PRIVACY POLICY
Privacy Policy
Part I gives you general information about the processing of your personal data by us when you visit and use our website, as well as information about the rights you have as a data subject.
In Part II, we inform you about how we process your data outside of the website.
In Part III you will receive information on when you can object to the processing of your data by us.
Part I: General Data Protection Information
Name and contact details of the controller
Marvin Bautz
c/o lawyer Jan Marschner
Markt 9
04109 Leipzig
E-Mail: info@mlovney.com
Provision of the website and creation of log files
Whenever our website is called up, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:
- Information about the browser type and the version used
- The user’s operating system
- The Internet Service Provider of the User
- The IP address of the user
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites accessed by the user’s system through our website
The data is stored in log files at our online shop service provider Shopify, more precisely by the Irish subsidiary of Shopify, Shopify International Ltd. The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR. The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer. The user’s IP address must be stored for the duration of the session. These purposes also include our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
The above data is stored in the log files in order to ensure the functionality of our website. In addition, we use this data to optimize the website and to ensure the security of our information technology systems (cf. B. Attack detection). These purposes also include our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective meeting has ended. Log files are stored for seven days.
The collection of the data for the provision of the website and the storage of the data in log files is imperative for the operation of the website. There is therefore no possibility for the user to object.
Orders in the online shop and registration
You can register as a customer through our website for future orders. Alternatively, you can also order as a guest. When you place an order, we collect the following data in both cases:
- E-mail address
- First and last name
- Signature (voluntary indication)
- Telephone (voluntary)
- Address
- Country
- If applicable: Delivery address that differs from the invoice address.
The telephone number and the company are voluntary. In addition, these are mandatory information.
The legal basis is Art. 6 para. 1 lit. b GDPR. We collect the above-mentioned data in order to process your order and to be able to identify you as a customer, for the invoicing, the processing of any liability claims, our correspondence with you and for the management of our customer data. The data will be deleted after the successful processing of the order and the expiry of the liability periods, but at the latest with the expiry of the tax retention periods. However, if you are a registered customer, your orders and all related personal data remain stored in your customer profile until you delete your customer profile.
You can buy products in our online shop. You can first collect the desired products in a shopping cart. Once you have made your selection, you can choose the payment method. You can choose between PayPal, bank transfer and credit card. If you choose PayPal, you will go to the website of PayPal (Europe) S. à r. l. and Cie, S. C. A. (hereinafter referred to as “PayPal”). Information on the processing of your data can be found at https://www.paypal.com/DE/webapps/mpp/ua/privacy-full?locale.x=de_DE.
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR (performance of a contract). The processing of the data entered in the ordering process serves the conclusion and execution of the purchase contract.
We use the merchandise management system of Shopify’s online shop platform for contract processing. For this purpose, your personal data collected during the order will be transmitted to Shopify. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR (performance of the contract). Further information on Shopify’s Terms of Use and Privacy Policy can be found at: http://www.shopify.com/legal/privacy
In the course of shipping the products, the shipping service providers we use will receive your address. The legal basis for the processing of your personal data is Art. Paragraph 6 1 lit. b DS-GVO (performance of the contract). We pass on your e-mail address to the transport company within the framework of the contract processing, provided that you have expressly agreed to this in the ordering process. The purpose of the transfer is to inform you by e-mail about the shipping status. The processing is based on the Art. Paragraph 6 1 lit. a DS-GVO (consent). You can revoke your consent at any time by notifying us or the transport company, without affecting the legality of the processing carried out on the basis of the consent until revocation.
We store the data collected for the execution of the contract for the duration of the contract as well as until the expiration of the legal or legal obligations. possible contractual warranty rights. After the expiry of this period, we retain the contractual information required by commercial and tax law for the legally specified periods. For this period, the data shall be reprocessed solely in the event of a review by the financial administration.
Zahlungsfunktionen von Drittanbietern
In order to make payment as easy as possible when placing an order, we offer payment services from the following third-party providers in the cashier area of the shop:
- Shopify Payments
Responsible: Shopify International Limited
You can find more information on how to handle your data here.
- Pay Pal
Responsible: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
You can find more information on how to handle your data here.
The respective provider is responsible for the processing of personal data during the payment process.
links to other sites and resources provided by third parties
In order to optimally present the website, different resources such as images or third-party files are integrated. These providers are:
- Facebook und Instagram
Responsible: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
You can find more information on how to handle your data here.
- Cloudfront.net
Responsible: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States
You can find more information on how to handle your data here.
When embedded, data such as the IP address and technical data are transmitted to the respective controller via the browser used. The legal basis for the processing of this data is Art. 6 para. 1 lit. f GDPR.
Error detection with bugsnag
On our website, the “bugsnag. com” service is used to detect and correct errors on the website. This is operated by Bugsnag, Inc. , 30 7th Street San Francisco, CA 94 103, United States. Data such as the IP address and technical data about the used browser are sent to Bugsnag. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR.
Bugsnag Inc. is headquartered in the USA and is certified under the EU-US Privacy Shield. An up-to-date certificate can be found at https://www. privacyshield. gov/list. As a result of this agreement between the US and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.
Bugsnag, Inc. is responsible for further data processing.
Newsletter
On our website you can subscribe to a free newsletter. The e-mail address provided when subscribing to the newsletter will be sent to us. We log the entire registration process, i. e. the e-mail address entered at the time of registration as well as the date, time and IP address of the user in order to be able to prove the registration.
The legal basis for the processing of data entered in the newsletter registration is Art. 6 para. 1 lit. b DSGVO. The legal basis for recording the registration process is Art. 6 para. 1 lit. c and f GDPR. We are legally obliged to be able to prove consent at any time. We delete this data when the newsletter subscription ends.
Contact form
A contact form is available on our website, which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.
To the extent that the contact takes place within the framework of a contract initiation or execution, the legal basis is Art. 6 para. 1 p. 1 (b) GDPR. If contact is for other purposes, the legal basis is Art. 6 para. 1 p. 1 (f) GDPR. Processing is carried out to carry out the communication. This is also our legitimate interest.
Recipient of the data is technically necessary our provider Shopify.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case for the personal data from the input mask of the contact form when the respective conversation with the user has ended. The conversation is terminated if it can be inferred from the circumstances that the situation in question has been finally clarified. However, this does not affect retention periods (e. g. commercial and tax retention obligations according to Section 257 of the Commercial Code and Section 147 of the Tax Code), to which we are legally obliged to comply. The legal basis for this storage is Art. 6 para. 1 (c) GDPR. After these retention periods have expired, these data will be deleted.
Google Double Click
We also use pixels or transparent GIF files to support online advertising. These GIF files are offered to us by our ad management partner DoubleClick, a service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland. With these files, DoubleClick can detect a unique cookie on the user’s web browser, with which the provider can in turn find out which advertisements the users lead to the website of the provider. The cookie was stored by the provider or another advertiser working with DoubleClick. The information collected and shared with cookies or Spotlight technology is anonymous and not personally identifiable.
You can view and modify Google’s ad settings at www.google.com/ads/preferences/html/blocked-cookies.html.
Google is responsible for further data processing. For more information, please visit: https://policies.google.com/privacy
Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland. This serves to safeguard our overriding legitimate interests in an optimized presentation of our offer in accordance with Art. 6 para. 1 p. 1 lit. f GDPR. Google Analytics uses methods that enable an analysis of your use of the website, such as cookies. We’ve activated IP anonymization.
You can prevent the collection of the data generated by the cookie and related to your use of the website to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
Google is responsible for any further data processing. For more information, please visit: https://policies.google.com/privacy
Gstatic
A web service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is downloaded from our website.
We use this data to ensure the full functionality of our website. In this connection, your browser may be disabled. transmit personal data to Gstatic.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the correct functioning of the website. Further information on the handling of the transmitted data can be found in Gstatic’s privacy policy: https://policies.google.com/privacy
You can prevent the collection and processing of your data by Gstatic by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
Rights of the person concerned
They have, in accordance with the provisions of Art. 15 GDPR the right to receive information about the data stored about you. If inaccurate personal data has been processed, you are entitled under Art. 16 GDPR a right to rectification.
If the legal requirements are met, you can request the deletion or restriction of processing as well as object to data processing (Art. 17, 18 and 21 GDPR). Art. 20 GDPR, you can assert the right to data portability for data that is processed automatically on the basis of your consent or a contract with you.
If you consider that data processing violates data protection law, you have the right to complain to a data protection supervisory authority of your choice (Art. 77 DS-GVO i. V. m. § 19 BDSG). This includes the data protection supervisory authority responsible for us: the Thuringian State Commissioner for Data Protection, https://www. tlfdi. de/
Part II: Data processing outside the website
Communication in general, in particular by e-mail
We process your personal data on the basis of Art. 6 para. 1 p. 1 (b) GDPR. The processing serves the execution of our contracts or pre-contractual measures with you and the execution of your order, as well as all necessary activities in our company for this purpose. The respective details for the purpose of the data processing can be found in the respective contract documents and terms and conditions. In addition, we process the personal data transmitted to us in the course of a contact. The legal basis is Art. 6 para. 1 p. 1 (f) GDPR. This is permitted insofar as the processing is necessary to safeguard our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms require the protection of personal data. Such a legitimate interest exists in the assertion of legal claims and defense in legal disputes, in the execution of payment processing through external service providers, in ensuring the IT security and operation of the company and in direct advertising. In addition, we process according to Art. 6 para. 1 (c) GDPR personal data insofar as this is necessary for the fulfilment of legal obligations to which we as a company are subject. The purposes of the processing include, for example, commercial and tax retention obligations under Section 257 of the Commercial Code (HGB) and Section 147 of the Tax Code (AO).
Within the company, those entities receive access to your data that they need to fulfill their contractual and legal obligations. Processors also employed by us (Art. 28 GDPR) may receive data for these purposes. These are companies in the categories IT services, logistics, collection as well as sales and marketing. In exceptional cases, professional secrets (tax advisors, auditors, lawyers) and authorities may also be recipients of your data.
If necessary, we process and store your personal data for the duration of the business relationship. This also includes the initiation and execution of the contract. We also store your personal data for the duration of the existence of warranty and guarantee claims. In addition, we store your personal data to the extent that we are legally obliged to do so. Corresponding proof and storage obligations arise in particular for commercial and tax law reasons in accordance with § 257 of the German Commercial Code (HGB) and § 247 of the German Fiscal Code (AO).
The processing of personal data is necessary for communication as well as for the establishment and execution of the contract. Without the provision of your personal data, we usually have to reject the conclusion of the contract or can no longer carry out an existing contract or. have to stop this.
Profiles on third-party portals
We have a company profile on the following third-party portals. These portals are not operated by us. We use these portals only within the scope of the offer of the respective operator and subject to the applicable terms of use and data protection. Further information on the respective providers and their information on data processing can be found here:
- Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
- Data protection notice: https://www.facebook.com/privacy/explanation
- Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
- Data protection notice: https://help.instagram.com/155833707900388
Part III: Information on your right to object under Art. 21 GDPR
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is based on Art. 6 6 para. 1 lit. f DS-GVO (data processing on the basis of a interests) is to object. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
In individual cases , we process your personal data on order to conduct direct advertising. You have the right to object at any time to the processing of data concerning you for the purpose of such advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection may be made without form and should be addressed as far as possible to the contact details mentioned above in the section “Name and contact details of the controller.