Data protection

Privacy Policy For VIDANISSA

Thank you for your interest in our online shop vidanissa.de. The protection of your personal data is very important to us. Below we would like to inform you about how we process your personal data when you use our online shop. The data protection declaration is based on the requirements of the General Data Protection Regulation (GDPR) as well as on the data protection information from nochzuhause.de/informationen/ under the heading “Data protection”.

1. Responsible

The person responsible for processing your personal data within this online shop is:

VIDANISSA
Karoline-Fele-Straße 21
44577 Castrop-Rauxel
info@vidanissa.de

 

2. Definition

This data protection declaration is based on the terms of the GDPR. To make things easier, we would like to explain some important terms in this context in more detail:

  • Personal data: Personal data is any information that relates to an identified or identifiable natural person. A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. 
  • Data subject: Data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

  • Processing: Processing is any operation or series of operations relating to personal data, carried out with or without the aid of automated procedures, such as the collection, recording, organization, structuring, storage, adaptation or modification, the reading, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or combination, restriction, deletion or destruction.

  • Recipient: Recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

  • Third party: Third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor who to process personal data.

  • Consent: Consent is any expression of will voluntarily given by the data subject for the specific case in an informed and unambiguous manner in the form of a statement or other clear confirmatory act with which the data subject indicates that they are in agreement you agree to the processing of your personal data.
3.Origin of Personal Data

We may receive personal information in the following ways:

3.1 Information You Provide

You have the opportunity to provide information (e.g. contact details) about yourself on our website.

3.2  Automatically collected and generated data

By using our website, data is automatically collected and generated.

3.3 Data collected by third parties

If we maintain a presence on social and professional networks, we may receive data from you via these (e.g. if you contact us via a social or professional network or respond to one of our content shared there).

 

4. Scope, purpose, legal basis, storage period and, if applicable, recipients and third-country transfer of the respective processing of personal data


4.1 General information

In the following we will give you an overview of which personal data we process. For this purpose, we explain to what extent, for what purposes and on what legal basis we process personal data.

We will not pass on your personal data to third parties without your consent, unless this is permitted by law (e.g. because this is necessary for the performance of the contract).

The processing of your personal data may be based in particular on the following legal bases:

  • 6 para. 1, p. 1 lit. a) GDPR serves as the legal basis for processing operations in which we obtain consent for specific processing.
  • If the processing of personal data is necessary to fulfill a contract to which you are a party, the processing is based on Article 6 Paragraph 1 Sentence 1 Letter b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures.
  • If we are subject to a legal obligation that requires the processing of personal data, the processing is based on Art. 6 Paragraph 1 Sentence 1 Letter c) GDPR.
  • Furthermore, processing operations can be based on Art. 6 Paragraph 1 Sentence 1 Letter f) GDPR. Processing operations are based on this legal basis if the processing is necessary to safeguard a legitimate interest of ours, provided that the interests, fundamental rights and freedoms of the data subject do not outweigh these.
4.2 Data transfers to third countries

We use, among other things, services from companies that are based in third countries (e.g. in the USA). If these services are active, it is possible that data will be transferred to a third country and processed there. We would like to point out that a level of data protection comparable to that of the EU cannot be guaranteed in these countries.

US companies, for example, are obliged to hand over data to authorities or similar institutions if necessary, without you as the person affected being able to take effective legal action against this, according to our legal understanding. We have no influence on such data transfer.

4.3 Deletion of data

If no specific storage period is specified within this data protection notice, the data processed by us will be deleted in accordance with the legal requirements as soon as their consent for processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data omitted or they are not required for the purpose).Unless the data is deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies e.g. B. for data that must be stored for commercial or tax law reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

4.4 Security measures

We take appropriate technical measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, ensuring availability and their separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted and responses are made to data threats. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

4.5 Transmission of Personal Data

As part of our processing of personal data, the data may be transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data can include: B. include service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

2. Processing of your data

Every time you visit our website, certain information is automatically transmitted from your device to our server and stored in so-called server log files. This data includes, in particular, your IP address, date and time of access, the name and URL of the file accessed, the website from which access was made (referrer URL), browser used and, if applicable, the operating system of your device as well as the Name of your internet provider. This data is evaluated for the purpose of ensuring a smooth connection and comfortable use of our website. The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR; our legitimate interest follows from the stated purposes for data collection. The server log files are automatically deleted after 7 days.

To provide our website, we use storage space, computing capacity and software that we rent from a corresponding server provider (web host). In addition, when you visit our website, data that your browser transmits to our server is automatically processed. This general data and information is stored in the log files of the server (in so-called “server log files”).Can be recorded:

  • Browser type and browser version
  • operating system used
  • Referrer URL (previously visited website)
  • Host name of the accessing computer
  • Date and time of server request
  • IP address

5.6.1.2     Purpose of processing

When using this data and information, we do not draw any conclusions about you personally. The purposes we pursue include in particular:

  • Provision of our website
  • Provision of our online offering and user-friendliness
  • Operation and provision of information systems
  • Content Delivery Network (CDN)
  • Provision of contractual services
  • Customer Service
  • Provision of email communication
  • Ensuring a smooth connection to the website
  • Determination of acts of abuse or fraud,
  • Problem analyzes in the network
  • Evaluation of system security and stability.

4.6.1.3     Legal basis

The legal basis for data processing is our legitimate interest within the meaning of Art. 6 Para. 1, S. 1 lit. f) GDPR. We have a legitimate interest in being able to provide our website in a technically flawless manner.

4.6.1.4     Recipients of Personal Data

Your data will be passed on to service providers for hosting and content delivery network (CDN) as part of order processing to the extent necessary:

  • Shopify: Operation of the website, Shopify Inc., 151 O’Connor Street, Ground floor, Ottawa, ON K2P 2L8, Canada, data protection declaration: https://www.shopify.com/legal/privacy
4.6.2   Cookies

4.6.2.1   General information

We use cookies on our website.

These are text files that your browser automatically creates and that are stored on your IT system when you visit our site. Through cookies, certain information flows to the location that sets the cookie. By using cookies, it is not possible to run programs or transfer viruses to your device. 
If you do not want cookies to be used, you can switch them off in the settings.

When you visit our website or a sub-website for the first time and it contains cookies, you will be shown a “cookie banner”. You can allow us to use non-essential cookies and also reverse this decision there.

In legal terms, a distinction must be made between necessary and non-essential cookies.

4.6.2.2     Necessary cookies

We use necessary cookies. These are cookies that are technically necessary to provide all functions of our website. The legal basis for data processing is our legitimate interest within the meaning of Art. 6 Para. 1, S. 1 lit. f) GDPR. We have an overriding legitimate interest in being able to offer our offering in a technically flawless manner. The legal basis for the use of cookies towards our contractual partners who use contractual services owed to us via our website is Art. 6 Paragraph I lit. b) GDPR, the provision of our contractual services.

4.6.2.3     Non-essential cookies

We also use non-essential cookies (e.g. analysis and marketing cookies). These are cookies that are not technically necessary. We use this to understand your behavior on our website and to improve our offering. The legal basis for data processing is your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. The cookies are only set after you have given your consent via our “cookie banner”.

4.6.2.4     Storage duration

With regard to the storage period, the following types of cookies are distinguished:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and their device (e.g. browser or mobile Application) has closed.
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. User data collected using cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.
4.6.2.5 More information about cookies

In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain third-party services (e.g. cookies for processing payment services).

Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you want (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience). are stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing cookies in order to provide its services in a technically error-free and optimized manner. If consent to the storage of cookies has been requested, the cookies in question will be stored exclusively on the basis of this consent (Art. 6 Para. 1 lit. a GDPR); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately as part of this data protection declaration and, if necessary, request your consent.

Order processing As part of order processing, we process your data to fulfill the purchase contract and to send the ordered goods. For this purpose, we pass on your data to the shipping company responsible for the delivery. The legal basis for data processing is Article 6 Paragraph 1 Letter b GDPR.

Payment service providers We work with various payment service providers to process payments. Depending on which payment method you choose, the necessary data will be transmitted to the relevant payment service provider. The legal basis for data processing is Article 6 Paragraph 1 Letter b GDPR.

Contact form If you contact us via the contact form, the data you enter (name, email address and your message) will be processed by us in order to answer your request. The legal basis for data processing is Art. 6 Para. 1 lit. b GDPR, as the processing is necessary to carry out pre-contractual measures.

5. Social media
5.1 USE OF FACEBOOK SERVICES FOR WEB ANALYSIS AND ADVERTISING PURPOSES


5.1.2 USE OF FACEBOOK PIXEL

We use the Facebook pixel as part of the technologies presented below from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook (by Meta)" or “Meta Platforms Ireland”). With the Facebook Pixel, data (IP address, time of visit, device and browser information as well as information about your use of our website based on events specified by us, such as visiting a website or registering for a newsletter) are automatically collected and stored, from which data is used Usage profiles can be created using pseudonyms. As part of the so-called extended data comparison, information is also hashed and stored for comparison purposes, with which individuals can be identified (e.g. names, email addresses and telephone numbers). For this purpose, when you visit our website, the Facebook pixel automatically sets a cookie, which automatically enables your browser to be recognized when you visit other websites using a pseudonymous CookieID. Facebook (by Meta) will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website use, in particular personalized and group-based advertising.
The data provided by Facebook (by Meta) technologies automatically collected information about your use of our website is usually transmitted to a server at Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA and stored there. There is no adequacy decision from the European Commission for the USA. If the transfer of data to the USA is our responsibility, our cooperation is based on standard data protection clauses of the European Commission. Further information about data processing by Facebook can be found in the data protection information of Facebook (by Meta).

 5.1.3 FACEBOOK ANALYTICS

As part of Facebook Analytics, statistics about visitor activities on our website are created from the data collected with the Facebook pixel about your use of our website. The data processing takes place on the basis of an agreement on order processing by Facebook (by Meta). Your analysis serves to optimally display and market our website.

 5.1.4 FACEBOOK ADS

We use Facebook Ads to advertise this website on Facebook (by Meta) and on other platforms. We determine the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the exact implementation, in particular the decision about the placement of the ads to individual users. Unless otherwise stated for the individual technologies, data processing takes place on the basis of an agreement between those jointly responsible in accordance with Art. 26 GDPR. The joint responsibility is limited to the collection of the data and its transmission to Meta Platforms Ireland. This does not cover subsequent data processing by Meta Platforms Ireland.

Based on the statistics about visitor activities on our website created via Facebook Pixel, we operate group-based advertising on Facebook (by Meta) via Facebook Custom Audience we determine the characteristics of the respective target group. As part of the extended data comparison that takes place to determine the respective target group (see above), Facebook (by Meta) acts as our processor.

Based on the pseudonymous cookie ID set by the Facebook Pixel and the data collected about your usage behavior on our website, we operate personalized advertising via Facebook Pixel Remarketing  .

Via Facebook Pixel Conversions we measure your subsequent usage behavior for web analysis and event tracking if you came to our website via an advertisement from Facebook Ads. The data processing takes place on the basis of an agreement on order processing by Facebook (by Meta).

5.2 Social Plugins

5.2.1 Facebook plugins (Like & Share button)

Plugins from the social network Facebook are integrated into this website. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data will also be transferred to the USA and other third countries.

You can recognize the Facebook plugins by the Facebook logo or the “Like” button on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When you visit this website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to assign your visit to this website to your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation.

If you do not want Facebook to be able to assign your visit to this website to your Facebook user account, please log out of your Facebook user account.

The use of the Facebook plugins is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in achieving the greatest possible visibility on social media. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit.a GDPR; consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

5.2.2 Instagram Plugin

Functions of the Instagram service are integrated into this website. These functions are offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to assign your visit to this website to your user account. We would like to point out that we, as providers of the pages, have no knowledge of the content of the transmitted data or their use by Instagram.

The storage and analysis of the data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in achieving the greatest possible visibility on social media. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

Further information can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

5.3 OUR ONLINE PRESENCE ON FACEBOOK (BY META), INSTAGRAM (BY META)

If you have given your consent to this in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR to the respective social media operator, when you visit our online presence on the social media mentioned above, your data will be used for market research and Automatically collected and stored for advertising purposes, from which usage profiles are created using pseudonyms. These can be used, for example, to display advertisements within and outside the platforms that presumably match your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media operator as well as a contact option and your related rights and setting options to protect your privacy, please refer to the provider's data protection information linked below. If you still need help with this, you can contact us.

Facebook (by Meta) is an offer from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transferred to a server at Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA and stored there . There is no adequacy decision from the European Commission for the USA. Our cooperation with you is based on standard data protection clauses from the European Commission.  Data processing when visiting a Facebook (by Meta) fan page is based on an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Further information (information about Insights data) can be found here.

Instagram (by Meta) is an offer from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”) The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is usually sent to a server at Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA transferred and stored there. There is no adequacy decision from the European Commission for the USA. Our cooperation with you is based on standard data protection clauses from the European Commission.  Data processing when visiting an Instagram (by Meta) fan page is based on an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Further information (information about Insights data) can be found here.

 

6. Webshop
6.1 Scope of Processing

You have the opportunity to order our products via our website. In order to carry out this process, we process your personal data. We process the following personal data in particular:

  • First and last name
  • Email address
  • Phone number
  • Address
  • Method of payment
  • Billing address
  • Communication content
6.2      Purpose of processing

We process your data to process your order.

6.3      Legal basis

If your request is related to pre-contractual measures or an existing contract with us, the associated data processing operations are based on Art. 6 Para. 1, S. 1 lit. b) and lit. f) GDPR.

6.4      Recipients of Personal Data

Your data will be passed on to service providers to the extent necessary to carry out the product order or activation as part of order processing:

  • Shopify: Operation of the online shop, Shopify Inc., 151 O’Connor Street, Ground floor, Ottawa, ON K2P 2L8, Canada, data protection declaration: https://www.shopify.com/legal/privacy

 
7. DATA PROCESSING FOR THE PURPOSE OF SHIPPING PROCESSING

In order to fulfill the contract in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, to the extent that this is necessary for the delivery of ordered goods.

The same applies to the transfer of data to our manufacturers or wholesalers in cases in which they take over the shipping for us (drop shipping). These are considered shipping service providers within the meaning of this data protection declaration.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection: Switzerland.

 

7.1 DATA TRANSFER TO SHIPPING SERVICE PROVIDERS FOR THE PURPOSE OF SHIPPING NOTIFICATION

If you have given us your express consent to this during or after your order, we will pass on your email address to the selected shipping service provider in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR so that they can can contact you before delivery for the purpose of delivery notification or coordination.
Consent can be revoked at any time by sending a message to the contact option described in this data protection declaration or directly to the shipping service provider at the contact address listed below.After revocation, we will delete the data you provided for this purpose unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.

 

7.2 SHIPPING SERVICE PROVIDER

Ipswich Distribution Center                                                                          Gorsey Lane Coleshill                                                                                      Birmingham                                                                 United Kingdom

Fedex Express Deutschland GmbH                                                        Haberstraße 2
53842 Troisdorf
Germany

General Logistics Systems Germany GmbH & Co. OHG
GLS Germany-Straße 1 - 7
DE-36286 Neuenstein
Germany

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

DPD Deutschland GmbH
Wailandtstraße 1
63741 Aschaffenburg
Germany

United Parcel Service Deutschland S.à r.l. & Co. OHG
Görlitzer Straße 1
41460 Neuss
Germany

Hermes Germany GmbH
Essener Straße 89
D-22419 Hamburg
Germany

 

8. Your rights

As a data subject, you have the following rights:
  • In accordance with Article 15 GDPR, you have the right to request information about your personal data processed by us to the extent specified therein;
  • In accordance with Art. 16 GDPR, you have the right to immediately request the correction of incorrect or complete personal data stored by us;
  • According to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless further processing is required
    • to exercise the right to freedom of expression and information;
    • to fulfill a legal obligation;
    • for reasons of public interest or
    • is necessary to assert, exercise or defend legal claims;
  • According to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, to the extent that
    • you dispute the accuracy of the data;
    • the processing is unlawful, but you refuse its deletion;
    • we no longer need the data, but you need it to assert, exercise or defend legal claims or
    • You have objected to the processing in accordance with Art. 21 GDPR;
  • In accordance with Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible;
  • According to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

Right to object

If we process personal data as explained above to protect our legitimate interests, which predominate in the context of a balancing of interests, you can object to this processing with effect for the future.If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If processing is carried out for other purposes, you only have the right to object if there are reasons arising from your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing is for the purpose of asserting, exercising or defense of legal claims.

This does not apply if the processing is carried out for direct marketing purposes. We will then no longer process your personal data for this purpose.
9. Contact

If you have any questions or concerns about data protection, please feel free to contact us:

VIDANISSA
Karoline-Fele-Straße 21                                                                          44577 Castrop-Rauxel
info@vidanissa.de

As of: June 1st, 24