1. general information
The protection of your personal data when it is collected, processed and used during your visit to our website is important to us. Your data is protected in accordance with the statutory provisions. Below you will find information on what data is collected during your visit to the website and how it is used.
is responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR):
lavendels GbR
Authorized representatives: Moritz Wessel and Petra Werner
Kreuzstraße 13
80331 Munich
Germany,
Phone: 0049-(0) 89 89 311 788
Email: [email protected]
This website uses SSL encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders). If the page is accessed with www(http://www.lavendels.de or .com), you will be redirected to https://www.lavendels.com . If the website is accessed without www(http://lavendels.de or .com), it will also be redirected to https://lavendels.com .
In addition, we secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or dissemination of your data by unauthorized persons. Despite regular checks, however, complete protection against all risks is not possible.
2. collection and storage of personal data and type and purpose of use
Every access to our homepage and every retrieval of a file stored on the homepage is logged. The storage serves internal system-related and statistical purposes. The following are logged Referrer, requested website or file, browser type and browser version, operating system used, device type used, time of access and IP address in anonymized form (only used to determine the location of access). The data is not passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
Further personal data is only collected if you provide this information voluntarily, for example as part of an order or inquiry.
2.2 Making contact
Personal data is collected when you contact us by e-mail or telephone. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
2.3 Data processing in the context of order processing
In order to process your order, we work together with the following service providers who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the scope of payment processing, insofar as this is necessary for payment processing.
2.3.1 Forwarding of personal data to shipping service providers:
DHL Paket GmH and Deutsche Post AG
If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchenweg 10, 53113 Bonn) or Deutsche Post AG (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will only pass on the name of the recipient and the delivery address to DHL or Deutsche Post AG for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of goods.
2.3.2 Forwarding of personal data to payment service providers:
Paypal
When paying via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for payment processing. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
3. google analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
Google Analytics uses so-called "cookies", text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transferred to a Google server in the USA and stored there. This website uses Google Analytics exclusively with the extension that ensures anonymization of the IP address by shortening it and excludes direct personal reference. The extension means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
Google LLC, based in the USA, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. You can find more information on how Google Analytics handles user data in Google's privacy policy.
4. rights of the data subject
The applicable data protection law grants you comprehensive data subject rights (information and intervention rights) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:
4.1. right to information pursuant to Art. 15 GDPR
In particular, you have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries.
4.2. right to rectification pursuant to Art. 16 GDPR
You have the right to obtain without undue delay the rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us.
4.3. right to erasure pursuant to Art. 17 GDPR
You have the right to obtain the erasure of your personal data where the requirements of Art. 17 (1) GDPR are met. However, this right does not apply in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
4.4 Right to restriction of processing pursuant to Art. 18 GDPR
You have the right to demand the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified, if you refuse to delete your data due to unauthorized data processing and instead demand the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail.
4.5. right to information in accordance with Art. 19 GDPR
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
4.6. right to data portability pursuant to Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where technically feasible
4.7. right to withdraw consent pursuant to Art. 7 (3) GDPR
You have the right to withdraw your consent to the processing of data at any time with effect for the future. Upon revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
4.8. Right to lodge a complaint pursuant to Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
5. right of objection
If we process your personal data as part of a balancing of interests on the basis of our overriding legitimate interest, you have the right to object to this processing at any time with effect for the future on grounds relating to your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms or if the processing serves the establishment, exercise or defense of legal claims.
If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. You can exercise your objection as described above. If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.
6. Duration of storage of personal data
The duration of the storage of personal data is determined by the respective statutory retention period (e.g. retention periods under commercial and tax law). After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation and/or we have no legitimate interest in further storage.
7 Updating and amending this privacy policy
This privacy policy is currently valid and was last updated in May 2018. Due to changes in legal or regulatory requirements, it may be necessary to amend this privacy policy. You can access the current data protection declaration at any time on our website under the heading "Data protection".