the data required and processed by us, please refer to the input form for opening the customer account. The customer account will be set up at your request only. Therefore, your consent ist the legal basis for processing your account data (Article 6 par. 1 a GDPR). We keep the account data stored until you close the account or you ask us for its closure. For personal data connected to contracts already concluded by you, the retention periods given in section “If you place an order” apply independently from the existence of your customer account.
5. Shipping and Payment
When we ship physical goods in order to perform a contract, we may transmit the recipient’s name and address, and, if you have given your consent, your e-mail address, to Deutsche Post (Deutsche Post AG, 53113 Bonn) or DHL (DHL Paket GmbH, 53113 Bonn) as our shipping service provider for the purpose of delivering the shipment, including, if applicable, a prior e-mail notification of the expected time of delivery, and, if necessary, for returns back to us, on the basis of Article 6 par. 1 b GDPR.
Upon receipt of a payment, we process the data transmitted to us by the payment service provider. Which data is included depends on the payment service provider you choose.
This data processing takes place according to Article 6 par. 1 b GDPR. We shall store this data until all mutual claims arising from the respective contractual relationship with you have been completely settled and all commercial and fiscal retention periods to which we are subject have expired.
For the operation of our website on the Internet, we use technical services provided by Wix.com Ltd. 6350671 Tel Aviv, Israel as Processor according to Article 28 GDPR.
7. Contacting us
If you send us a message via the contact form on our website, we will process all data input by you, especially your name, your e-mail address along with your message.
If you send us a message by e-mail, we will save your message along with the sender details (your name, e-mail address, and any additional information added by your e-mail program) in order to be able to answer it and also to respond to possible subsequent questions (legal basis: Article 6 par. 1 f GDPR). For reception, storage and sending of e-mails, we use an e-mail provider who acts for us as a processor in accordance with Article 28 GDPR.
This data processing is based on our legitimate interest to answer your request and handle possible follow-up requests from you (Article 6 par. 1 f GDPR). We will erase the information collected from your message no later than twelve months after the last communication with you on your request, subject to the provision in the following paragraph.
If you send us a message with information legally relevant for the contractual relationship (e.g. a withdrawal or a complaint), the legal basis for the processing is Article 6 par. 1 b GDPR, regardless of how you transmitted your message to us. In such a case, we will erase the data related to your message as soon as all mutual claims arising from the contractual relationship have been completely settled and the commercial and fiscal retention periods have expired.
If you have subscribed to our newsletter, we will inform you by e-mail about new offers and functions of our shop. You will not receive more than one newsletter a week. You can object to the use of your e-mail address for advertising purposes at any time in any form, without incurring any costs other than transmission costs at the basic rate.
This data processing is based on your consent in accordance with Article 6 par. 1 a GDPR. If you revoke your consent to the use of your e-mail address for advertising purposes, we will delete your e-mail address from our mailing list.
9. Comments and Ratings
When you write a comment or an evaluation to one of our products in our shop, we will publish your contribution on our shop web page together with your username, for which you may specify a pseudonym. To counteract misuse of our offer, we store the IP address of the device you are writing from for a period of twelve months (Article 6 par. 1 f GDPR). We reserve the right to delete any unsuitable or thematically inappropriate posts at any time. In addition, we delete published contributions only at the request of the respective author.
As far as you have given your consent, we place one or more “cookies” on your device. A cookie is a small text file that we use to recognize your device when you return to our shop for a later visit. With the help of cookies we can also analyze certain user behavior, for example, which products you are looking at, how long you stay on our site and when and how often you return to our shop. Cookies placed by us will be deleted no later than twelve months after your last visit to our shop.
This data processing is carried out on the basis of our legitimate interest to better tailor our product range to the wishes of our shop visitors and to optimise the shop functions and the efficiency of advertising measures (legal basis: Article 6 par. 1 f GDPR).
11. Google Services
We use certain Google service for our online shop. If you visit our shop from a location within the European Union, Norway, Iceland, Liechtenstein or Switzerland “Google“ means Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, otherwise Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
As far as Google LLC provides services in the United States of America, Google has committed itself under the EU-US Privacy Shield Agreement to comply with the European Union’s data protection laws.
General information on the use of data by Google may be found on the Google website at https://policies.google.com/technologies/partner-sites (“How Google uses information from sites or apps that use our services“).
12. Google Analytics
We use Google Analytics, a web analytics service of Google. Google places cookies on your device. With these cookies, Google can collect information about how you use our website. This information is transmitted to a Google server, where it is evaluated by Google and made available to us. The legal basis is Article 6 par. 1 f GDPR, namely our legitimate interest in the evaluation and optimization of our internet site.
13. Google Fonts
Our web site uses fonts provided by Google as “Google Fonts”. Google Fonts are downloaded directly from Google when you access our website from your device. Google hereby receives your IP address, your operating system, your browser type and its version and evaluates this information for their own business purposes.
14. Facebook Pixel, Custom Audience, Conversion Tracking
On our website, we use the “Facebook Pixel” function provided by Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, or, if you are based in the US or Canada: Facebook Inc. , 1 Hacker Way, Menlo Park, CA 94025, USA). This function allows you and other visitors to our site to be defined as a “custom audience” for advertisements provided by Facebook (“Facebook Ads”). To do this, Facebook uses an invisible graphics file that we integrate into our website to analyze your user behavior and derives products or topics that interest you. With “Facebook Pixel”, we can also determine the effectiveness of Facebook Ads, namely, whether and how you respond to an advertisement from us (“conversion tracking”).
This data processing is based on Article 6 par. 1 f GDPR, namely on our legitimate interest in advertising our offers to those who are likely to be interested in our products and to analyze the effectiveness of our online advertising.
Facebook Inc. has committed itself under the EU-US Privacy Shield Agreement to comply with European Union’s data protection laws.
15. Social Media
You may find Social Media buttons on your website; they can be recognized by the logos of the social media platforms (hereinafter “Platforms”) (Facebook: „f“ logo, Instagram: square camera logo). Clicking on such a button calls the respective Platform’s website; at the same time, the IP address of your device and the address of the page where the link is placed (“Referrer”) will be transmitted to the Platform. However, we neither collect nor otherwise process any data related to the use of these social media buttons.
16. Your Rights
With regard to your personal data we process, you have the following rights:
You have the right to obtain a confirmation from us as to whether we process personal data concerning you. If this is the case, we will inform you about the personal data stored about you and the further information in accordance with Article 15 par. 1 and 2 GDPR.
You have the right to have your inaccurate personal data rectified without undue delay. Taking into account the purposes of processing, you also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.
You can demand the erasure of your personal data concerning you under the conditions of Article 17 par. 1 GDPR without undue delay, as far as their processing is not necessary according to Article 17 par. 3 GDPR.
You may demand that we restrict the processing of your data if one of the requirements of Article 18 par. 1 GDPR applies. In particular, you can request the restriction instead of an erasure.
We will communicate any rectification or erasure of your personal data and a restriction of processing to all recipients to whom we have disclosed your personal data, unless this proves impossible or involves a disproportionate effort. We will also inform you about these recipients if you request it.
You have the right to receive the personal data which you provide to us in a structured, commonly used and machine-readable format. You may also request that we transmit the data to another controller without hindrance, where technically feasible.
As far as a data processing is based on your given consent, you have the right to, withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of the data processing based on consent before its withdrawal.
RIGHT TO OBJECT: ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, YOU MAY, AT ANY TIME, OBJECT TO PROCESSING OF YOUR PERSONAL DATA; this right applies to a processing, according to Article 6 par. 1 f DPRG, necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. If you exercise your right to object, we will no longer process the personal data in question unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of you, or for the establishment, exercise or defense of legal claims.
IN CASE WE PROCESS PERSONAL DATA FOR DIRECT MARKETING PURPOSES (E.G. NEWSLETTER), YOU MAY, AT ANY TIME, OBJECT TO PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING, WITH THE RESULT THAT WE WILL NO LONGER PROCESS YOUR DATA FOR THESE PURPOSES.
If you believe that the processing of your personal data is in breach of the GDPR, you may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. This does not exclude other administrative or judicial remedies.