Hereinafter we inform you about the nature, scope and purpose of the processing of your personal data when using our online shop at “www.umbellina.com”. Personal data is any information that relates to an identified or identifiable natural person.
The person responsible (“Controller”) within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. Controller within the meaning of the GDPR for the personal data processed by this shop is Umbellina – Catherine von Specht, Untermainkai 31, 60329 Frankfurt am Main, phone +49 1752715264, e-mail email@example.com (hereinafter “we”).
2. When you visit our web site
When you visit our website, our server collects the following information from your device: browser type and version, operating system used, the previously visited web page, IP address, and time of the page view.
We collect and process this data in order to ensure the trouble-free operation of our website and to detect, fend off and prosecute a misuse of our services. Furthermore, we use the collected data for statistical purposes to evaluate, for example, by which devices and browsers our shop is accessed in order to improve and adapt our offer to our customers’ needs on an ongoing basis. This data processing is based on Article 6 par. 1 f GDPR.
We will delete the aforementioned data no later than twelve months after they have been collected.
3. When you place an order
When you place an order in our online shop, we process your name, the delivery address, and your e-mail address, as entered by you during the ordering process. We will also process any additional information provided by you voluntarily during the ordering process (such as a differing billing address or a telephone number).
We process this data electronically for the proper performance of the contract, in particular for shipping, invoicing, accounting, and processing of returns and complaints. Where we are obligated to provide you with updates for a digital product or for a product with digital elements, we will process your contact information for this purpose as well. This data processing is based on Article 6 par. 1 b GDPR.
We store this data until all mutual claims arising from the respective contractual relationship with you have been completely settled and the commercial and fiscal retention periods to which we are subject have expired.
To conclude a contract between you and us, it is necessary that we receive your name, delivery address and e-mail address. The necessity of providing this data arises from various statutory regulations (eg. § 312i par. 1 and 3 BGB [German Civil Code], § 14 par. 4 UStG [German Turnover Tax Act]. Without providing this data, you cannot conclude a contract with us.
We refrain from using automated decision-making or profiling for deciding whether or not to conclude a contract.
4. Customer Account
You may, optionally, open a customer account in our online shop. For the data required and processed by us, please refer to the input form for opening the customer account. The customer account will be set up at your request only. Therefore, your consent is the legal basis for processing your account data (Article 6 par. 1 a GDPR). We keep the account data stored until you close the account or you ask us for its closure. For personal data connected to contracts already concluded by you, the retention periods given in section “If you place an order” apply independently from the existence of your customer account.
5. Shipping and Payment
When we ship physical goods in order to perform a contract, we may transmit the recipient’s name and address, and, if you have given your consent, your e-mail address, to Deutsche Post (Deutsche Post AG, 53113 Bonn) or DHL (DHL Paket GmbH, 53113 Bonn) as our shipping service provider for the purpose of delivering the shipment, including, if applicable, a prior e-mail notification of the expected time of delivery, and, if necessary, for returns back to us, on the basis of Article 6 par. 1 b GDPR.
Upon receipt of a payment, we process the data transmitted to us by the payment service provider.
This data processing takes place according to Article 6 par. 1 b GDPR. We shall store this data until all mutual claims arising from the respective contractual relationship with you have been completely settled and all commercial and fiscal retention periods to which we are subject have expired.
For the operation of our website on the Internet, we use technical services provided by 1&1 (1&1 Internet AG, 56410 Montabaur) as Processor according to Article 28 GDPR.
7. Contacting us
If you use a contact or chat form on our website, we will process the data input by you; this may be, besides your message as such, your name and your e-mail address.
If you send us a message by e-mail, we will save your message along with the sender details (your name, e-mail address, and any additional information added by your e-mail program) in order to be able to answer it and also to respond to possible subsequent questions (legal basis: Article 6 par. 1 f GDPR). For reception, storage and sending of e-mails, we use an e-mail provider who acts for us as a processor in accordance with Article 28 GDPR.
This data processing is based on our legitimate interest to answer your request and handle possible follow-up requests from you (Article 6 par. 1 f GDPR). We will erase the information collected from your message no later than twelve months after the last communication with you on your request, subject to the provision in the following paragraph.
If you send us a message with information legally relevant for the contractual relationship (e.g. a withdrawal or a complaint), the legal basis for the processing is Article 6 par. 1 b GDPR, regardless of how you transmitted your message to us. In such a case, we will erase the data related to your message as soon as all mutual claims arising from the contractual relationship have been completely settled and the commercial and fiscal retention periods have expired.
This data processing is carried out on the basis of your consent (Article 6 par. 1 a GDPR).
9. Google Services
As far as you have given your consent, we use certain Google services on our website. If you visit our shop from a location within the European Union, Norway, Iceland, Liechtenstein or Switzerland “Google“ means Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, otherwise Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
General information on the use of data by Google may be found on the Google website at https://policies.google.com/technologies/partner-sites (“How Google uses information from sites or apps that use our services“).
10. Google Fonts
As far as you have given your consent, our web site uses fonts provided by Google as “Google Fonts”. Google Fonts are downloaded directly from Google when you access our website from your device. Google hereby receives your IP address, your operating system, your browser type and its version and evaluates this information for their own business purposes.
11. Facebook Pixel, Custom Audience, Conversion Tracking
On our website, we use the “Facebook Pixel” function provided by Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, or, if you are based in the US or Canada: Meta Platforms Inc. , 1 Hacker Way, Menlo Park, CA 94025, USA). This function allows us to define vistors to our site as a “custom audience” for advertisements provided by Facebook (“Facebook Ads”). To do this, we use an invisible graphics file (“Facebook Pixel”) that we integrate into our website to analyze your user behavior and derives products or topics that interest you. With “Facebook Pixel”, we can also determine the effectiveness of Facebook Ads, namely, whether and how you respond to an advertisement from us (“conversion tracking”).
This data processing is based on Article 6 par. 1 f GDPR, namely on our legitimate interest in advertising our offers to those who are likely to be interested in our products and to analyze the effectiveness of our online advertising.
12. Social Media
You may find Social Media buttons on our website; they can be recognized by the logos of the social media platforms (hereinafter “Platforms”) (Facebook: „f“ logo, Instagram: square camera logo, Pinterest: „p“ logo). Clicking on such a button calls the respective Platform’s website; at the same time, the IP address of your device and the address of the page where the link is placed (“Referrer”) will be transmitted to the Platform. However, we neither collect nor otherwise process any data related to the use of these social media buttons.
13. Your Rights
With regard to your personal data we process, you have the following rights:
You have the right to obtain a confirmation from us as to whether we process personal data concerning you. If this is the case, we will inform you about the personal data stored about you and the further information in accordance with Article 15 par. 1 and 2 GDPR.
You have the right to have your inaccurate personal data rectified without undue delay. Taking into account the purposes of processing, you also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.
You can demand the erasure of your personal data concerning you under the conditions of Article 17 par. 1 GDPR without undue delay, as far as their processing is not necessary according to Article 17 par. 3 GDPR.
You may demand that we restrict the processing of your data if one of the requirements of Article 18 par. 1 GDPR applies. In particular, you can request the restriction instead of an erasure.
We will communicate any rectification or erasure of your personal data and a restriction of processing to all recipients to whom we have disclosed your personal data, unless this proves impossible or involves a disproportionate effort. We will also inform you about these recipients if you request it.
You have the right to receive the personal data which you provide to us in a structured, commonly used and machine-readable format. You may also request that we transmit the data to another controller without hindrance, where technically feasible.
As far as a data processing is based on your given consent, you have the right to, withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of the data processing based on consent before its withdrawal.
RIGHT TO OBJECT: ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, YOU MAY, AT ANY TIME, OBJECT TO PROCESSING OF YOUR PERSONAL DATA; this right applies to a processing, according to Article 6 par. 1 f GDPR, necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. If you exercise your right to object, we will no longer process the personal data in question unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of you, or for the establishment, exercise or defense of legal claims.
IN CASE WE PROCESS PERSONAL DATA FOR DIRECT MARKETING PURPOSES (E.G. NEWSLETTER), YOU MAY, AT ANY TIME, OBJECT TO PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING, WITH THE RESULT THAT WE WILL NO LONGER PROCESS YOUR DATA FOR THESE PURPOSES.
If you believe that the processing of your personal data is in breach of the GDPR, you may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. This does not exclude other administrative or judicial remedies.