Data Protection

Privacy Policy

Responsible for data processing: Gabriela Pyka Ottobrunner Str. 29 85640 Putzbrunn

Email: info@schmucktraeume.com

We appreciate your interest in our online shop. The protection of your privacy is very important to us. Below we inform you in detail about the handling of your data.

  1. Access data and hosting

You can visit our websites without providing any personal information. When you access a website, the web server only automatically stores a so-called server log file, which, for example, contains the name of the requested file, your IP address, date and time of access, amount of data transferred, and the requesting provider (access data) and documents the access. This access data is evaluated exclusively for the purpose of ensuring the trouble-free operation of the site and improving our offer. This serves to safeguard our predominantly legitimate interests in a correct presentation of our offer in accordance with Art. 6 para. 1 p. 1 lit. f GDPR.

Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

  1. Data processing for contract processing and contacting

2.1 Data processing for contract processing

For the purpose of contract processing (including inquiries about and processing of any existing warranty and guarantee claims as well as any legal update obligations) in accordance with Art. 6 para. 1 p. 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us within the scope of your order. Mandatory fields are marked as such because in these cases we need the data to process the contract and cannot send the order without it. Which data is collected can be seen from the respective input forms.

For further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment, and shipping processing, please refer to the following sections of this privacy policy. After complete processing of the contract, your data will be restricted for further processing and deleted after the expiry of the tax and commercial retention periods pursuant to Art. 6 para. 1 p. 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

2.2 Customer account

If you have given your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR by deciding to open a customer account, we use your data for the purpose of opening a customer account and storing your data for further future orders on our website. Deletion of your customer account is possible at any time and can either be done by sending a message to the contact option described in this privacy policy or by using the designated function in the customer account. After deletion of your customer account, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

2.3 Contact

As part of customer communication, we collect personal data to process your inquiries in accordance with Art. 6 para. 1 p. 1 lit. b GDPR if you voluntarily provide it to us when contacting us (e.g. via contact form or email). Mandatory fields are marked as such because in these cases we need the data to process your contact request. Which data is collected can be seen from the respective input forms. After complete processing of your inquiry, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

  1. Data processing for the purpose of shipping processing

For the purpose of contract fulfillment in accordance with Art. 6 para. 1 p. 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, to the extent necessary for the delivery of ordered goods.

  1. Data processing for payment processing

When processing payments in our online shop, we work with these partners: technical service providers, banks, payment service providers.

4.1 Data processing for transaction processing

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers who work for us as part of order processing, or to the commissioned banks or to the selected payment service provider, to the extent necessary for processing the payment. This serves the purpose of contract fulfillment in accordance with Art. 6 para. 1 p. 1 lit. b GDPR. In part, the payment service providers collect the necessary data for processing the payment transaction themselves, e.g. on their own website or through technical integration in the ordering process. The privacy policy of the respective payment service provider applies in this regard. If you have any questions about our partners for payment processing and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

4.2 Data processing for the purpose of fraud prevention and optimization of our payment processes

If necessary, we provide our service providers with further data, which they use together with the data necessary for processing the payment as our processors for the purpose of fraud prevention and optimization of our payment processes (e.g. invoicing, processing of contested payments, support of accounting). This serves to safeguard our predominantly legitimate interests in our protection against fraud or in efficient payment management in accordance with Art. 6 para. 1 p. 1 lit. f GDPR.

  1. Advertising via email

5.1 Email newsletter with registration

If you subscribe to our newsletter, we use the data required for this or separately provided by you to send you our email newsletter regularly based on your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

5.2 Newsletter Distribution

The newsletter may also be sent by our service providers as part of processing on our behalf. For questions regarding our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

Our service providers are located in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA

There is a European Commission decision on an adequate level of data protection for the USA as the basis for third-country transfers, provided that the respective service provider is certified. Until certified by our service providers, data transfer continues to be based on this: Standard Contractual Clauses of the European Commission.

5.3 Sending Review Requests via Email

If you have given us your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR for this purpose during or after your order, we will use your email address to request a review of your order via the review system used by us. This consent can be revoked at any time by sending a message to the contact option described in this privacy policy or via a link provided for this purpose in the review request.

The review requests may also be sent by our service provider Trusted Shops AG Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops").

In the course of sending review requests and collecting and displaying review or status information, we are jointly responsible with Trusted Shops.

As part of the joint responsibility between us and Trusted Shops, please contact Trusted Shops for data protection issues and to exercise your rights, preferably using the contact details provided here, when contacting us with data protection issues and to exercise your rights, please use the contact details provided in this privacy policy. Your request will then, if necessary, be forwarded to the other responsible party for a response.

6. Cookies and Other Technologies

6.1 General Information

To make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies).

Privacy protection for end devices When using our online services, we use absolutely necessary technologies to provide the expressly desired telemedia service. The storage of information on your device or access to information already stored on your device does not require consent.

For functions that are not absolutely necessary, the storage of information on your device or access to information already stored on your device requires your consent. We would like to point out that if you do not give your consent, parts of the website may not be fully usable. Your consents granted may remain in place until you adjust or reset the respective settings on your device.

Subsequent data processing by cookies and other technologies We use such technologies that are essential for the use of certain functions of our website (e.g., shopping cart function). These technologies collect and process IP address, time of visit, device and browser information, and information about your use of our website (e.g., information about the contents of the shopping cart) as part of a balancing of interests in our legitimate interest in optimizing our offering pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

We also use technologies to fulfill the legal obligations to which we are subject (e.g., to be able to prove consent to the processing of your personal data) and for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

You can find the cookie settings for your browser at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy. Alternatively, you can also use the following link: https://schmucktraeume.com/de/content/datenschutz. If you do not accept cookies, the functionality of our website may be limited.

6.2 Consent Manager Platform (CMP)

On our website, we use a consent management service ("Consent Manager Platform (CMP)") to inform you about the cookies and other technologies we use on our website and to obtain, manage, and document your necessary consent to the processing of your personal data by these technologies if required. This is necessary pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR to fulfill our legal obligation pursuant to Art. 7 para. 1 GDPR to be able to prove your consent to the processing of your personal data. The consent manager platform (CMP) used is provided by consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden, which processes your data on our behalf.

After you have provided your cookie declaration on our website, the web server stores the following data: IP address, device information, browser information, selected language, accessed website or its URL, date and time of your declaration of consent, and information about your consent behavior.

In addition, the following technologies are used, which contain information about your consent behavior: Cookies

The data is stored exclusively on the end device; there is no transmission of personal data to the provider of the consent manager platform (CMP). Your data will be deleted after one year unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further use the data, which is legally permitted, and about which we inform you in this statement.

6.3 Information on Third-Country Transfer (Transfer of Data to Third Countries)

We use technologies from service providers on our website whose registered office and/or server locations may be in third countries, outside the EU or the EEA. If there is no adequacy decision by the European Commission for this country, an adequate level of data protection must be ensured by other appropriate safeguards.

Appropriate safeguards in the form of contractually agreed standard data protection clauses of the EU Commission or binding corporate rules are basically possible but require a prior examination by the contracting parties as to whether an adequate level of protection can be ensured. According to the case law of the ECJ, it may be necessary to take additional protective measures.

We have generally agreed with the technology providers we use that process personal data in a third country, the standard data protection clauses adopted by the EU Commission. Where possible, we also agree on additional guarantees to ensure adequate data protection in third countries without an adequacy decision.

Despite all contractual and technical measures, it may still occur that the level of data protection in the third country does not correspond to that of the EU. In these cases, we ask you, if necessary, within the scope of cookie consent, for your consent under Art. 49 para. 1 lit. a GDPR for the transfer of your personal data to a third country.

There is a particular risk here that local authorities in the third country may receive access rights to your personal data that are not sufficiently restricted from a European data protection perspective, that we as the data exporter or you as the data subject may not be aware of this, and/or that you may not have sufficient legal remedies available to prevent or counteract such access.

In particular, the following countries are currently considered third countries without an adequacy decision by the EU Commission (example listing): China Russia Taiwan

You can find out to which third countries data is transferred by us in the data protection information for the respective tool and/or consent management service/Consent Manager Platform (CMP) used by us.

  1. Use of Cookies and Other Technologies

If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, we use the following cookies and other technologies from third-party providers on our website. After the purpose has been achieved and the respective technology is no longer used by us, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your revocation options can be found in the section "Cookies and Other Technologies". Further information, including the basis of our cooperation with the individual providers, can be found with the respective technologies. If you have any questions about the providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

7.1 Use of Google Services

We use the technologies of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google") as shown below. The information automatically collected about your use of our website by the Google technologies is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there. Unless otherwise stated for the individual technologies, data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR for the respective technology. Further information about data processing by Google can be found in Google's privacy policy.

Our service providers are located in and/or use servers in countries outside the EU and the EEA, for which the European Commission has determined an adequate level of data protection.

Our service providers are located in and/or use servers in countries outside the EU and the EEA. There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on standard data protection clauses of the European Commission.

Google Analytics

For the purpose of website analysis, data (IP address, time of visit, device and browser information, as well as information about your use of our website) is automatically collected and stored with Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address is stored on a server located in the EU for the purpose of deriving location data and is then immediately deleted before the traffic is forwarded to processing on other Google servers. Data processing is based on an agreement on data processing by Google.

For the purpose of optimized marketing of our website, we have enabled data sharing settings for "Google products and services". This allows Google to access and use the data collected and processed by Google Analytics to improve Google services. The data sharing with Google under these data sharing settings is based on an additional agreement between controllers. We have no influence on the subsequent data processing by Google. YouTube Video Plugin

For the integration of third-party content, data (IP address, time of visit, device and browser information) is collected via the YouTube Video Plugin in the extended data protection mode used by us, transmitted to Google, and processed by Google only if you play a video. 7.2 Other Providers of Web Analysis and Online Marketing Services

Use of Pinterest Tag for Web Analysis and Advertising Purposes

For web analysis and advertising purposes on Pinterest as well as on third-party websites, data (IP address, time of visit, device and browser information, as well as information about your use of our website based on events specified by us such as visiting a website or signing up for a newsletter) is automatically collected and processed by technologies of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"), and usage-based advertising is enabled based on pseudonymous cookie IDs and the pages you visit. Usage profiles are created from the collected data using pseudonyms. Pinterest will merge this information with further data from your Pinterest account and use it to compile reports on website activity and to provide further services associated with website use. We have no influence on the data processing by Pinterest and receive only statistics created based on Pinterest Tag. This allows us to measure your subsequent usage behavior for website analysis and event tracking when you arrive at our website via a Pinterest advertisement. The information automatically collected by Pinterest is usually transferred to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there. Data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR.

Our service providers are located in and/or use servers in countries outside the EU and the EEA, for which the European Commission has determined an adequate level of data protection.

Our service providers are located in and/or use servers in countries outside the EU and the EEA. There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on standard data protection clauses of the European Commission.

8. Integration of the Trusted Shops Trustbadge/other Widgets

If you have given your consent pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR, Trusted Shops widgets are integrated on this website for the display of Trusted Shops services (e.g., trustmark, collected reviews) as well as for offering Trusted Shops products to buyers after an order.

The Trustbadge and the services advertised with it are an offer of Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with which we are jointly responsible for data protection in accordance with Art. 26 GDPR. In the context of this data protection notice, we will inform you below about the essential contents of the contract in accordance with Art. 26 Para. 2 GDPR.

In the context of the joint responsibility between us and Trusted Shops AG, please address data protection questions and the assertion of your rights preferably to Trusted Shops using the contact information provided in the data protection information. Regardless, you can always contact the controller of your choice. Your request will then be forwarded to the further controller for response, if necessary.

8.1 Data Processing when Integrating the Trustbadge/other Widgets

The Trustbadge is provided by a US-based CDN provider (Content Delivery Network). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which is available here for the USA. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here. If service providers from the USA are not certified under the DPF, standard contractual clauses have been concluded as suitable guarantees.

When the Trustbadge is called up, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of access, amount of data transferred and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection, so that the stored data cannot be assigned to your person. The anonymized data is used in particular for statistical purposes and for error analysis.

8.2 Data Processing after Order Completion

If you have given your consent, the Trustbadge accesses order information stored on your end device (order amount, order number, possibly purchased product) and your email address after order completion and hashes your email address using a cryptographic one-way function. The hash value is then transmitted to Trusted Shops together with the order information pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR.

This serves to verify whether you are already registered for Trusted Shops services. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services or do not give your consent for automatic recognition via the Trustbadge, you will subsequently have the opportunity to register manually for the use of the services or to conclude security within the framework of your possibly existing usage contract.

For this purpose, the Trustbadge accesses the following information stored on your end device after completion of your order: order amount, order number, and email address. This is necessary so that we can offer you buyer protection. The data will only be transmitted to Trusted Shops once you actively decide to conclude buyer protection by clicking on the appropriately labeled button in the so-called Trustcard. If you decide to use the services, further processing will be based on the contractual agreement with Trusted Shops pursuant to Art. 6 Para. 1 lit. b GDPR, in order to complete your registration for buyer protection and secure the order, and to possibly send you review invitations by email afterwards.

Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6 Para. 1 lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which is available here for the USA and here for Israel. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here. If service providers from the USA are not certified under the DPF, standard contractual clauses have been concluded as suitable guarantees.

9. Social Media

Our online presence on Facebook (by Meta), Instagram (by Meta), YouTube, Pinterest

If you have given your consent pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the social media mentioned above, from which usage profiles are created using pseudonyms. These profiles can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media operator as well as a contact option and your rights and settings options for protecting your privacy, please refer to the data protection notices linked below. If you still need assistance in this regard, you can contact us.

Facebook (by Meta)

Facebook (by Meta) is an offering of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. The data processing in the context of visiting a Facebook (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (information on insights data) can be found here.

Our service providers are based in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

A European Commission decision on an adequate level of data protection for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Certification is available.

Our service providers are based in and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. There is no European Commission adequacy decision for these countries. Our cooperation with them is based on these guarantees: Standard Data Protection Clauses of the European Commission.

Instagram (by Meta)

Instagram (by Meta) is an offering of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, and stored there. The data processing in the context of visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (information on insights data) can be found here.

Our service providers are based in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

A European Commission decision on an adequate level of data protection for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Certification is available.

Our service providers are based in and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. There is no European Commission adequacy decision for these countries. Our cooperation with them is based on these guarantees: Standard Data Protection Clauses of the European Commission.

YouTube is an offering of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our online presence on YouTube is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there.

Our service providers are located in and/or utilize servers in countries outside the EU and the EEA, for which the European Commission has determined an adequate level of data protection.

Our service providers are located in and/or utilize servers in countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission. Our collaboration with them relies on the Standard Data Protection Clauses of the European Commission.

Pinterest is provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). The information automatically collected by Pinterest about your usage of our online presence on Pinterest is typically transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there.

Our service providers are located in and/or utilize servers in countries outside the EU and the EEA, for which the European Commission has determined an adequate level of data protection.Our service providers are located in and/or utilize servers in countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission. Our collaboration with them relies on Standard Data Protection Clauses of the European Commission.

10. Contact options and your rights

10.1 Your Rights

As a data subject, you have the following rights: 
Pursuant to Art. 15 GDPR, the right to obtain information about your personal data processed by us to the extent specified therein;
Pursuant to Art. 16 GDPR, the right to demand without delay the correction of incorrect or completion of your personal data stored by us;
Pursuant to Art. 17 GDPR, the right to demand the deletion of your personal data stored by us, provided that the further processing is not
    for exercising the right of freedom of expression and information;
    to fulfill a legal obligation;
    for reasons of public interest or
    for the assertion, exercise, or defense of legal claims;
Pursuant to Art. 18 GDPR, the right to demand the restriction of processing of your personal data if
    the accuracy of the data is disputed by you;
    the processing is unlawful, but you oppose its erasure;
    we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or
    you have objected to processing pursuant to Art. 21 GDPR;
Pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller;
Pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters for this purpose.

Right to Object

To the extent that we process personal data to safeguard our legitimate interests that predominate within the scope of a balancing of interests, as explained above, you have the right to object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you have the right to object only if there are reasons arising from your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.

This does not apply if the processing is for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

10.2 Contact Options

If you have any questions regarding the collection, processing, or use of your personal data, require information, correction, restriction, or deletion of data, or wish to revoke consent given or object to a specific use of data, please contact us directly using the contact details provided in our imprint.