Data protections policy

Thank you for your interest in our website www.catharinamende.com (the "Website"). The protection of your privacy is very important to us. In the following we will inform you in detail about how we handle your data. The collection and processing of personal data is carried out strictly in accordance with the legal provisions of EU Regulation 679/2016 (GDPR).

Provider of the website and responsible in terms of data protection law is Catharina Mende GmbH, [Schröderstrasse 12/1, 10115 Berlin, Germany, info@catharinamende.com].

1. Collection, processing and use of personal data

Technical data
You can visit our website without providing any personal information. We only store access data such as IP address, browser type and version, the operating system used, the name of your internet service provider, the page from which you visit us or the name of the requested file. These data are used exclusively to enable you to access and use the website and are evaluated to improve our offer without allowing a direct conclusion to your person. This data will not be merged with other data provided by you. The use of the data for these purposes is justified to protect our legitimate interest in the provision and improvement of our website in accordance with Art. 6 para. 1 sentence 2 lit. f) GDPR. We delete these data as soon as they are no longer required for the purposes for which they were collected, i.e. usually when you exit the website.

Contact and payment details
Direct personal data is only collected if you voluntarily provide us with this information when placing an order in our web store or registering for our newsletter. For orders, these are your name, delivery address, e-mail address and payment information (e.g. credit card number). When registering for our newsletter, this is your e-mail address. We use the data you provide without your separate consent exclusively for the fulfilment and processing of your order in accordance with Art. 6 para. 1 sentence 2 lit. b) GDPR.

With full execution of the contract and full payment of the purchase price, your data will be blocked for further use and deleted after expiry of the tax and commercial law retention periods, unless you have expressly consented to the further use of your data.

If you register for our newsletter, you will be asked to enter your e-mail address and to give your separate consent to be informed by us at irregular intervals about news in connection with our offer. We will use your e-mail address collected in this context exclusively for this purpose in accordance with Art. 6 para. 1 sentence 2 lit. a) GDPR. You can revoke your consent at any time with effect for the future. You can do this by sending an e-mail to [info@catharinamende.com] or by clicking on the opt-out link in each of our newsletters. Upon receipt of the revocation of your consent, we will immediately delete your e-mail address. For sending our newsletter we use the service provider SendInBlue (see section 8 below).

The above-mentioned data is hosted by us on the servers of our service provider Shopify. These servers may be located outside the European Union, e.g. in Canada or the USA. If an adequate level of data protection does not exist in these countries, individual measures are taken to ensure such an adequate level. Details of these measures can be found at [info@catharinamende.com].

2. Use of cookies

To make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device when you visit the website and send us information about your previous settings and use of the website. Some of the cookies we use are required exclusively to be able to use our website and are deleted again after the end of the browser session, i.e. after closing your browser (so-called session cookies). The setting of these cookies is necessary to enable the use of the functions of the website. Other cookies remain on your end device and enable us to recognize your browser the next time you visit us (persistent cookies). These cookies are only stored on your terminal device if you give us your consent to do so when you first visit the website. You can delete all cookies stored on your terminal device at any time. You can also access our cookie management tool to obtain more detailed information on the cookies used and to correct your cookie selection.

You can set your browser to inform you in advance about the setting of cookies and to decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be limited.

Use of GDPR Legal Cookie
On our website, we use the consent management tool GDPR Legal Cookie from beeclever GmbH, Friedrich-Mohr-Straße 1, D-56070 Koblenz a.Rh., Germany; "beeclever". The tool enables you to give your consent to data processing via the website, in particular to set cookies, as well as to make use of your right of revocation for consents already given. The data processing serves the purpose of obtaining and documenting necessary consents to data processing and thus to comply with legal obligations. Cookies may be deployed for this purpose. The following information may be collected and transmitted to beeclever: anonymous IP address, date and time of consent, URL from which consent was sent, anonymous, random, encrypted key, consent status. This data will not be passed on to any other third parties. The data processing is carried out on the basis of Article 6(1)(c) GDPR to comply with a legal obligation. For more information on terms of use and data protection at beeclever, please visit: https://gdpr-legal-cookie.com/pages/terms-conditions and https://gdpr-legal-cookie.com/pages/datenschutzerklarung.

If a provider of a cookie is located outside the European Union, your consent via the consent management tool also includes the transfer of your data to the respective country. You are aware that different data protection standards may apply there and that your data may not be protected to the same extent as here, e.g. against access by investigating authorities, and that you may not have any effective legal remedies against such access or be informed of such access.

3. Transfer of personal data

Your data will be transferred to the shipping company commissioned with the delivery, as far as this is necessary to deliver the ordered goods. For the processing of payments, we transfer your payment data to the credit institution commissioned with the payment or to the payment service provider selected in the ordering process (we currently use for this purpose Mollie B.V., a financial institute with its registered seat in the Netherlands). These transfers are necessary for the proper provision of the services offered via our website and are justified according to Art. 6 para. 1 sentence 2 lit. b) GDPR.

If we transfer data to the providers of third-party content (see section 7-12 below) as part of the integration of third-party content (see section 7-12 below), data may be transferred to recipients outside the EEA for this purpose. A different data protection standard may apply here than within the EEA. In such cases, however, we have taken appropriate measures to ensure an adequate level of data protection also for recipients outside the EEA. If you have any further questions in this regard, please feel free to contact us at the contact addresses listed in section 5.

4. Your rights

You have the right to request information about the data stored about you in accordance with Art. 15 GDPR, to request the correction of incorrect data in accordance with Art. 16 GDPR and to request the deletion of data in accordance with Art. 17 GDPR or the restriction of data processing in accordance with Art. 18 GDPR. In addition, you have the right to object to the processing of your data in accordance with Art. 21 GDPR if the reason for the objection arises from your particular situation and the data is processed to protect one of our legitimate interests. You also have a right of appeal in accordance with Art. 77 GDPR if you believe that we are not processing your personal data in accordance with the applicable law.

5. Contact person for data protection

For questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data and revocation of consents granted, please contact:

Catharina Mende GmbH, [Schröderstrasse 12/1, 10115 Berlin, Germany, info@catharinamende.com].

6. Data security

Your personal data will be encrypted during the ordering process using SSL/TLS over the Internet. Credit card data is not stored, but collected and processed directly by our payment service provider (for example Paypal). We secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.

7. Creation of pseudonymous user profiles for web analysis

If you give us your consent on your first visit to the website, the website will use the functions of the web analysis service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called cookies. These are text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. This website uses Google Analytics with the "IP Masking" function, i.e. your IP address is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area before being forwarded to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do so you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:

http://tools.google.com/dlpage/gaoptout?hl=de;
you can find more information about Google Analytics at http://www.google.com/analytics/terms/de.html and at https://www.google.de/intl/de/policies/.

If you give us your consent the first time you visit the website, the website will use the web analytics service provided by Shopify Inc., a Canadian-based company. In doing so, Shopify collects information about your use of our website (e.g., ID numbers, IP addresses, how you navigated our website and what you purchased) through a cookie or similar means and sends it to Shopify's servers. These servers may be located in a country outside the European Union where there is no adequate level of data protection. In this case, individual measures are taken to ensure that an adequate level of data protection is maintained. Shopify evaluates this information on our behalf and provides us with aggregated overviews that allow us to analyze and improve the use of our website. You can withdraw your consent at any time using our cookie management tool.

8. Distribution of the newsletter by Brevo

Our newsletter is sent via the service "Brevo" (former Sendinblue), which is offered by Sendinblue GmbH, Köpenicker Landstrasse 126, 10179 Berlin.

The e-mail addresses of our newsletter subscribers and other data as further specified in this section are stored by Brevo on the servers in Germany. Brevo uses this information to send and evaluate the newsletter on our behalf (e.g. to analyze how many subscribers have opened a certain newsletter, etc.). Brevo does not use the data of our subscribers to contact them itself or to pass them on to third parties.

We have signed a data processing agreement with Brevo. This is an agreement in which Brevo commits itself to protect the data of our users, to process the data only on our behalf and in accordance with their privacy policy and especially not to pass the data to third parties.

9. Integration of third-party fonts and designs

We also use fonts provided by Google on our website. In order to be able to display these fonts correctly, a connection to the Google servers is established when our website is accessed and, in particular, the technical data mentioned in section 1 is transmitted. The legal basis for this integration is our legitimate interest in the error-free display of our website (Art. 6 para. 1 lit. f) GDPR). Further information on the use of your data by Google is available at https://adssettings.google.com/authenticated as well as at http://www.google.de/intl/de/policies/privacy.

We also use on our website fonts and designs from the FontAwesome service provided by Fonticons Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA. In order to display these fonts and designs correctly, a connection to Fonticons' servers is established when you access our website and, in particular, the technical data mentioned in section 1 is transmitted. The legal basis for this integration is our legitimate interest in the error-free display of our website (Art. 6 para. 1 lit. f) GDPR). For further information on the use of your data by Fonticons, please visit https://fontawesome.com/privacy.

10. Integration of videos and images

We integrate videos from the "Vimeo" platform on our website. Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York, NY 10011, USA. By integrating the videos, it is possible to display videos available on Vimeo directly on our website. In order to view the videos, it is necessary for us to transmit certain data (especially the technical data mentioned in section 1 to Vimeo servers. In this case, data processing is carried out in order to protect our legitimate interest in providing the videos you have expressly requested (Art. 6 para. 1 lit. f) GDPR). The data transfer takes place regardless of whether you have a Vimeo account or are logged in to it. However, if you are logged in to your Vimeo account, Vimeo can associate this information with your account. Please visit http://vimeo.com/privacy for more information about how Vimeo processes data.

We also integrate images offered through the "Instagram" service into our website. To display these images, a connection is established from your device to the Instagram server when you visit our website. This requires that technical data about your device be passed to the Instagram server. This serves our legitimate interest in making the website available to you in an appropriate form (Art. 6 para. 1 lit. f) GDPR). Instagram is offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

11. Integration of content delivery services

We use on our website the Content Delivery Network (CDN) of "jquery", which is developed by the jquery Team or the jquery Foundation. jquery is a Java Script library, which enables the retrieval of certain content used on the website from the CDN servers. This requires a connection from your device to these servers, including the transmission of the IP address. The legal basis for data processing is our legitimate interest in optimizing the performance of our website in accordance with Art. 6 para. 1 lit. f) GDPR.

12. Marketing campaigns

We may launch marketing campaigns on our social media profiles listed below or on other websites; e.g. through Google AdWords, on Facebook or Instagram. For this purpose, our respective advertising partner (e.g. Google, Facebook, and Instagram) will determine whether and how you react to advertisements placed by them. For this purpose, the respective advertising partner records the pseudonymous identification number assigned to your device and can track how you interact with the displayed advertisement (in particular, whether you click on it and reach our website). The respective advertising partner only provides us with aggregated overviews of the reach of the advertising campaigns we run. A corresponding evaluation by our advertising partner will only take place if you have given your prior consent. You can correct your consent at any time using our cookie management tool.

In addition, you can take technical measures to ensure that an evaluation is not carried out, e.g: Preventing the setting of third-party cookies in your browser; via the http://aboutads.info/choices platform, but only for IBA members. You can also revoke your consent to Google at the following link: http://www.google.com/settings/ads/plugin.

Use of Facebook Pixel
Our website uses the remarketing function "Custom Audiences" by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland "Facebook"). Meta Platforms Ireland and we are jointly responsible for the collection of your data and the transfer of this data to Facebook when the service is integrated. The basis for this is an agreement between us and Meta Platforms Ireland on the joint processing of personal data, in which the respective responsibilities are defined. The agreement is available at https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible in particular for the fulfilment of the information obligations in accordance with Art. 13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for compliance with the obligations in accordance with Art. 33, 34 GDPR, insofar as a violation of the protection of personal data affects our obligations under the agreement on joint processing. Meta Platforms Ireland is responsible for enabling the rights of the data subject in accordance with articles 15-20 of the GDPR, for complying with the security requirements of article 32 of the GDPR with regard to the security of the service, and for complying with the obligations of articles 33, 34 of the GDPR, insofar as a breach of personal data protection concerns Meta Platforms Ireland's obligations under the joint processing agreement. This application serves to address the visitor to the website with interest-related advertising on the social network Facebook. We have implemented Facebook’s remarketing tag on our website for this purpose. This tag sets up a direct connection to Facebook’s servers when you visit our website. This informs the Facebook server which of our web pages you have visited. Facebook assigns this information to your personal Facebook user account. When you visit the social network Facebook you will then be shown personalised, interest-related Facebook ads. Your data may be transmitted to the USA. For the USA, no adequacy decision from the EU Commission is available.The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://www.facebook.com/legal/EU_data_transfer_addendum. The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can find more detailed information on Facebook’s collection and use of data and your associated rights and options for protecting your privacy in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Use of Google Ads conversion tracking 
Our website uses the online marketing program "Google Ads", including conversion tracking (evaluation of user actions). Google conversion tracking is a service operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
If you click on adverts placed by Google, a cookie is placed on your computer for conversion tracking. These cookies have limited validity, do not contain any personal data and thus cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and were forwarded to this page. Every Google Ads customer receives a different cookie. It is therefore not possible to track cookies relating to the websites of Ads customers.
The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, they do not receive any information with which could be used to personally identify users.
Your data may be transmitted to the USA. For the USA, no adequacy decision from the EU Commission is available.The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks (https://policies.google.com/privacy/frameworks) and https://business.safety.google/adscontrollerterms/ (https://business.safety.google/adscontrollerterms/).
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You will find more information as well as Google's data privacy policy at: https://www.google.com/policies/privacy/ (https://www.google.com/policies/privacy/)
Use of the remarketing or "similar target groups" function by Google Inc. 
Our website uses the remarketing or "similar target groups" function by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
This application serves to analyse visitor behaviour and visitor interests.
Google uses cookies to analyse website use, forming the basis for producing interest-related adverts. Cookies allow for the recording of website visits as well as anonymised data on the use of the website. The personal data of website visitors is not saved. If you then visit another website in the Google display network you will then be shown adverts which are more likely to take previous areas of product and information interest into account.
Your data may be transmitted to the USA. For the USA, no adequacy decision from the EU Commission is available. The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks (https://policies.google.com/privacy/frameworks).
The data processing, particularly the placing of cookies, is carried out on the basis of Article 6(1)(f) GDPR due to our overriding legitimate interest in addressing visitors to the website with targeted, interest-related advertising. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out in accordance with Article 6(1)(f) GDPR.
You can deactivate the use of cookies with permanent effect by following the link below and downloading and installing the plug-in provided there: https://support.google.com/ads/answer/7395996?hl=de (https://support.google.com/ads/answer/7395996?hl=de)
Alternatively, you can deactivate the use of cookies by third parties by calling up the Network Advertising Initiative deactivation page at https://www.networkadvertising.org/choices/ (https://www.networkadvertising.org/choices/) and following the further opt-out instructions specified there.
You can find more detailed information on Google remarketing as well as the associated data privacy policy at: https://www.google.com/privacy/ads/ (https://www.google.com/privacy/ads/)

13. Profiles on social media platforms outside the website

In addition to the website, we also operate our own profiles on external social media platforms. If you connect or interact with our profile through these platforms, your data is collected and processed by the third-party platform and we may also gain insight into your interactions with our profile. This is done in accordance with the data protection policies applicable on the platform. It is possible that your data may be transferred to servers in the USA when using these platforms. In particular, it is possible that the operator of the respective platform may use your data to create statistical evaluations for us regarding the use of our profile or to present you with advertisements based on your behavior and to create corresponding profiles of you. The legal basis for data processing is, depending on the individual case, Art. 6 para. 1 lit. f) GDPR (legitimate interest in the operation of the platform or our profile or statistical evaluation of the use of the profile) or Art. 6 para. 1 lit. a) GDPR (in particular tracking and profiling).

We are active on the following social media platforms:

If you have any questions or would like to assert claims concerning the data processing by ourselves on these profiles, the explanations in the section for our website apply. With regard to such inquiries or the assertion of rights against the operator of the platform, please use the contact information in the mentioned data protection policies.