PRIVACY POLICY
1. PRIVACY AT A GLANCE
2. HOSTING BY SQUARESPACE
3. GENERAL INFORMATION AND MANDATORY DISCLORUES
4. DATA COLLECTION
ON THIS WEBSITE
4. GOOGLE reCAPTCHA
PLUGINS AND TOOLS
4. E-COMMERCE AND
PAYMENT SERVICE PROVIDERS
As of 25 May 2018, the provisions of the EU General Data Protection Regulation (hereinafter referred to as the “GDPR”) apply throughout Europe. Below, we would like to inform you about the processing of personal data carried out by DEAR WENDY® in accordance with this Regulation (see Article 13 GDPR). Please read our Privacy Notice carefully. If you have any questions or comments regarding this Privacy Notice, you may contact us at any time using the email address provided under Contact.
GENERAL INFORMATION
The following information provides a simple overview of what happens to your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information on the subject of data protection, please refer to our Privacy Notice attached to this copy.
DATA COLLECTION ON THIS WEBSITE
Who is responsible for data collection on this website (i.e. the “Controller”)?
The data processing on this website is carried out by the website operator, whose contact details can be found in the section “Information about the Controller (referred to as the ‘Controller’ under the GDPR)” of this Privacy Notice.
How do we collect your data?
We collect your data when you share it with us. This may, for example, include data you enter into our contact form.
Other data is collected automatically or after obtaining your consent during your visit to the website through our IT systems. This primarily concerns technical information (e.g. internet browser, operating system, or time of page access). Such information is collected automatically when you access this website.
For what purposes do we use your data?
Part of the information is collected to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour.
What rights do you have regarding your information?
You have the right to obtain, free of charge and at any time, information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the rectification or erasure of your data. If you have given consent to data processing, you may withdraw this consent at any time with effect for all future data processing activities. Furthermore, under certain circumstances, you have the right to request the restriction of the processing of your data. In addition, you have the right to lodge a complaint with the competent supervisory authority. Please do not hesitate to contact us at any time if you have questions about this or any other data protection-related matters.
Analysis Tools and Third-Party Tools
When visiting this website, your browsing behaviour may be statistically analysed. Such analyses are primarily carried out using analytics programs. For detailed information on these analytics programs, please refer to our Privacy Notice below.
We host our website with Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, Ireland, D08 N12C (hereinafter referred to as “Squarespace”).
Squarespace is a tool for creating and hosting websites. When you visit our website, Squarespace collects your IP address and information about the device and browser you use. Squarespace also analyses visitor numbers, traffic sources, and customer behaviour, and generates user statistics. If you make a purchase on our website, Squarespace also collects your name, email address, shipping and billing address, payment information, and other information related to the purchase (e.g. telephone number, number of sales made, etc.). Squarespace stores cookies in your browser for analytical purposes.
For details, please refer to Squarespace’s Privacy Policy: https://www.squarespace.com/privacy
The use of Squarespace is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website possible. Where corresponding consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as such consent includes the storage of cookies or access to information stored on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.
DATA PROCESSING
We have concluded a Data Processing Agreement (DPA) with the provider named above. This is a contract required under data protection law, which ensures that personal data of our website visitors is processed only on our instructions and in compliance with the GDPR.
DATA PROTECTION
The operators of this website and its pages take the protection of your personal data very seriously. Accordingly, we treat your personal data confidentially and in accordance with the applicable statutory data protection regulations and this Privacy Notice.
Whenever you use this website, various types of personal data are collected. Personal data means any data with which you can be personally identified. This Privacy Notice explains which data we collect and for what purposes we use such data. It also explains how and for what purpose the information is collected.
Please note that data transmission over the Internet (e.g. communication by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
INFORMATION ABOUT THE CONTROLLER (REFERRED TO AS THE “CONTROLLER” UNDER THE GDPR)
The controller responsible for data processing on this website is:
Moritz Allmendinger
Virngrundstraße 4
73479 Ellwangen (Jagst)
Germany
Phone: +49 172 7568975
Email: info@moritzallmendinger.de
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g. names, email addresses, etc.).
STORAGE PERIOD
Unless a more specific storage period is stated in this Privacy Notice, your personal data will remain with us until the purpose for which it was collected no longer applies. If you submit a justified request for erasure or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible grounds for retaining your personal data (e.g. retention periods required under tax or commercial law); in the latter case, deletion will take place once those grounds no longer apply.
GENERAL INFORMATION ON THE LEGAL BASIS FOR DATA PROCESSING ON THIS WEBSITE
If you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR if special categories of personal data within the meaning of Article 9(1) GDPR are processed. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your terminal device (e.g. via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) TTDSG. Consent may be withdrawn at any time.
Where your data is required for the performance of a contract or for carrying out pre-contractual measures, we process your data on the basis of Article 6(1)(b) GDPR. Where your data is required to fulfil a legal obligation, we process it on the basis of Article 6(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR. Information regarding the relevant legal basis in each individual case is provided in the following sections of this Privacy Notice.
INFORMATION ON DATA TRANSFERS TO THE USA AND OTHER NON-EU COUNTRIES
Among other things, we use tools provided by companies located in the United States or other non-EU countries that may not provide an adequate level of data protection. Where such tools are active, your personal data may be transferred to and processed in these non-EU countries.
Please note that these countries may not guarantee a level of data protection comparable to that of the European Union. For example, US companies may be required to disclose personal data to security authorities without data subjects being able to seek judicial remedies. Therefore, it cannot be ruled out that US authorities (e.g. intelligence or security agencies) may process, analyse, and permanently store your personal data for monitoring purposes. We have no control over these processing activities.
WITHDRAWAL OF YOUR CONSENT TO DATA PROCESSING
Many data processing operations are only possible with your express consent. You may withdraw consent already granted to us at any time. The legality of the data processing carried out before the withdrawal remains unaffected.
RIGHT TO OBJECT TO DATA COLLECTION IN SPECIAL CASES; RIGHT TO OBJECT TO DIRECT MARKETING (ARTICLE 21 GDPR)
WHERE DATA PROCESSING IS BASED ON ARTICLE 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. PLEASE REFER TO THIS PRIVACY NOTICE TO DETERMINE THE LEGAL BASIS ON WHICH PROCESSING IS BASED.
IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENCE OF LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEREAFTER NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ARTICLE 21(2) GDPR).
RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT SUPERVISORY AUTHORITY
In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. This right exists without prejudice to any other administrative or judicial remedy.
RIGHT TO DATA PORTABILITY
You have the right to receive data that we process automatically on the basis of your consent or in fulfilment of a contract in a commonly used, machine-readable format, or to request that it be transferred to a third party. If you request direct transfer to another controller, this will only be carried out where technically feasible.
ACCESS, RECTIFICATION AND ERASURE
Within the framework of applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin, recipients, and the purpose of processing. You may also have the right to request rectification or erasure of such data. For this purpose, and for any further questions concerning personal data, you may contact us at any time.
RIGHT TO RESTRICTION OF PROCESSING
You have the right to request restriction of the processing of your personal data. You may contact us at any time for this purpose.
The right to restriction of processing applies in the following cases:
if you contest the accuracy of your personal data stored by us, we generally require time to verify this; during this verification period, you have the right to request restriction of processing;
if processing of your personal data is or has been unlawful, you may request restriction of processing instead of erasure;
if we no longer need your personal data, but you require it for the establishment, exercise, or defence of legal claims, you have the right to request restriction instead of erasure;
if you have objected pursuant to Article 21(1) GDPR, your rights and our rights must be balanced. Until it is determined whose interests prevail, you have the right to request restriction of processing.
If processing has been restricted, such personal data may — apart from storage — only be processed with your consent, for the establishment, exercise, or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
SSL AND/OR TLS ENCRYPTION
For security reasons and to protect the transmission of confidential content, such as orders or enquiries you send to us as the website operator, this website uses SSL and/or TLS encryption. You can recognise an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in your browser. If SSL or TLS encryption is activated, data transmitted to us cannot be read by third parties.
ENCRYPTED PAYMENT TRANSACTIONS ON THIS WEBSITE
If, after concluding a paid contract, you are required to provide payment data (e.g. account details for direct debit authorisation), such data is required for payment processing. Payment transactions using common payment methods (Visa/Mastercard, direct debit) are processed exclusively via encrypted SSL or TLS connections.
COOKIES
Our websites and pages use what the industry refers to as “cookies”. Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently on your device (permanent cookies). Session cookies are automatically deleted once your visit ends. Permanent cookies remain stored on your device until you actively delete them or they are automatically deleted by your web browser.
In some cases, third-party cookies may be stored on your device when you access our website (third-party cookies). These cookies enable you or us to use certain services provided by the third party (e.g. cookies used for processing payment services).
Cookies have various functions. Many cookies are technically necessary because certain website functions would not operate without them (e.g. the shopping cart function or the display of videos). Other cookies may be used to analyse user behaviour or to display advertising messages.
Cookies that are required for carrying out the electronic communication process, for providing certain functions requested by you (e.g. the shopping cart function), or for optimising the website (necessary cookies, e.g. cookies that provide measurable insights into web audience behaviour) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified.
You may configure your browser to notify you whenever cookies are placed and to allow cookies only in individual cases. You may also exclude the acceptance of cookies in certain cases or generally, or activate the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be limited.
If third-party cookies or cookies for analytical purposes are used, we will inform you separately within the framework of this Privacy Notice and, where applicable, request your consent.
GOOGLE reCAPTCHA PLUGINS AND TOOLS
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to determine whether data entered on this website (e.g. entries in a contact form) is provided by a human user or by an automated program. To achieve this, reCAPTCHA analyses the behaviour of website visitors based on various parameters. This analysis begins automatically as soon as the website visitor enters the website. For this analysis, reCAPTCHA evaluates various types of information (e.g. IP address, time spent on the website, or cursor movements initiated by the user). The data collected during such analyses is transmitted to Google.
reCAPTCHA analyses take place entirely in the background. Website visitors are not notified that such an analysis is being carried out.
The storage and analysis of data are carried out on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its website against abusive automated monitoring and SPAM. Where corresponding consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as such consent includes the storage of cookies or access to information stored on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.
Further information about Google reCAPTCHA can be found in Google’s Privacy Policy and Terms of Service at the following links:
https://policies.google.com/privacy?hl=en
https://policies.google.com/terms?hl=en
PROCESSING OF CUSTOMER AND CONTRACT DATA
We collect, process, and use personal customer and contract data for the establishment, content design, and modification of our contractual relationships. Personal data relating to the use of this website (usage data) is collected, processed, and used only to the extent necessary to enable the user to use our services or for billing purposes. The legal basis for such processing is Article 6(1)(b) GDPR.
The customer data collected will be deleted upon completion of the order or termination of the business relationship and after expiry of any applicable statutory retention periods. Statutory retention obligations remain unaffected.
DATA TRANSFER UPON CONCLUSION OF CONTRACT FOR ONLINE SHOPS, RETAILERS AND SHIPPING OF GOODS
If you order goods from us, we will transfer your personal data to the transport company commissioned with delivery and to the payment service provider responsible for payment processing. Only the data required by the respective service providers to fulfil their obligations will be disclosed. The legal basis for such disclosure is Article 6(1)(b) GDPR, which permits the processing of data for the fulfilment of contractual or pre-contractual obligations.
If you provide your consent in accordance with Article 6(1)(a) GDPR, we will pass your email address to the transport company responsible for delivery so that it may inform you by email about the shipping status of your order. You may withdraw your consent at any time.
PAYMENT SERVICES
We integrate payment services provided by third-party companies on our website. If you make a purchase from us, your payment data (e.g. name, payment amount, bank details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contractual and privacy provisions of the relevant providers apply to these transactions.
The use of payment service providers is based on Article 6(1)(b) GDPR (performance of contract) and on our legitimate interest in ensuring a smooth, convenient, and secure payment process (Article 6(1)(f) GDPR). Where consent is requested for certain actions, Article 6(1)(a) GDPR serves as the legal basis for data processing; consent may be withdrawn at any time with effect for the future.
We use the following payment services/payment service providers on this website:
PAYPAL
The provider of this payment service is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCCs).
Details can be found in PayPal’s Privacy Statement.
APPLE PAY
The provider of this payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.
Details can be found in Apple’s Privacy Policy.
AMERICAN EXPRESS
The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter referred to as “American Express”). American Express may transfer data to its parent company in the United States. Data transfers to the United States are based on Binding Corporate Rules (BCRs).
Further information can be found in American Express’s Privacy Policy.
MASTERCARD
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as “Mastercard”). Mastercard may transfer data to its parent company in the United States. Data transfers to the United States are based on Mastercard’s Binding Corporate Rules (BCRs).
Further details can be found in Mastercard’s Privacy Policy and related documentation.
VISA
The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as “Visa”). For data protection purposes, the United Kingdom is regarded as a safe third country. This means that the level of data protection in the United Kingdom is considered equivalent to that of the European Union. Visa may transfer data to its parent company in the United States. Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCCs).
Further information can be found in Visa’s Privacy Policy.