Privacy Policy
1. General Information on the Collection of Personal Data
(1) The following privacy policy explains how the personal data that is transmitted when using the website or the offers is handled. Personal data is all data that can be related to the customer personally, e.g. name, address, e-mail addresses or user behavior.
(2) Controller pursuant to Art. 4 No. 7 GDPR:
Paint of Harmony
Nele Boniakowsky
Germany
E-Mail: info@paintofharmony.com
2. Rights of Data Subjects
(1) The following rights apply with regard to the customer's personal data:
- Right of access (Art. 15 GDPR) to the customer's personal data processed by the owner of the website;
- Right to rectification (Art. 16 GDPR) or completion of the customer's personal data processed by the owner of the website;
- Right to erasure (Art. 17 GDPR) of the customer's personal data processed by us, unless processing is exceptionally required under Art. 17 (3) GDPR;
- Right to restriction of processing (Art. 18 GDPR);
- Right to information (Art. 19 GDPR);
- Right to data portability (Art. 20 GDPR);
- Right to withdraw consent once given (Art. 7 para. 3 GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
(2) In addition, the customer has the right to lodge a complaint with a data protection supervisory authority if they believe that the processing of their personal data is unlawful. These are the state commissioners for data protection; the contact person responsible for the customer can be found at the following URL, for example: Online-Beschwerde | Der Landesbeauftragte für den Datenschutz Niedersachsen
Objection to the Processed Data
Insofar as the processing of personal data is based on the balancing of interests, the customer may object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with the customer, which is shown in each case in the corresponding description of the functions. When exercising such an objection, the customer is asked to explain the reasons why the customer's personal data should not be processed as carried out. In the event of a justified objection, the situation will be examined and either the data processing will be discontinued or adapted or the customer will be shown the compelling reasons worthy of protection on the basis of which the processing will be continued.
Of course, the processing of personal data for advertising and data analysis purposes can be objected to at any time. Objections can be sent to the following e-mail address: info@paintofharmony.com
3. Data Security
As data security is a top priority, personal data is transmitted using secure SSL or TLS encryption/connection. TLS (Transport Layer Security) or its predecessor SSL (Secure Socket Layer) is a protocol for encrypting data transmissions on the internet. This protects personal data from unauthorized access. The encryption of the connection can be recognized in the browser line by the character "https//:" or the lock symbol.
In addition, the website and other systems are protected by technical and organizational measures against loss, destruction, access, modification or dissemination of data by unauthorized persons. Despite regular checks, however, complete protection against all risks is not possible.
4. Visiti of the Website
When using the website for information purposes only, i.e. if the customer does not register or otherwise transmit information, only the personal data that the browser transmits to the server is used. As soon as the customer requests a file from the website, access data is collected and stored by default.
This data set consists of:
- the page from which the file was requested,
- the name of the file
- the date and time of the request
- the amount of data transferred in each case,
- the access status / HTTP status code (i.e. whether the file was transferred or possibly not found, etc.)
- a description of the type and version of the web browser used
- the installed operating system and the set resolution.
This data is required to display the website and to ensure stability and security. It is also analyzed for internal statistical purposes and for the technical administration of the website. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest follows from the aforementioned purposes of data collection.
5. Using the Online Store
(1) If an order is to be placed in the online store, the customer must provide personal data during the ordering process such as
- Name
- Address
- E-mail address
Which data is collected for this purpose can be seen from the respective input masks, whereby the necessary mandatory information is specially marked in each case. All other information is voluntary.
The provision of personal data serves the purpose and is necessary to the extent that it is required for the conclusion of the contract and the processing of the order. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.
(2) The customer has the option of creating a customer account. For the purpose of using his personal data for further, subsequent orders, the data provided by him will be stored and processed on a revocable basis. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.
(3) Due to the requirements of commercial and tax law, there is an obligation to store the customer's address, payment and order data for a period of ten years. The data will therefore not be completely deleted even if storage is no longer required for the contract concluded. However, processing will be restricted to the extent necessary to comply with legal obligations. The legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.
(4) The data transmitted by the customer in the course of his order will be used exclusively for processing his order.The external service providers named below are used to process the order:
(a) For the delivery of the goods, the customer's address data must be passed on to the parcel service provider. They are obliged to treat the data confidentially and to store and use it exclusively for the purpose of delivery and to delete it again after successful delivery. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.
(b) For payment processing, the payment data will be passed on to the commissioned credit institution or the selected payment service provider. The legal basis for the transfer of data is Art. 6 para. 1 sentence 1 lit. b GDPR.
The payment data is transmitted to the relevant payment service provider depending on the payment method selected by the customer. The payment service provider is responsible for your payment data. Information, in particular about the responsible body of the payment service providers and the categories of personal data processed by the payment service providers, can be found at the following Internet addresses
PAYPAL:
When paying by PayPal, the data required for the payment will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal reserves the right to carry out a credit check for certain payment methods. Information on identity verification at PayPal and data exchange with credit agencies (credit report) can be found here: https://www.paypal.com/de/webapps/mpp/ua/creditchk.The legal basis for PayPal is Art. 6 para. 1 sentence 1 lit. f GDPR based on the legitimate interest in determining your solvency. Further information can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full[https://www.paypal.com/de/webapps/mpp/ua/privacy-full]
6. Contact via E-Mail or Contact Form
(1) Personal data is collected and stored when the customer contacts us by email or via the contact form on the website. Which personal data is collected when contact is made via the contact form can be seen from the contact form. When contacting us by email, the following personal data is collected and stored: email address and email text as well as other voluntarily provided data.
(2) The data provided by the customer is used exclusively to process the contact. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR or our legitimate interest in responding to the request in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
(3) If storage is no longer required, all personal data collected in this context will be deleted. If there is a statutory retention obligation, processing will be limited to this purpose. The legal basis is Art. 6 para. 1 lit. c GDPR.
7. Cookies
(1) This website uses cookies. Cookies are small text files that the Internet browser stores on the end device (PC, laptop, tablet, smartphone, etc.). They are used to make the use of the website more pleasant and convenient for the visitor or for analytical purposes. When the website is called up again, the cookies make it possible to recognize the end device used. Among other things, this means that data entered by the visitor is available when the form is filled out again or the order process for items already placed in the shopping cart can be continued. If the cookies are used for the purpose of concluding or executing the contract, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. If the cookies are used to ensure the legitimate interests in the pleasant and convenient functionality as well as analysis and improvement of the website, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
(2) This website uses the types of cookies listed below:
In most cases, cookies are used that are automatically deleted from the hard disk after the browser is closed or when you log out (transient cookies, in particular session cookies).
Other cookies remain on the end device used and ensure that the end device is recognized on the next visit (so-called persistent or permanent cookies). These cookies are automatically deleted by the system after a preset period of time, which differs depending on the cookie.
(3) The storage of cookies can be changed at any time in the browser settings, e.g. the acceptance of cookies as a whole, of third-party cookies (cookies that are set by a third party, i.e. not by the actual website on which you are currently located) or of individual cookies can be refused or deleted. However, it should be noted that in this case it may no longer be possible to use the website to its full extent. For the security and privacy of the visitor, it is recommended to delete the cookies on the end device and the browser history at regular intervals.
8. ANALYSETOOLS
The following tracking measures are used on the website in order to analyze and regularly improve the use of the website. The statistics obtained can be used to improve the offer and make it more interesting for the user, measure the success of the advertising measures and optimize the advertising measure. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, whereby our legitimate interest arises from the aforementioned purposes.
GOOGLE ANALYTICS
This website uses Google Analytics, a web analytics service provided by Google LLC (Google). Google Analytics uses so-called cookies (see also above under "Cookies" of this privacy policy), which are text files that are stored on the computer and that enable an analysis of the use of the website by the visitor.
The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Please note that this website uses Google Analytics with the extension "_anonymizeIp()" and the IP addresses are therefore only processed in abbreviated form so that they cannot be traced back to specific individuals.
Google will use this information on behalf of the operator of this website for the purpose of evaluating the use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by the browser as part of Google Analytics will not be merged with other Google data. The storage of cookies can be prevented by setting your browser software accordingly; please note that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de[https://tools.google.com/dlpage/gaoptout?hl=de].
You can also prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie is set which prevents the future collection of data when visiting this website:
Deactivate Google Analytics
Google also processes personal data in the USA and has submitted to the EU-US Privacy Shield, which ensures compliance with the level of data protection applicable in the EU, https://www.privacyshield.gov/EU-US-Framework.
Further information on terms of use and data protection can be found at http://www.google.com/analytics/terms/de.html[https://www.google.com/analytics/terms/de.html] and https://www.google.de/intl/de/policies/privacy[https://www.google.de/intl/de/policies/privacy].
9. Storage Duration of Personal Data
The storage period of personal data depends on the respective statutory retention period (e.g. retention periods under commercial and tax law). Once the statutory retention periods have expired, the respective personal data will be deleted as long as and to the extent that the personal data is not required for contract fulfillment or contract initiation or there is no longer a legitimate interest in storing it.
10. Transfer of Data in other Respects
(1) In some cases, external service providers are used for the data required for processing and for the provision of this website. These have been carefully selected and commissioned, are bound by instructions and are regularly monitored.
(2) In addition, personal data will only be passed on to third parties in the following cases
- if express consent has been given for this in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, or
- if there is a legal obligation for disclosure in accordance with Art. 6 Para. 1 S. 1 lit. c GDPR, e.g. in the context of criminal prosecution or
- the disclosure in accordance with Art. 6 para. 1 sentence 1 lit. f is necessary for the purpose of asserting or defending legal claims or exercising rights and it cannot be assumed that the disclosure conflicts with an overriding interest of the data subject worthy of protection.