Privacy policy

Personal data (hereinafter mostly referred to as “data”) are only processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data, such as collecting, recording, organizing, arranging, storing, adapting or changing, reading, querying, using, disclosing through transmission, dissemination or any other form of provision, comparison or the linking, the restriction, the deletion or the destruction.

With the following data protection declaration we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, as far as we decide either alone or together with others about the purposes and means of processing. In addition, we will inform you below about the third-party components we use for optimization purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.

Our data protection declaration is structured as follows:

I. Information about us as responsible
II. Rights of users and data subjects
III. Information on data processing

I. Information about us as responsible

Responsible provider of this website in terms of data protection law is:

Contemind KY GmbH

Kristina Markov, Yasmin Grasshoff

Unterortstrasse 29
65760 Eschborn

Email: welcome@store.heidiundpaul.de

Tel: 06196-9676744

II. Rights of users and data subjects

With a view to the data processing described in more detail below, users and data subjects have the right

  • for confirmation as to whether the data concerning you is being processed, for information about the processed data, for further information about data processing and for copies of the data (see also Art. 15 GDPR);
  • to correct or complete incorrect or incomplete data (see also Art. 16 GDPR);
  • to the immediate deletion of the data concerning you (cf. also Art. 17 GDPR), or, alternatively, if further processing is required in accordance with Art. 17 Para. 3 GDPR, to restriction of processing in accordance with Art. 18 GDPR;
  • to receive the data concerning them and provided by them and to transfer this data to other providers / responsible parties (cf. also Art. 20 GDPR);
  • to complain to the supervisory authority if they are of the opinion that the data concerning them are being processed by the provider in violation of data protection regulations (see also Art. 77 GDPR).

In addition, the provider is obliged to notify all recipients to whom data has been disclosed by the provider of any correction or deletion of data or the restriction of processing that takes place on the basis of Articles 16, 17 Paragraph 1, 18 GDPR teaching. However, this obligation does not exist if this notification is impossible or involves disproportionate effort. Irrespective of this, the user has the right to information about these recipients.

According to Art. 21 GDPR, users and data subjects also have the right to object to the future processing of the data concerning them, provided that the data is processed by the provider in accordance with Art. 6 Para. 1 lit.f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permitted.

III. Information on data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data does not conflict with any statutory retention requirements and no other information on individual processing methods is given below.

Server data

For technical reasons, in particular to ensure a secure and stable website, data is transmitted to us or to our web space provider via your internet browser. These so-called server log files record the type and version of your Internet browser, the operating system, the website from which you switched to our website (referrer URL), the website (s) of our website that you are visiting, the date and time of the respective access as well as the IP address of the internet connection from which our website is used.

This data collected in this way is temporarily stored, but not together with other data from you.

This storage takes place on the legal basis of Art. 6 Para. 1 lit.f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

Cookies

a) Session cookies / session cookies

We use so-called cookies on our website. Cookies are small text files or other storage technologies that are stored and stored on your device by the internet browser you use. These cookies process certain information about you, such as your browser or location data or your IP address, to an individual extent.  

This processing makes our website more user-friendly, more effective and more secure, as the processing enables, for example, the reproduction of our website in different languages or the offer of a shopping cart function.

The legal basis for this processing is Art. 6 Paragraph 1 lit b.) GDPR, provided that these cookies are used to process data to initiate or process contracts.

If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Article 6 (1) (f) GDPR.

When you close your Internet browser, these session cookies are deleted.

b) Third party cookies

Our website may also use cookies from partner companies with whom we work for the purpose of advertising, analysis or the functionalities of our website.

The details on this, in particular on the purposes and the legal basis for processing such third-party cookies, can be found in the following information.

c) Disposal option

You can prevent or restrict the installation of cookies by setting your internet browser. You can also delete cookies that have already been saved at any time. The steps and measures required for this, however, depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called flash cookies, however, processing cannot be prevented via the browser settings. Instead you have to change the setting of your Flash player. The steps and measures required for this also depend on the specific Flash player you are using. If you have any questions, please use the help function or documentation of your Flash player or contact the manufacturer or user support.

However, should you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.

Contract processing

The data transmitted by you to make use of our range of goods and / or services will be processed by us for the purpose of processing the contract and are required to that extent. It is not possible to conclude and process contracts without providing your data.

The legal basis for the processing is Art. 6 Para. 1 lit. b) GDPR.

We delete the data when the contract is fully processed, but we must observe the retention periods under tax and commercial law.

As part of the contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or for payment purposes.

The legal basis for forwarding the data is then Art. 6 Para. 1 lit. b) GDPR.

Customer account / registration function

If you create a customer account with us via our website, we will use the data you entered during registration (e.g. your name, address or e-mail address) exclusively for pre-contractual services, for the fulfillment of the contract or for the purpose of Customer care (e.g. to provide you with an overview of your previous orders with us or to be able to offer you the so-called memo function) collect and save. At the same time, we then save the IP address and the date of your registration, along with the time. This data will of course not be passed on to third parties.

As part of the further registration process, your consent to this processing is obtained and reference is made to this data protection declaration. The data collected by us will only be used to provide the customer account. 

If you consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for the processing.

If the opening of the customer account also serves pre-contractual measures or the fulfillment of the contract, the legal basis for this processing is also Art. 6 Para. 1 lit. b) GDPR.

The consent given to us to open and maintain the customer account can be revoked at any time with effect for the future in accordance with Art. 7 Paragraph 3 GDPR. All you have to do is inform us of your revocation.

The data collected in this respect will be deleted as soon as processing is no longer necessary. In doing so, we have to observe retention periods under tax and commercial law.

Checking creditworthiness and scoring

Insofar as we give you the basic option of paying by invoice as part of our range of goods or services and you make use of this, we reserve the right to obtain a mathematical credit report from a credit agency (such as Creditreform, Schufa, Bürgel or infoscore) -to obtain statistical procedures. For this purpose, your data, insofar as it is relevant to the contract, such as your name and address, will be forwarded to the credit agency. We use the following information about the statistical probability of a payment default to decide whether to offer you payment by invoice.

The legal basis for this processing is our legitimate interest in the reliability of the claim in accordance with Art. 6 (1) (f) GDPR.

Newsletter

If you register for our free newsletter, the data you have requested for this purpose, i.e. your e-mail address and - optionally - your name and address, will be transmitted to us. At the same time, we save the IP address of the Internet connection from which you access our website, as well as the date and time of your registration. As part of the further registration process, we will obtain your consent to the sending of the newsletter, describe the content in detail and refer to this data protection declaration. We use the data collected in this way exclusively for sending the newsletter - therefore, in particular, it is not passed on to third parties.

The legal basis for this is Article 6 (1) lit. a) GDPR.

You can revoke your consent to the sending of the newsletter at any time with effect for the future in accordance with Art. 7 Para. 3 GDPR. To do this, all you have to do is inform us of your revocation or use the unsubscribe link contained in every newsletter.

Contact inquiries / contact options

If you contact us via the contact form or email, the data you provide will be used to process your request. The specification of the data is necessary for processing and answering your request - without providing it, we will not be able to respond to your request, or at least to a limited extent.

The legal basis for this processing is Article 6 (1) lit. b) GDPR.

Your data will be deleted if your request has been finally answered and the deletion does not conflict with any statutory retention requirements, e.g. in the event of a subsequent contract processing.

User contributions, comments and ratings

We offer you the opportunity to post questions, answers, opinions or ratings, hereinafter referred to as “contributions”, on our website. If you take advantage of this offer, we will process and publish your contribution, the date and time of submission and the pseudonym you may have used.

The legal basis for this is Article 6 (1) lit. a) GDPR. You can revoke your consent at any time with effect for the future in accordance with Art. 7 Para. 3 GDPR. All you have to do is inform us of your revocation.

In addition, we also process your IP and email address. The IP address is processed because we have a legitimate interest in initiating or supporting further steps if your contribution encroaches on the rights of third parties and / or is otherwise unlawful.

In this case, the legal basis is Article 6 (1) (f) GDPR. Our legitimate interest lies in the legal defense that may be necessary.

Pinterest

We maintain an online presence on Pinterest to present our company and our services and to communicate with customers / interested parties. Pinterest is a service provided by Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

In this respect, we would like to point out that there is a possibility that user data will be processed outside the European Union, in particular in the USA. This can result in increased risks for users insofar as, for example, later access to user data can be made more difficult. We also have no access to this user data. The possibility of access lies exclusively with Pinterest. Pinterest Inc. is certified under the Privacy Shield and has thus committed itself to complying with European data protection standards

https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active

You can find the data protection information from Pinterest at

https://policy.pinterest.com/de/privacy-policy

Facebook

To advertise our products and services and to communicate with interested parties or customers, we operate a company presence on the Facebook platform.

We are jointly responsible for this social media platform with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland.

The data protection officer of Facebook can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated the joint responsibility in an agreement with regard to the respective obligations within the meaning of the GDPR. This agreement, from which the mutual obligations arise, can be accessed under the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of personal data that ensues and is reproduced below is Article 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, communication, sales and advertising of our products and services.

The legal basis can also be the consent of the user in accordance with Article 6 (1) (a) GDPR to the platform operator. According to Art. 7 Para. 3 GDPR, the user can revoke his consent to this at any time by notifying the platform operator for the future.

When you visit our online presence on the Facebook platform, Facebook Ireland Ltd. as the operator of the platform in the EU processes user data (e.g. personal information, IP address, etc.).

This user data is used for statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. Based on these profiles, Facebook Ireland Ltd. For example, it is possible to advertise users within and outside of Facebook based on their interests. If the user is logged into their Facebook account at the time of access, Facebook Ireland Ltd. also link the data with the respective user account.

If the user contacts us via Facebook, the personal data entered on this occasion will be used to process the request. The user's data will be deleted by us, provided that the user's request has been finally answered and there are no statutory retention requirements, e.g. in the case of subsequent contract processing.

To process the data, Facebook Ireland Ltd. possibly also set cookies.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the settings of the browser, but by the corresponding setting of the Flash player. Should the user prevent or restrict the installation of cookies, this may mean that not all Facebook functions can be used to their full extent.

 

More information about the processing activities, their prevention and the deletion of the data processed by Facebook can be found in Facebook's data policy:

https://www.facebook.com/privacy/explanation

It cannot be ruled out that the processing by Facebook Ireland Ltd. also via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Facebook Inc. has submitted to the "EU-US Privacy Shield" and thereby declares compliance with EU data protection requirements when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Linking social media via graphic or text link

We also advertise presences on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents that when a website that has a social media application is called up, a connection to the respective server of the social network is automatically established in order to display a graphic of the respective network itself. The user is only forwarded to the service of the respective social network by clicking on the corresponding graphic.

After the user has been forwarded, information about the user is recorded by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.

Initially, this includes data such as the IP address, date, time and page visited. If the user is logged into their user account of the respective network during this time, the network operator can, if necessary, assign the information collected from the user's specific visit to the user's personal account. If the user interacts via a “share” button on the respective network, this information can be saved in the user's personal user account and published if necessary. If the user wants to prevent the information collected from being directly assigned to his user account, he must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are linked to our site:

facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Data protection: https://www.facebook.com/policy.php

Certification EU-US data protection ("EU-US Privacy Shield") https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Pinterest

Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

Data protection: https://policy.pinterest.com/de/privacy-policy

Certification EU-US data protection ("EU-US Privacy Shield")

https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active

Shopify (shop software + web analysis)

a) Shopify Shop Software

We use “Shopify” to host our shop system as well as to present our offers and to process contracts.

The legal basis is Art. 6 Paragraph 1 lit. b) GDPR (contract initiation / contract processing).

“Shopify” is the service of a group of companies consisting of the companies Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., Shopify (USA) Inc., Shopify Commerce Singapore Pte. Ltd., and Shopify International Limited exist.

If we are based in the European Economic Area (EEA), processing is carried out by Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, hereinafter referred to as "Shopify".

Due to the group of companies, however, it cannot be ruled out that processing will also take place in Canada and the USA, i.e. outside the EEA. However, when data is transferred to the Canadian Shopify Inc., an adequate level of data protection is guaranteed by the adequacy decision of the European Commission. The data transfer to the other aforementioned companies of the group of companies, which are based in the USA, takes place on the basis of the so-called Privacy Shield, a data protection agreement to which the participating partners have submitted and with which compliance with European data protection regulations has been confirmed.

https://www.privacyshield.gov/participant?id=a2zt0000000TNSNAA4&status=Active

Shopify processes the following data on our behalf:

Name, billing address and, if applicable, delivery address, email address, payment details, company name if applicable, telephone number if applicable, IP address, information about orders, information about the retailer shops supported by Shopify that you visit and information about Your device and your internet browser.

Shopify also offers

https://www.shopify.de/legal/datenschutz

further data protection information.

 

b) Shopify web analytics

Insofar as we also use the Shopify web analysis service on our website, Shopify stores cookies on your device via your internet browser. These cookies collect further information, such as B. The place, time or frequency of your visit to our website are transmitted to a Shopify server and evaluated.

The legal basis is Article 6 (1) lit.f) GDPR. Our legitimate interest lies in the analysis and optimization of our website.

If you do not agree to this processing, you have the option of preventing the storage of the cookie by making a setting in your Internet browser. You can find more information on this under "Cookies" above.

Klarna "CHECK-OUT"

We use the payment service of Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden, hereinafter referred to as “Klarna”, to process payments for orders via our online shop.

For this purpose, we have integrated the so-called Klarna check-out into the final order page of our online shop.

The legal basis is the fulfillment of the contract according to Art. 6 Para. 1 lit. b.) GDPR. In addition, we have a legitimate interest in the offer of effective and secure payment options, so that a further legal basis follows from Art. 6 Para. 1 lit. f.) GDPR. 

By integrating Klarna, your internet browser loads the check-out page from a Klarna server. As a result, the operating system you are using, the type and version of your internet browser, the website from which the check-out was requested, the date and time of the call and the IP address are transmitted to Klarna - even without you with the check-out page.

As soon as you complete the order in our online shop, the data you entered in the input fields on the check-out page will be processed by Klarna on its own responsibility to process the payment.

With the payment methods "PayPal" and "Prepayment" offered, processing without your further consent is limited to the transfer of payment data to us or PayPal.

In the case of the payment methods "purchase on account", "hire purchase", "credit card", "direct debit" or "instant transfer", the following personal data in particular are processed by Klarna for the purpose of payment processing and for identity and credit checks:

- Contact information, such as names, addresses, date of birth, gender, email address, telephone number, mobile phone number, IP address, etc.

- Information on processing the order, such as product type, product number, price, etc.

- Payment information, such as debit and credit card details (card number, expiry date and CCV code), billing details, account number, etc.

If you select the payment method "purchase on account" or "hire purchase", Klarna collects and uses personal data and information about your previous payment history to decide whether you will be granted the desired payment method. In addition, probability values are used for your future payment behavior (so-called scoring). The calculation of the scoring is carried out on the basis of scientifically recognized mathematical-statistical methods.

Klarna puts under

https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf

Further information on the processing described above as well as the applicable data protection regulations are available.

Sample data protection declaration the Law firm Weiß & Partner


en