Privacy policy
--------------------
DATA PROTECTION DECLARATION
--------------------
1) INFORMATION
1.1 In the following section, we would like to inform you about how we handle your personal data when you use our website. By personal data, we mean all information that can be used to identify you personally.
1.2 Responsible for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is Glittery Shop, reachable at the email address support@glittery-shop.com. The responsible entity for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data as well as other confidential content (such as orders or inquiries). You can recognize an encrypted connection by the string "HTTPS://" and the lock symbol in the address bar of your browser.
2) DATA COLLECTION WHEN VISITING OUR WEBSITE
If you use our website for informational purposes only, that is, without registering or otherwise providing us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary to display the website to you:
The website accessed
Date and time of access
The amount of data sent in bytes
The source/reference from which you accessed the page
The browser used
The operating system used
The IP address used (if applicable, anonymized)
The processing of this data is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to review the server log files retrospectively if there are concrete indications of illegal use.
3) HOSTING
Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify") to host and display our online shop. This is done on the basis of a data processing agreement. All data collected on our website is processed on Shopify's servers. As part of the services provided by Shopify, there may also be a transfer of data to Shopify Inc. (150 Elgin St, Ottawa, ON K2P 1L4, Canada), Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc. In the event of a data transfer to Shopify Inc. in Canada, the European Commission ensures through an adequacy decision that an adequate level of data protection is guaranteed. More information on data protection at Shopify can be found on the following website: https://www.shopify.de/legal/datenschutz
The data is only processed on the servers mentioned above by Shopify and is only processed on other servers if this is communicated separately.
4) COOKIES
To optimize the visit to our website and make certain functions available, we use so-called cookies on various pages. These are small text files that are stored on your device. Some cookies we use are automatically deleted at the end of the browser session (so-called session cookies). Other cookies remain stored on your device and allow your browser to be recognized again on a subsequent visit (so-called persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP addresses. Persistent cookies are automatically deleted after a specified duration, which may vary depending on the cookie. You can find the duration of the respective cookie storage in your browser settings.
Some cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). To the extent that individual cookies also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the fulfillment of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of granted consent, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in optimal functionality of the website as well as a user-friendly and efficient design of the site visit.
Please note that you have the option in your browser to be informed about the setting of cookies, to decide individually on their acceptance, or to reject the acceptance of cookies for specific cases or in general. Each browser manages cookie settings differently. You can find out how to change your cookie settings in your browser's help function. Further information on cookie settings for common browsers can be found at the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Please note that if you reject cookies, the functionality of our website may be limited.
5) CONTACT
If you contact us (e.g. via a contact form or by email), personal data will be collected. You can find out which data is collected in the case of a contact form from the respective contact form. This data is used solely to respond to your request or to enable communication with you, as well as to manage technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, Art. 6 para. 1 lit. b GDPR provides another legal basis. Your data will be deleted after your request has been finally processed, unless there are legal retention obligations.
6) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING
In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed when you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen in the respective input forms. Deleting your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the responsible party. We store and use the data you provided exclusively for contract processing. After the complete execution of the contract or deletion of your customer account, your data will be blocked in consideration of tax and commercial law retention periods and deleted after these periods expire, unless you have expressly consented to further use of your data or a legally permitted further data use has been reserved by us.
7) USE OF CUSTOMER DATA FOR DIRECT MARKETING
Sign up for our email newsletter
When you sign up for our email newsletter, you will regularly receive information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you the newsletter once you have explicitly confirmed that you wish to receive it. We will then send you a confirmation email, asking you to confirm by clicking on a corresponding link that you would like to receive the newsletter in the future.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When signing up for the newsletter, we store the IP address registered by the Internet Service Provider (ISP) as well as the date and time of registration to be able to trace any potential misuse of your email address at a later time. The data collected during the newsletter registration will be used exclusively for the purpose of advertising communication via the newsletter. You can unsubscribe from the newsletter at any time via the designated link in the newsletter or by sending a corresponding message to the mentioned responsible party. After unsubscribing, your email address will be immediately removed from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve a further data use that is legally permitted and of which we inform you in this declaration.
8) DATA PROCESSING FOR ORDER PROCESSING
8.1 To process your order, we work with the service provider listed below, who supports us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
The personal data we collect will be passed on to the transport company commissioned with the delivery as part of the contract processing, as far as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution as part of the payment processing, provided this is necessary for the payment processing. If payment service providers are used, we will explicitly inform you about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.
8.2 Use of Payment Service Providers (Payment Services)
Apple Pay
If you choose the payment method “Apple Pay” from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is done through the “Apple Pay” function of your device running iOS, watchOS, or macOS by charging a payment card stored in “Apple Pay”. Apple Pay uses security features that are integrated into the hardware and software of your device to protect your transactions. Therefore, to authorize a payment, you need to enter a code that you have previously set and verify using the “Face ID” or “Touch ID” feature of your device.
For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, is transmitted in encrypted form to Apple. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for processing the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the success of the payment.
If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.
When you use Apple Pay on the iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you. You can disable the option to use Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay" and disable "Allow payments on Mac."
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/ht203027
Google Pay
If you choose the payment method “Google Pay” of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, the payment processing is carried out through the “Google Pay” application of your mobile device, which operates with at least Android 4.4 (“KitKat”) and has an NFC function, by charging a payment card stored in Google Pay or a verified payment system there (e.g., PayPal). To authorize a payment via Google Pay of more than 25,- €, it is necessary to unlock your mobile device beforehand using the respective verification method set up (such as facial recognition, password, fingerprint, or pattern).
For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, which verifies that a payment has been made. This transaction number contains no information about the actual payment data of your payment method stored in Google Pay, but is created and transmitted as a one-time valid numerical token. In all transactions via Google Pay, Google acts solely as an intermediary for processing the payment. The execution of the transaction occurs exclusively between the user and the originating website by charging the payment method stored in Google Pay.
If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Google reserves the right to collect, store, and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description for the reason for the transaction, and any associated offer.
According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR based on the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.
Google also reserves the right to combine the processed transaction data with additional information collected and stored by Google when using other Google services.
The terms of use for Google Pay can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?LDO=0&LDT=GooglePayTOS&LDL=de
Further data protection information can be found at the following internet address: https://payments.google.com/payments/apis-secure/get_legal_document?LDO=0&LDT=PrivacyNotice&LDL=de
Klarna
When selecting a Klarna payment service, the payment processing is carried out by Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as "Klarna"). In order to enable the processing of the payment, your personal data (first and last name, street, house number, postal code, city, gender, email address, phone number, and IP address) as well as data related to the order (e.g., invoice amount, items, delivery method) will be shared with Klarna for the purpose of identity and credit verification, provided you have explicitly consented to this in accordance with Art. 6 para. 1 lit. a GDPR during the ordering process. You can see which credit agencies your data may be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but is not limited to, address data. Klarna uses the obtained information about the statistical probability of a payment default for a balanced decision regarding the establishment, execution, or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the controller responsible for data processing or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for the contractual payment processing.
Your personal information will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
processes.
PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we will pass your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer is carried out in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for the payment processing.
PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. Here
RIGHTS OF DATA SUBJECTS
9.1 The applicable data protection law grants you comprehensive rights regarding the processing of your personal data by the controller (rights of access and intervention). Below we inform you about your rights:
Right of access according to Art. 15 GDPR: You have the right to obtain information about which personal data we process from you. This includes, among other things, the purposes of processing, the categories of processed data, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage duration or the criteria for determining the storage duration, the existence of a right to rectification, deletion or restriction of processing, objection to processing, the right to lodge a complaint with a supervisory authority, the origin of the data if it was not collected directly from you, the existence of automated decision-making including profiling and, if applicable, further information about the logic used and the consequences of this processing for you as well as your right to be informed about any guarantees under Art. 46 GDPR when your data is transferred to third countries.
Right to correction pursuant to Art. 16 GDPR: You have the right to request the correction of inaccurate data or the completion of incomplete data that we have stored about you without delay.
Right to deletion pursuant to Art. 17 GDPR: You have the right to request the deletion of your personal data if the conditions of Art. 17 para. 1 GDPR are met. However, this right does not exist if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims.
Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of the data you dispute is being verified or if you refuse the deletion of your data due to unlawful processing and instead request the restriction of processing, if you need your data for the assertion, exercise, or defense of legal claims or if you have lodged an objection for reasons of your particular situation, as long as it has not yet been decided whether our legitimate grounds outweigh.
Right to information pursuant to Art. 19 GDPR: If you have asserted the correction, deletion, or restriction of the processing of your personal data against us, we are obliged to inform all recipients to whom your data has been disclosed of these changes, unless this is impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller, as far as this is technically feasible.
Right to withdraw consent given pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of your data at any time with effect for the future. In the event of withdrawal, we will delete the affected data immediately, unless further processing can be carried out on another legal basis.
Right to lodge a complaint under Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state where you have your residence, work, or where the alleged violation occurred.
9.2 Right to object
If we process your personal data in the context of a balancing of interests based on our overriding legitimate interest, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future.
If you exercise your right to object, we will cease processing the affected data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
If your personal data is processed by us for direct marketing purposes, you have the right to object to the processing of your personal data for the purpose of direct marketing at any time. You can exercise the objection as described above.
If you exercise your right to object, we will cease processing the affected data for direct marketing purposes.
10. DURATION OF STORAGE OF PERSONAL DATA
The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and, where applicable, the respective statutory retention periods (e.g. commercial and tax retention periods).
If personal data is processed on the basis of explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, this data will be stored until the affected person withdraws their consent.
If there are statutory retention periods for data processed in the context of contractual or similar obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, unless it is still necessary for the fulfillment of the contract or the initiation of a contract and/or there are no legitimate interests in further storage.
If personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until the affected person exercises their right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the affected person, or the processing is necessary for the establishment, exercise, or defense of legal claims.