DATA PROCESSING CONTROLLER
Controller for the purposes of the GDPR and other provisions related to data protection is:
VERDEN Studios GmbH
Pfälzer-Wald-Straße 65 (Rückgebäude)
phone: +49 89 60060561
Management: Anna Brand
We collect, store and process your personal data whenever you voluntarily provide them to us when placing an order or contacting us. This applies to
- The entire handling of your purchase, including any later warranty claims,
- The technical administration of our services,
- Own marketing purposes,
- Our internal statistical analyses.
SCOPE AND DEFINITIONS
This Data Protection Policy applies to all users of our website www.verden-studios.com. We collect, use and process your personal data, such as name, address, e-mail address, or telephone number in accordance with the provisions of the General Data Protection Regulation (GDPR) and in accordance with the German data protection regulations. This privacy declaration is based on the terms used by the European legislator for the adoption of the GDPR (Art. 4).
In accordance with Art. 13 GDPR we are informing you about the legal basis with regards to our data processing. In case there is no other basis mentioned, the following applies:
- your consent (Art. 6 (1a) lit of the GDPR)
- for the execution of a contract with you, as well as for carrying out pre-contractural measures, for example in case of questions regarding our products (Art. 6(1b) lit of the GDPR)
- if we are subject to a legal obligation for which personal data is required, such as for the fulfillment of tax obligations (Art. 6 (1c) lit of the GDPR)
- in the unlikely case that personal data processing may be necessary to protect vital interests of you or any other natural person (Art. 6 (1d) lit of the GDPR)
- legitimate interests (art. 6(1f) of the GDPR), specifically for the improvement of our services, protection against misuse and for statistical purposes.
DATA GATHERING AND RETENTION OF LOGFILES
You can visit our online-shop without disclosing any personal details. We do save only your access data without any reference to your personal identity, so-called log files. This data is the sort of URL of the referring site or the file called up, date and time of your access, amount of data transferred, name of provider, as well as the type and version of browser. This information serves the purpose of improving the services offered at our website and its advertisement, secure an error free operation of our online shop and to provide law enforcement authorities with the information necessary for criminal prosecution in case of cyber-attacks. The anonymous data of the server log files are stored separately from all personal data provided.
DATA GATHERING AND USAGE OF PERSONAL DATA
We only collect your personal data when you provide it voluntarily to us, e.g. in the course of an order. Personal data refers to contact information, including your Email address, your bank account details or online identifiers. Whenever you visit a website, your web browser sends back basic information (for example about your browser type and version, the operating system you are using, the referrer URL, IP address, file names, access status, transferred data volumes, date and time of the server request. This personal data will be primarily used for the purpose of processing your order and to fulfil our contractual obligations. This data is treated with great care and in confidence, transferred in an encrypted way as well as not given to any third party that takes no part in our delivery or payment process. Internet-based data transmissions may however always have security gaps. We therefore cannot guarantee absolute protection. You are therefore welcome to transfer personal data to us via alternative means, such as telephone.
VERDEN Studios uses the eCommerce platform „Shopify“, that has been developed and is operated by Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Kanada, K1N 5T5 (hereinafter „Shopify“). Shopify provides VERDEN Studios with an online shop platform that is used to market and sell our products. Your stock and usage data is safed on the servers of Shopify. Further information on the related privacy can be found within the privacy declaration of Shopify and the following link: https://www.shopify.com/legal/privacy
Further information on how Shopify processes European customers‘ data can be found here: https://www.shopify.com/legal/dpa?utm_source=exacttarget&utm_medium=email&utm_campaign=support&utm_content=gdpr
STORAGE PERIOD, ROUTINE ERASURE & DELETION OF PERSONAL DATA
We process and store your personal data only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator. The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted. The deletion of personal data is pursued if no legal obligation prohibits this step or when you apply for their deletion explicitly. Please contact us for furhter questions via firstname.lastname@example.org.
DATA PROCESSING BY THIRD PARTIES
Under no circumstances, we will sell or rent out your personal data to third parties. We do process your data to selected service providers (eg. logistics service providers, web-hosting providers, banks, etc.), in order to process your order and the delivery of the goods but only as long as you have agreed before. This is based on a legal permission (e.g. if a data transfer is required for fulfilling the contract to a third-party, e.g. payment providers accodring to Art. 6 (1) lit d GDPR), on your explicit agreement, if legally required or based on our eligible interests (e.g. use of agents, webhosts, etc.). In case we work with third parties outside the EU when processing your order, we will only transfer your personal data to the purpose of processing the order and/or to process the payment. In case we instruct a third party with the processing of personal data on the basis of a order data processing contract, this is based on Art. 28 GDPR.
For your order we need your correct name, address, phone number and payment data. We will use e.g. your mail address to confirm your order receipt and to communicate with your subsequently. In addition, you will receive your order and shipping confirmation to your mail address.
1. External payment providers
We use external payment providers for processing your payments.
For details, see the following links:
We use those payment providers based on Art. 6 (1) b GDPR. We also work together with those payment providers in order to offer you an effective and safe way of conducting payments (in accordance with Art 6 (1) b GDPR. Data processed by external payment providers are e.g. name, address, bank data, such as account number, passwords, TANs, control numbers, etc. The data is necessary in order to process the transactions and is only used by the payment provider chosen by you during the check out process. This means that we do not receive any account or credit card related information, but only the information if the payment went through or not. It is possible that the personal data has to be forwarded by the payment provider in order to check your identity or solvency. We therefore advise you to check out the privacy section and terms and conditions of your payment provider chosen.
2. Administration & financial accounting
We process your data as part of administrative tasks and financial accounting in order to fulfill legal requirements, such as archiving. We thereby process the same data, we use for fulfilling our contracts. This is based on Art. 6 (1) lit. c and f GDPR. We therefore share our data with our tax accountants, auditors or payment providers.
We use our hosting provider for infrastructure- and platform services, computing capacity, data storage space and database services, security services as well as technical maintenance services. We or the hosting provider therefore process personal data based on our interest to offer you an efficient and safe online offering based on Art. 6 (1) lit. f GDPR together with Art. 28 GDPR.
DATA PROCESSING TO THIRD COUNTRIES
EU data protection rules apply to the European Economic Area (EEA), which includes all EU countries and non-EU countries Iceland, Liechtenstein and Norway.
When personal data is transferred outside the European Economic Area, special safeguards are foreseen to ensure that the protection travels with the data. We only process data to third countries if we are allowed by law or contract based on Art. 44 and following GDPR. The processing is based on guarantees ensuring standards of data security similar to the EU level (e.g. „Privacy Shield“ for the US). Data transferred in this way can only be used by our service providers to perform their tasks. Any other use oft he data is not allowed and does not occur with any of our trusted service providers.
Within the operations of our online shop we are using “cookies”. Cookies are small pieces of data that are stored on the respective device you are using. We are using this data for analysis purposes since they allow us to optimize the functionalities and the shopping experience of our website. Therein, we comprise usage data such as the length of the session, the transactions completed as well as the pages visited. They also allow us to offer you to save your online shopping cart, recognize which country you are from and to recognize you when you visit the store again. The cookies we use do not collect any information that allows us to trace or identify your personal identity. Beyond that you can configure your browser as such that you are informed when cookies are being collected and also first agree on the collection of cookies or not. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs
USE OF SOCIAL PLUGINS BY FACEBOOK
On our website so-called social plugins („Plugins“) of the social network facebook.com are being used. This service is offered and operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked by a Facebook logo or a supplementary information. An overview of the plugins and their look can be found here: https://developers.facebook.com/docs/plugins/. A data transfer is only happening when you activate the plugins and agree explicitly on this data transfer. After having accepted the data transfer, your browser is creating a direct connection to the servers of Facebook. This procedure transfers to Facebook the information (incl. your IP address) that you visited our website. In case you are logged in to your Facebook account at the same time this information is linked to your user profile. This also happens when using the plugins such as the „like“ button. Related information will be directly transferred to and stored on the Facebook server. In case you do not want to have a direct transfer of data between our website and Facebook, you should log out of your personal Facebook profile before entering our website.
Further information on data generation as well as the further processing and usage of data by Facebook also related to your rights and configuration options to protect your privacy can be found here: http://www.facebook.com/policy.php.
In case you do not want, that Facebook allocates the information from your website visit to your account, you need to log off from your Facebook account before you visit our website. Alternatively, you can block the functioning of the Facebook Plugins using add-ons of your browser, by using „Facebook Blocker“ (http://webgraph.com/resources/facebookblocker/), for instance.
USE OF PINTEREST
On our website the buttons of the web service Pinterest (“Pin It”) are being used. Pinterest is operated by Pinterest Inc., 808 Brannan Str., San Francisco, CA 94103, USA. The buttons of Pinterest enable you to share the respective articles or products on your pinterest board. An overview of all Pinterest Plugins and their look can be found here: https://developers.pinterest.com/docs/getting-started/introduction/.
In case you access a website, that contains such a plugin, the browser initiates a direct connection to the servers of Pinterest. The content of the plugin will be directly transferred to your browser and embedded to the site. Thereby, Pinterest gets the information that your browser has opened the specific site of our content even if you do not own a Pinterest account or are not logged in to your account on Pinterest. This information (including your IP address) will be transferred from your browser directly to Pinterest's server in the US and is stored there. In case you are logged into your Pinterest account, the visit to our website can be directly linked to your account. Further, in case you interact with the plugin, by clicking the "Pin it"- Button for instance, the relevant information will be also directly transferred to the server of Pinterest and save there. This information is also published on Pinterest and shown to your related contacts on the platform. The use and scope of data usage as well as the further processing of data by Pinterest and your relevant rights and configuration options to protect your privacy can be taken from the privacy terms of Pinterest: https://about.pinterest.com/de/privacy-policy.
In case you do not want, that Pinterest allocates the information from your website visit to your account, you need to log off from your Pinterest account before you visit our website. Alternatively, you can block the functioning of the Pinterest Plugins using add-ons of your browser, by using a script blocker (e.g. „NoScript“ - http://noscript.net/), for instance.
USE OF INSTAGRAM On our website, we use so-called social plugins provided by the social network Instagram. That service is provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram“). The use of an Instagram plugin is indicated by an Instagram logo or by the written notice “social plugin by Instagram” or “Instagram Social Plugin” on the individual page. You can find an overview over the possible plugins and their design via http://blog.instagram.com/post/36222022872/introducing-instagram-badges. Any access to one of our webpages using an Instagram plugin triggers a direct data transmission to the servers of Instagram. The content provided through the plugin will be send to the browser and directly integrated on the displayed page. Instagram thereby receives the information that you have access the specific page, even when you do not possess an Instagram account or are not logged in to your account. The information, including your IP-address will be sent directly to the servers of Instagram in the United States and may be stored and processed there. The transmission of data occurs regardless of whether you click on a component of our webpage or not. If you a logged in to Instagram, Instagram may attribute that data to your personal account. If you any of the functions of the plugin, e.g. by clicking on the “like” button or by posting a comment, that information will also be sent to and stored on the servers of Instagram. The information may also be published on your personal profile or shown in the feeds of your Instagram friends. You can inform yourself about the purpose and extent of the collection, storage and processing of your personal data by Instagram and the relevant settings in your personal account by visiting https://help.instagram.com/155833707900388. If you wish to prevent the attribution of data about your access to our website to your personal account by Instagram, you must log out of your personal account. If you wish to prevent the transfer of your personal data to and storage of that data by Instagram may use browser add-ons available for your individual browser, such as the tool “NoScript” (http:// noscript.net/).
RIGHT TO OBTAIN, REVOCATION AND CONTACT
As a user you have the right granted by the European legislator to receive information on your personal data that we retain with us at no cost without delay. Further, you have the right of confirmation, right of access, right of rectification, right of revocation (based on Art 7 (3) GDPR), right of erasure, right of restriction of processing, right of data portability, right to object, automated individual decision-marking (including profiling) and the right to withdraw data protection consent (Art. 15, 16, 17, 18, 20 GDPR). You have the right to get incorrect data entries corrected, block and delete data as long as there is no legal obligation to retain this data. In case of related questions please contact us at email@example.com.
Furthermore, you have the right to file a complaint with the responsible regulating authority according to Art. 77 GDPR.
CHANGES AND UPDATES
We reserve the right to modify this privacy statement at any time in order to adapt it either to changes in our service offerings or to changes in the legal Environment.