I. Name and address of the person responsible
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
EH Fashion Berlin Ltd.
- represented by the Managing Director Iryna Igorivna Herzog -
Düsseldorfer Straße 75
Phone: +49 (030) 29 67 24 45
II. General information on data processing
1. Terms used
"Personal Data" means any information relating to an identified or identifiable natural person ('the data subject'); Identifiable is a natural person who can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.B cookie) or one or more specific characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. "Processing" means any operation or series of operations carried out with or without the help of automated procedures in connection with personal data. The term goes far and covers virtually every use of data. 'Responsible person' means the natural or legal person, authority, body or other body which decides, alone or jointly with others, on the purposes and means of the processing of personal data.
2. Scope of processing of personal data
In principle, we only collect and use personal data of our users insofar as this is necessary for the provision of a functional website as well as our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent is not possible for actual reasons and the processing of the data is permitted by statutory provisions.
3. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing personal data, Art.6 sec. 1 lit.a serves as the legal basis for the processing of personal data. In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art.6 (1) lit.b GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures. Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art.6 (1) lit.c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art.6(1) lit.d GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first interest, Article 6(1) lit.f GDPR serves as the legal basis for the processing.
4. Data erasure and storage time
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is omitted. In addition, storage can be carried out if: this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract or a fulfilment of the contract.
III. Provision of the website and creation of log files
1. Description and scope of data processing
Every time we access our website, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
- Information about the browser type and version used
- the user's operating system
- the user's Internet service provider
- the ip address of the user
- Date and time of access
- Websites from which the user's system enters our website
- Websites accessed by the user's system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art.6 sec.1 lit.f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to enable the delivery of the website to the user's computer. To do this, the user's IP address must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The "anonymizeIp" element deletes the last eight bits of the user's IP address and does not transfer them to Google Analytics. In these purposes lies also our legitimate interest in data processing in accordance with Art.6 sec.1 lit.f GDPR.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is terminated. In the case of the storage of the data in log files, this is the case after 6 at the latest. For data protection reasons, the host name or IP address of the client who accesses the website is anonymized in the log files. Additional storage is not possible.
5. Possibility of opposition and disposal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
1. Description and scope of data processing
- Shopping cart information in the Shop section
- Date and time of access
- Log-in information in the Shop area
- Session data to detect users
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art.6 sec.1 lit.f GDPR. The legal basis for the processing of personal data using technically necessary cookies is Art.6 sec.1 lit.f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art.6 sec.1 lit.a GDPR in the event of the user's consent in this regard.
3. Purpose of data processing
- Transfer of language settings
- Remembering shopping cart contents
- Shop login function
- Shop Ordering Process Tracking
The user data collected by technically necessary cookies will not be used to create user profiles. The use of the analysis cookies is done for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and can thus continuously optimize our offer. In these purposes, our legitimate interest lies in the processing of personal data in accordance with Art.6 sec.1 lit.f GDPR.
4. Duration of storage, possibility of objecting and disposal
Your personal data collected during the ordering process will be used for order processing and contract performance and, if necessary, will also be transmitted to third parties such as .B. We only pass on your personal data necessary for the performance of the contract to third parties to the extent that is necessary for the fulfilment of the contract or if there is a legal obligation to pass on.
We check your creditworthiness by providing SCHUFA HOLDING AG, Kormoranweg 5 in 65201 Wiesbaden, with data on the application, admission and termination of this contract and by obtaining information about you from SCHUFA, insofar as this is permitted after weighing up our interests with your interest in excluding the transmission.
Furthermore, we will also provide SCHUFA with data that does not contain contractual conduct such as card misuse, after weighing up all the interests concerned.
SCHUFA only provides personal data if a legitimate interest in this has been credibly demonstrated in individual cases. SchufA discloses address data for the determination of debtors. When providing information, SCHUFA may, in addition, provide its contractual partners with a probability value calculated from its database for the assessment of credit risk (so-called score procedure).
At the Internet address www.meineschufa.de or the address SCHUFA Holding AG, P.O. Box 10 25 66, 44725 Bochum, you can obtain information about the stored data concerning you at any time from SCHUFA.
You can object to the use and processing of your data for marketing purposes at any time by e-mail to email@example.com.
You can view, edit and delete your personal data at any time in the "My Account" section using your email address and password.
On request, we will provide you with free information about the data stored about you in accordance with Section 34 of the German Data Code (BDSG). Furthermore, you have the right to request from us at any time the correction, deletion and blocking of your personal data. However, we will not delete the order until the order process has been completed. The deletion takes into account the restrictions imposed by the tax office.
VI. Order processing
As part of the registration and registrationas as well as the use, we store the IP address and the time of the respective usage act. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of this data to third parties takes place in principle, unless it is necessary for the prosecution of our claims or there is a legal obligation to do so in accordance with Art. 6 sec. 1 lit.c GDPR.
The deletion takes place after expiry of legal warranty and comparable obligations, the necessity of the retention of the data; in the case of statutory archiving obligations, the deletion shall take place after the expiry of a 6-year or 10-year retention obligation.
VII. E-mail Contact
1. Description and scope of data processing
You can contact us via the e-mail address provided. In this case, the personal data of the user transmitted by the e-mail will be stored. In this context, it does not pursue any disclosure of the data to third parties. The data is used exclusively for the processing of the conversation.
2. Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art.6 sec.1 lit.f GDPR. If the e-mail contact is aimed at concluding a contract, an additional legal basis for processing Art.6 sec.1 lit.b GDPR.
3. Purpose of data processing
The processing of the personal data obtained by contacting by e-mail takes place for the purpose of processing the user's request or possible follow-up questions.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case for personal data sent by e-mail when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts in question have been finally clarified. The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
5. Possibility of opposition and disposal
The user has the possibility to revoke his/her consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. The revocation of consent must be addressed to firstname.lastname@example.org. All personal data stored in the course of contacting us will be deleted in this case.
VIII. Use of analytics services
1. Google Analystics
Our website uses Google Analytics, a web analytics service provided by Google Inc. (following: Google). Google Analytics uses so-called "cookies", i.e. text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites (see section IV. 3.), your IP address will be truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, comcompile reports on the website activities and to provide other services relating to the use of the website and the internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to the full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: browser add-on for disabling Google Analytics. In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link. This will install an opt-out cookie on your device. This prevents the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.
With your consent, you can subscribe to our newsletter, with which we inform you about current topics of our company. The advertised topics are mentioned in the declaration of consent. To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and after one month we will automatically save your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify possible misuse of your personal data.
The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 sec. 1 lit. a GDPR, Art. 7 GDPR i.V. .m. Section 7 (2) No. 3 UWG, Section 7 (3) UWG. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each newsletter e-mail, via the form of the website,by e-mail to email@example.com by sending a message to the contact details given in the imprint.
X. Social Media PlugIns
Social plug-ins of the providers listed below are used on our websites. You can recognize the plug-ins by the fact that they are marked with the corresponding logo.
We have integrated the social media buttons of the following companies on our website:
Facebook Inc. (1601 S. California Ave., Palo Alto, CA 94304, USA)
Instagram LLC (1601 Willow Rd., Menlo Park, CA 94025, USA)
Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
These plug-ins may be used to send information, which may include personal data, to the service provider and, if necessary, to use it. We prevent the unconscious and unintentional collection and transmission of data to the service provider through a 2-click solution. In order to activate a desired social plug-in, it must first be activated by clicking on the corresponding switch. Only through this activation of the PlgIn will the collection of information and its transmission to the service provider be triggered. We do not collect any personal data ourselves via the social plug-ins or about their use.
We have no influence on what data an activated plug-in collects and how it is used by the provider. At present, it must be assumed that a direct connection to the provider's services will be established and that at least the IP address and device-related information will be collected and used. It is also possible that the service providers will attempt to store cookies on the computer you are using. You can find out which specific data is collected and how it is used in the data protection notices of the respective service provider. Note: If you are logged in to Facebook at the same time, Facebook can identify you as a visitor to a particular page.
We use the bookmark service addthis.com on our website. AddThis is a service provided by Clearspring Technologies Inc., 8000 Westpark Drive, Suite 625, McLean, VA 2210, USA. At jin the individual retrieval of our website, which is equipped with such an "AddThis" component, this component causes the browser you are using to download a corresponding representation of the component of addthis.com. This process will inform addthis.com which specific page of our website you are currently visiting. Furthermore, addthis.com will be informed about your IP address, browser type, browser language, the previously accessed website as well as the date and time of your visit to the website in order to create anonymized user profiles with this data. This data enables AddThis and its partner companies to target visitors to our website with personalized, interest-based advertising. The advertising media is displayed on the basis of the browser cookie set by addthis.com, which analyses the usage behaviour of the website visitor. You can permanently object to the setting of the addthis.com cookies by downloading and installing the opt-out cookie available at the following link: http://www.addthis.com/privacy/opt-out.
XI. Application procedure
We collect and process personal data from you for the purpose of processing the application process. The legal basis for this is Art. 6 sec. 1 sentence 1 lit b) GDPR, Section 26 of the BDSG (new) or, in the case of wiliigung, Art. 6 sec. 1 sentence 1 lit. a), Art. 7 GDPR.
It is important to us to ensure the highest possible protection of your personal data. All personal data collected and processed in the course of an application with us are protected by technical and organizational measures against unauthorized access and manipulation.
By sending your data, you agree to the use of your data. The legal basis for this is Art. 6 sec. 1 sentence 1 lit f GDPR.
Processing can also be done electronically. This is especially the case if you send us relevant application documents by electronic means, for example by e-mail. If we conclude an employment contract with you, the transmitted data will be stored for the purpose of the processing of the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with you, the application documents will be automatically deleted six months after the announcement of the cancellation decision, provided that no other legitimate interests conflict with deletion. Other legitimate interests in this sense include, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).
For reasons of security and to protect the transmission of confidential content, such as during the application process via the form of our website, which you send to us as site operator, our website uses SSL encryption. You can recognize an encrypted connection by changing the address line of the browser from "http://" to "https://" and by the lock icon in your browser line. If SSL encryption is enabled, the data you submit to us cannot be read by third parties.
XIII. Rights of the data subject
If personal data is processed by you, you are a data protection in the social security of the GDPR and you have the following rights towards the controller:
1. Right of access
You can use dem responsible persons request confirmation as to whether personal data concerning you is processed by us.
If such processing is available, you may request the following information from the controller:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed;
- the planned duration of the storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restrict processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the origin of the data if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling in accordance with Article 22(1) and 4 GDPR and, at least in such cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art.46 GDPR in connection with the transmission.
2. Right to correction
You have the right to rectification and/or completion to the controller if the personal data processed concerning you is inaccurate or incomplete. The controller must make the correction without delay.
3. Right to restrict processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
- if you dispute the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims, or
- if you have objected to the processing in accordance with Art.21(1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
Where the processing of personal data concerning you has been restricted, such data may be processed, except for its storage, only with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to delete
You may require the controller to ensure that the person concerned by you isdata relating to the data are deleted immediately and the controller is obliged to delete such data immediately, provided that one of the following reasons applies:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent, on which the processing was based in accordance with Art.6 (1) lit.a or Art.9 (2) lit.a GDPR, and there is no other legal basis for the processing.
- You object to the processing in accordance with Art.21(1) GDPR and there are no primary legitimate grounds for processing, or you object to the processing in accordance with Art.21 sec. 2 GDPR.
- The personal data concerning you has been processed unlawfully.
- The erasure of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you has been collected in relation to information society services offered in accordance with Art.8(1) GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to delete them in accordance with Art.17(1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested from them the deletion of all links to such personal data or from copies or replications of that personal data.
The right to erasure does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
2. to fulfil a legal obligation required by the law of the Union or the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority delegated to the controller;
(3) for reasons of public interest in the field of public health in accordance with Article.9(2) lit.h and i and Article 9(3) GDPR;
(4) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, insofar as the law referred to in (a) is likely to make the achievement of the objectives of such processing impossible or seriously impairs, or
(5) to assert, exercise or defend legal claims.
5. Right to information
If you have asserted the right to rectification, erasure or restriction of the processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed, this rectification or deletion of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients in respect of the controller.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance by the controller to whom the personal data was provided,N
(1) the processing is based on a consent in accordance with Art.6 sec.1 lit.a GDPR or Art.9 .2 lit.a GDPR or on a contract pursuant to Art.6 .1 lit.b GDPR and
(2) processing is carried out using automated procedures.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Right of objection
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you under Article.6 (1) lit.e or f GDPR; this also applies to profiling based on these provisions.
The controller no longer processes the personal data concerning you, unless he can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling in so far as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the opportunity to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Automated decision-making on a case-by-case basis, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect against you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the controller;
(2) is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests;
(3) with your express consent.
However, these decisions may not be based on specific categories of personal data under Article.9(1) GDPR, unless Article 9(2) lit.a or g applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests, including at least the right to benefit from the intervention.ns on the part of the person responsible, on the basis of his own point of view and on the basis of a challenge to the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the GDPR. The supervisory authority to which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.