This Privacy Notice applies to the processing of your personal data when you visit our online shop available at www.susannayi.com (“Website”) pursuant to the EU General Data Protection Regulation (“GDPR”).
1. Data controller and contact details
Yi + Schmitt Design Susanna Schmitt, Philipp-Wasserburg-Strasse 20, 55122 Mainz, Germany, (“we”, “us”, “our”) is the data controller responsible for the processing of personal data in connection with the use of the Website.
If you have questions on data protection or this Privacy Notice, or if you wish to exercise your rights (see Section 5), please contact us at the address stated above or using the following contact details:
2. Categories of personal data, processing purposes and legal bases
We collect and process your personal data as described below. Unless otherwise stated below, the provision of personal data to us is neither a statutory nor a contractual requirement, nor a requirement necessary to enter into a contract, and you are not obliged to provide personal data and non-provision of personal data will not affect your ability to use the Website. Where processing is based on Article 6 (1) (f) GDPR, you may request further information on the balancing test by contacting us as set out in Section 1.2.
2.1 Visit of our Website
If you only use our Website for information purposes and do not register, shop in our online shop or otherwise actively provide us with information about yourself, we do not collect any personal data. An exception exists for data that is required for technical reasons so that your browser can display our Website and you can use the Website. The following information is automatically transmitted by your browser each time you visit our website and stored in our server log files:
- browser type/ version
- used operating system
- referrer URL (the previously visited page)
- IP address of the accessing computer
- time of the server request.
The legal basis for the processing of personal data in this regard are our legitimate interests in providing a functioning Website pursuant to Article 6 (1) (f) GDPR.
2.2 Contact form
You may contact us if you have any questions or requests using the contact form provided on the Website. We will process your name, email address and any information that you provide with your request for the purpose of responding to your request. The legal basis for the processing of such personal data are our legitimate interests in responding to your request pursuant to Article 6 (1) (f) GDPR, or contractual purposes pursuant to Article 6 (1) (b) GDPR.
2.3 Customer account
You can create a customer account on our Website. In order to do so, you will be asked to provide the following personal data about you: title, name, postal address, email address, date of birth (optional) and select a password. We process such personal data for the purpose of providing our customer account services to you. Providing such personal data is voluntary and creation of a customer account is not required to order products on our Website. The legal basis for the processing of such personal data are contractual purposes pursuant to Article 6 (1) (b) GDPR.
2.4 Purchases in our online shop
When you order products in our online shop, we process your personal data (e.g., name, billing and delivery address, payment information, information on products ordered) to enter into and fulfill the purchase contract concluded with you. Purchases in our online shop are not possible without providing these personal data. The legal basis for the processing of these data are contractual purposes pursuant to Article 6 (1) (b) GDPR.
You can subscribe to our newsletter on our Website. In order to do so, you will be asked to provide your email address. If you subscribe to the newsletter and consent to the processing of your email address for this purpose, we will use your email address for sending you newsletters. The legal basis for the processing of your personal data for such purpose is your consent pursuant to Article 6 (1) (a) GDPR.
2.6 Marketing and special offers
We may process your name, postal address, email address, age (if voluntarily provided) and purchase history to provide you with information on our products and services, or special events and/or provide you with special offers in writing, or by email. This processing of your personal data will be carried out based on our legitimate interests pursuant to Article 6 (1) (f) GDPR or, as the case may be, your consent in accordance with Article 6 (1) (a) GDPR.
2.7 Google Analytics
Important note concerning data processing in connection with Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the responsible body for the data processing that occurs via this website has their basis outside of the European Economic area and Switzerland, then the associated Google Analytics data processing is carried out by Google LLC. Google Ireland Limited and Google LLC. will hereinafter be referred to as “Google”.
Google Analytics uses “cookies”, which are text files saved on the site visitor’s computer, to help the website analyze their use of the site. The information generated by the cookie (including the truncated IP address) about the use of the website will normally be transmitted to and stored by Google.
Google Analytics is used exclusively with the extension “_anonymizeIp ()” on this website. This extension ensures an anonymization of the IP address by truncation and excludes a direct personal reference. Via this extension Google truncates the site visitor’s IP address within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional situations will the site visitor’s full IP address be transmitted to Google servers in the United States and truncated there. The IP address, that is provided by the site visitor’s browser in using Google Analytics will not be merged by Google with other data from Google.
On behalf of the site operator, Google will use the information collected to evaluate the use of the website, to compile reports on website activity and to provide other website and internet related services to the site operator (Art. 6 (1)( f) GDPR). The legitimate interest in data processing lies in the optimization of this website, the analysis of the use of the website and the adaptation of the content. The interests of the users are adequately protected by the pseudonymization of their data.
Google LLC. has certified their compliance with the EU-U.S. Privacy Shield Framework and on that basis they provides a guarantee to comply with European data protection law. The data sent and linked to the Google Analytics cookies, e.g. user IDs or advertising IDs will be automatically deleted after 50 months. The deletion of data whose retention period has been reached is done automatically once a month.
The website visitor can prevent data collection via Google Analytics on this website by clicking here. An “Opt-out Cookie” shall then be applied which shall prevent any future collection of the site visitors data when visiting this website.
2.9 Social Plugins
On our Website we use social media plugins from Facebook, Instagram, and Pinterest. Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You can find an overview of the Facebook plugins and their appearance here: https://developers.facebook.com/docs/plugins. Instagram is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). An overview of Instagram plugins and their appearance can be found here: https://instagram.tumblr.com/post/36222022872/introducing-instagram-badges. Pinterest is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA (“Pinterest”). An overview of the Pinterest plugins and their appearance can be found here: https://developers.pinterest.com/docs/getting-started/introduction/.
If you access a page on our Website that contains such a plugin, your browser will connect directly to the Facebook, Instagram, or Pinterest servers. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has called the corresponding page of our Website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider in the USA and stored there.
If you are logged in to any of the services, the providers may directly associate your visit to our Website with your profile on Facebook, Instagram, or Pinterest. If you interact with the plugins, for example by clicking on the “Like”, “Instagram”, or “Pin it” buttons, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published in the social network or on your Instagram or Pinterest account and displayed there to your contacts.
If you do not want Facebook, Instagram, or Pinterest to directly associate the information collected through our Website with your profile on the relevant service, you must log out of that service before visiting our Website. You can also use add-ons for your browser to completely prevent plugins from loading, e.g., the script blocker “NoScript” (http://noscript.net/).
We may engage third parties to provide certain services to us (e.g., technical assistance, or logistics services). When providing such services, the service providers may have access to your personal data. However, any access is limited to recipients with a need to know. E.g., where we use service providers to process your order, the service providers only receive access to your data to the extent required to process such order. Where we engage service providers as data processors, we will only use processors providing sufficient guarantees to implement appropriate technical and organizational measures to protect your personal data and enter into data processing agreements obligating them to processes your personal data only as instructed.
We may also transfer your personal data to law enforcement agencies, or governmental authorities if obligated to do so under applicable law, or to legal counsel and external consultants in compliance with a legal obligation or our legitimate interests to, e.g., exercise or defend legal claims.
4. Transfers of personal data
In some circumstances, we may transfer your personal data outside of the European Economic Area. To the extent your personal data are transferred to countries that do not provide for an adequate level of data protection from an EU law perspective, we will base the respective transfer on appropriate safeguards, such as the standard contractual clauses adopted by the European Commission. Data transfers to the US may also be based on the EU-U.S. Privacy Shield. You can request a copy of the appropriate safeguards by contacting us as set out in Section 1.2.
5. Your rights
5.1 If you declared your consent for any data processing, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
5.2 You also have the right to lodge a complaint with a data protection supervisory authority.
5.3 Pursuant to applicable data protection law, you may have the following rights:
- Right of access, Article 15 GDPR. You may have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data pursuant to Article 15 GDPR. You may also have the right to obtain a copy of the personal data undergoing processing. For any further copies requested by you, we may charge a reasonable fee based on administrative costs.
- Right to rectification, Article 16 GDPR. You may have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure (‘right to be forgotten’), Article 17 GDPR. Under certain conditions, you may have the right to obtain from us the erasure of personal data concerning you without undue delay and we may be obligated to erase personal data without undue delay.
- Right to restriction of processing, Article 18 GDPR. Under certain conditions, you may have the right to obtain from us restriction of processing.
- Right to data portability, Article 20 GDPR. Under certain conditions you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us.
|Right to object, Article 21 GDPR.You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions. In such case, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you or for the establishment, exercise or defence of legal claims.Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.|
- To exercise your rights, please contact us as set out in section 1.2.
6. Retention of Data
Your personal data will be retained for as long as necessary for the respective purpose. When we no longer need your personal data for such purpose, we will delete it from our systems or anonymize it so that you can no longer be identified from it. As exception applies to the extent we need to retain data to comply with legal or regulatory obligations or if we need to preserve evidence for the exercise or defense of legal claims. For example, statutory retention periods resulting from the German Commercial Code or from the German Tax Code usually contain retention periods ranging from 6 to 10 years.
7. Changes to this Privacy Notice
This Privacy Notice may require an update from time to time, e.g. due to the implementation of new functions of the Website. We reserve the right to change or supplement this Privacy Notice at any time. We will publish the changes on the Website prior to their entering into effect.
Valid as of May 5, 2019