Data protections policy
Thank you for your interest in our website www.catharinamende.com (the "Website"). The protection of your privacy is very important to us. In the following we will inform you in detail about how we handle your data. The collection and processing of personal data is carried out strictly in accordance with the legal provisions of EU Regulation 679/2016 (GDPR).
Provider of the website and responsible in terms of data protection law is Catharina Mende GmbH, [Schröderstrasse 12/1, 10115 Berlin, Germany, firstname.lastname@example.org].
1. Collection, processing and use of personal data
You can visit our website without providing any personal information. We only store access data such as IP address, browser type and version, the operating system used, the name of your internet service provider, the page from which you visit us or the name of the requested file. These data are used exclusively to enable you to access and use the website and are evaluated to improve our offer without allowing a direct conclusion to your person. This data will not be merged with other data provided by you. The use of the data for these purposes is justified to protect our legitimate interest in the provision and improvement of our website in accordance with Art. 6 para. 1 sentence 2 lit. f) GDPR. We delete these data as soon as they are no longer required for the purposes for which they were collected, i.e. usually when you exit the website.
Contact and payment details
Direct personal data is only collected if you voluntarily provide us with this information when placing an order in our web store or registering for our newsletter. For orders, these are your name, delivery address, e-mail address and payment information (e.g. credit card number). When registering for our newsletter, this is your e-mail address. We use the data you provide without your separate consent exclusively for the fulfilment and processing of your order in accordance with Art. 6 para. 1 sentence 2 lit. b) GDPR.
With full execution of the contract and full payment of the purchase price, your data will be blocked for further use and deleted after expiry of the tax and commercial law retention periods, unless you have expressly consented to the further use of your data.
If you register for our newsletter, you will be asked to enter your e-mail address and to give your separate consent to be informed by us at irregular intervals about news in connection with our offer. We will use your e-mail address collected in this context exclusively for this purpose in accordance with Art. 6 para. 1 sentence 2 lit. a) GDPR. You can revoke your consent at any time with effect for the future. You can do this by sending an e-mail to [email@example.com] or by clicking on the opt-out link in each of our newsletters. Upon receipt of the revocation of your consent, we will immediately delete your e-mail address. For sending our newsletter we use the service provider SendInBlue (see section 8 below).
The above-mentioned data is hosted by us on the servers of our service provider Shopify. These servers may be located outside the European Union, e.g. in Canada or the USA. If an adequate level of data protection does not exist in these countries, individual measures are taken to ensure such an adequate level. Details of these measures can be found at [firstname.lastname@example.org].
To make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device when you visit the website and send us information about your previous settings and use of the website. Some of the cookies we use are required exclusively to be able to use our website and are deleted again after the end of the browser session, i.e. after closing your browser (so-called session cookies). The setting of these cookies is necessary to enable the use of the functions of the website. Other cookies remain on your end device and enable us to recognize your browser the next time you visit us (persistent cookies). These cookies are only stored on your terminal device if you give us your consent to do so when you first visit the website. You can delete all cookies stored on your terminal device at any time. You can also access our cookie management tool to obtain more detailed information on the cookies used and to correct your cookie selection.
You can set your browser to inform you in advance about the setting of cookies and to decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be limited.
Use of GDPR Legal Cookie
3. Transfer of personal data
Your data will be transferred to the shipping company commissioned with the delivery, as far as this is necessary to deliver the ordered goods. For the processing of payments, we transfer your payment data to the credit institution commissioned with the payment or to the payment service provider selected in the ordering process (we currently use for this purpose Mollie B.V., a financial institute with its registered seat in the Netherlands). These transfers are necessary for the proper provision of the services offered via our website and are justified according to Art. 6 para. 1 sentence 2 lit. b) GDPR.
If we transfer data to the providers of third-party content (see section 7-12 below) as part of the integration of third-party content (see section 7-12 below), data may be transferred to recipients outside the EEA for this purpose. A different data protection standard may apply here than within the EEA. In such cases, however, we have taken appropriate measures to ensure an adequate level of data protection also for recipients outside the EEA. If you have any further questions in this regard, please feel free to contact us at the contact addresses listed in section 5.
4. Your rights
You have the right to request information about the data stored about you in accordance with Art. 15 GDPR, to request the correction of incorrect data in accordance with Art. 16 GDPR and to request the deletion of data in accordance with Art. 17 GDPR or the restriction of data processing in accordance with Art. 18 GDPR. In addition, you have the right to object to the processing of your data in accordance with Art. 21 GDPR if the reason for the objection arises from your particular situation and the data is processed to protect one of our legitimate interests. You also have a right of appeal in accordance with Art. 77 GDPR if you believe that we are not processing your personal data in accordance with the applicable law.
5. Contact person for data protection
For questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data and revocation of consents granted, please contact:
Catharina Mende GmbH, [Schröderstrasse 12/1, 10115 Berlin, Germany, email@example.com].
6. Data security
Your personal data will be encrypted during the ordering process using SSL/TLS over the Internet. Credit card data is not stored, but collected and processed directly by our payment service provider (for example Paypal). We secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.
7. Creation of pseudonymous user profiles for web analysis
If you give us your consent on your first visit to the website, the website will use the functions of the web analysis service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called cookies. These are text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. This website uses Google Analytics with the "IP Masking" function, i.e. your IP address is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area before being forwarded to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.
you can find more information about Google Analytics at http://www.google.com/analytics/terms/de.html and at https://www.google.de/intl/de/policies/.
If you give us your consent the first time you visit the website, the website will use the web analytics service provided by Shopify Inc., a Canadian-based company. In doing so, Shopify collects information about your use of our website (e.g., ID numbers, IP addresses, how you navigated our website and what you purchased) through a cookie or similar means and sends it to Shopify's servers. These servers may be located in a country outside the European Union where there is no adequate level of data protection. In this case, individual measures are taken to ensure that an adequate level of data protection is maintained. Shopify evaluates this information on our behalf and provides us with aggregated overviews that allow us to analyze and improve the use of our website. You can withdraw your consent at any time using our cookie management tool.
8. Distribution of the newsletter by SendInBlue
Our newsletter is sent via the service "SendInBlue", which is offered by SendInBlue GmbH, Köpenicker Landstrasse 126, 10179 Berlin.
The e-mail addresses of our newsletter subscribers and other data as further specified in this section are stored by SendInBlue on the servers in Germany. SendInBlue uses this information to send and evaluate the newsletter on our behalf (e.g. to analyze how many subscribers have opened a certain newsletter, etc.). SendInBlue does not use the data of our subscribers to contact them itself or to pass them on to third parties.
9. Integration of third-party fonts and designs
We also use fonts provided by Google on our website. In order to be able to display these fonts correctly, a connection to the Google servers is established when our website is accessed and, in particular, the technical data mentioned in section 1 is transmitted. The legal basis for this integration is our legitimate interest in the error-free display of our website (Art. 6 para. 1 lit. f) GDPR). Further information on the use of your data by Google is available at https://adssettings.google.com/authenticated as well as at http://www.google.de/intl/de/policies/privacy.
We also use on our website fonts and designs from the FontAwesome service provided by Fonticons Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA. In order to display these fonts and designs correctly, a connection to Fonticons' servers is established when you access our website and, in particular, the technical data mentioned in section 1 is transmitted. The legal basis for this integration is our legitimate interest in the error-free display of our website (Art. 6 para. 1 lit. f) GDPR). For further information on the use of your data by Fonticons, please visit https://fontawesome.com/privacy.
10. Integration of videos and images
We integrate videos from the "Vimeo" platform on our website. Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York, NY 10011, USA. By integrating the videos, it is possible to display videos available on Vimeo directly on our website. In order to view the videos, it is necessary for us to transmit certain data (especially the technical data mentioned in section 1 to Vimeo servers. In this case, data processing is carried out in order to protect our legitimate interest in providing the videos you have expressly requested (Art. 6 para. 1 lit. f) GDPR). The data transfer takes place regardless of whether you have a Vimeo account or are logged in to it. However, if you are logged in to your Vimeo account, Vimeo can associate this information with your account. Please visit http://vimeo.com/privacy for more information about how Vimeo processes data.
We also integrate images offered through the "Instagram" service into our website. To display these images, a connection is established from your device to the Instagram server when you visit our website. This requires that technical data about your device be passed to the Instagram server. This serves our legitimate interest in making the website available to you in an appropriate form (Art. 6 para. 1 lit. f) GDPR). Instagram is offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
11. Integration of content delivery services
We use on our website the Content Delivery Network (CDN) of "jquery", which is developed by the jquery Team or the jquery Foundation. jquery is a Java Script library, which enables the retrieval of certain content used on the website from the CDN servers. This requires a connection from your device to these servers, including the transmission of the IP address. The legal basis for data processing is our legitimate interest in optimizing the performance of our website in accordance with Art. 6 para. 1 lit. f) GDPR.
12. Marketing campaigns
We may launch marketing campaigns on our social media profiles listed below or on other websites; e.g. through Google AdWords, on Facebook or Instagram. For this purpose, our respective advertising partner (e.g. Google, Facebook, and Instagram) will determine whether and how you react to advertisements placed by them. For this purpose, the respective advertising partner records the pseudonymous identification number assigned to your device and can track how you interact with the displayed advertisement (in particular, whether you click on it and reach our website). The respective advertising partner only provides us with aggregated overviews of the reach of the advertising campaigns we run. A corresponding evaluation by our advertising partner will only take place if you have given your prior consent. You can correct your consent at any time using our cookie management tool.
In addition, you can take technical measures to ensure that an evaluation is not carried out, e.g: Preventing the setting of third-party cookies in your browser; via the http://aboutads.info/choices platform, but only for IBA members. You can also revoke your consent to Google at the following link: http://www.google.com/settings/ads/plugin.
Use of Facebook Pixel
Use of Google Ads conversion tracking
Our website uses the online marketing program "Google Ads", including conversion tracking (evaluation of user actions). Google conversion tracking is a service operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
If you click on adverts placed by Google, a cookie is placed on your computer for conversion tracking. These cookies have limited validity, do not contain any personal data and thus cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and were forwarded to this page. Every Google Ads customer receives a different cookie. It is therefore not possible to track cookies relating to the websites of Ads customers.
The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, they do not receive any information with which could be used to personally identify users.
Your data may be transmitted to the USA. For the USA, no adequacy decision from the EU Commission is available.The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks (https://policies.google.com/privacy/frameworks) and https://business.safety.google/adscontrollerterms/ (https://business.safety.google/adscontrollerterms/).
Use of the remarketing or "similar target groups" function by Google Inc.
Our website uses the remarketing or "similar target groups" function by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
This application serves to analyse visitor behaviour and visitor interests.
Your data may be transmitted to the USA. For the USA, no adequacy decision from the EU Commission is available. The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks (https://policies.google.com/privacy/frameworks).
The data processing, particularly the placing of cookies, is carried out on the basis of Article 6(1)(f) GDPR due to our overriding legitimate interest in addressing visitors to the website with targeted, interest-related advertising. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out in accordance with Article 6(1)(f) GDPR.
13. Profiles on social media platforms outside the website
In addition to the website, we also operate our own profiles on external social media platforms. If you connect or interact with our profile through these platforms, your data is collected and processed by the third-party platform and we may also gain insight into your interactions with our profile. This is done in accordance with the data protection policies applicable on the platform. It is possible that your data may be transferred to servers in the USA when using these platforms. In particular, it is possible that the operator of the respective platform may use your data to create statistical evaluations for us regarding the use of our profile or to present you with advertisements based on your behavior and to create corresponding profiles of you. The legal basis for data processing is, depending on the individual case, Art. 6 para. 1 lit. f) GDPR (legitimate interest in the operation of the platform or our profile or statistical evaluation of the use of the profile) or Art. 6 para. 1 lit. a) GDPR (in particular tracking and profiling).
We are active on the following social media platforms:
- Twitter: You can find more information about data processing by Twitter at http://twitter.com/privacy.
- LinkedIn: You can find more information about data processing by LinkedIn at http://linkedin.com/legal/privacy-policy.
- Facebook: We are jointly responsible for the processing of data with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have concluded an agreement with Facebook to this effect, which can be found at http://facebook.com/legal/terms/page_controller_addendum. If you have any questions about data processing, you can contact the data protection officer of Facebook via: http://facebook.com/help/contact/540977946302970. You can find more information about data processing by Facebook at http://facebook.com/privacy/explanation.
- Instagram: This is also a service of meta Platforms and the aforementioned information applies.
- Pinterest: You can find more information about data processing by Pinterest at https://policy.pinterest.com/en/privacy-policy.
If you have any questions or would like to assert claims concerning the data processing by ourselves on these profiles, the explanations in the section for our website apply. With regard to such inquiries or the assertion of rights against the operator of the platform, please use the contact information in the mentioned data protection policies.