Privacy Policy

Privacy Policy

INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE DATA CONTROLLER

1.1 We are pleased that you visit our website and thank you for your interest. Below, we inform you about how we process your personal data when you use our website. Personal data includes all data that can personally identify you.

1.2 The data controller responsible for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is Emma & Sophie Boutique. The person responsible for processing personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to the data controller). You can recognize an encrypted connection by the strings "https://" and the padlock icon in your browser’s address bar.

DATA COLLECTION WHEN VISITING OUR WEBSITE

If you use our website for information purposes only, without registering or otherwise sending information to us, we only collect the data that your browser sends to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website:

• The visited website
• Date and time of access
• Amount of data sent in bytes
• Source/referrals from which you came to the site
• Browser used
• Operating system used
• IP address used (if relevant: in anonymized form)

The processing is carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used in any other way. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.

COOKIES

To make your visit to our website enjoyable and to enable the use of certain functions, we use cookies on various pages. Cookies are small text files stored on your device. Some of the cookies we use are deleted after your browser session ends (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they collect and process specific user information such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

Some cookies are used to simplify the ordering process by saving settings (e.g., remembering the contents of a virtual shopping cart for a future visit to the website). If personal data are also processed by individual cookies we use, they are processed in accordance with Article 6(1)(b) of the GDPR either to perform the contract or under Article 6(1)(f) of the GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and efficient design of the site visit.

We may cooperate with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies may also be stored on your hard drive (third-party cookies) when you visit our website. If we cooperate with such advertising partners, you will be informed about the use of such cookies and the extent of the information collected in the respective sections of this privacy policy.

Please note that you can configure your browser to notify you about the setting of cookies and decide for yourself whether to accept them or exclude acceptance of cookies in specific cases or in general. Each browser differs in how it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers at the following links:

• Internet Explorer: https://support.microsoft.com/en/help/17442/windows-internet-explorer-delete-manage-cookies
• Firefox: https://support.mozilla.org/en/kb/cookies-allow-and-disable
• Chrome: https://support.google.com/chrome/answer/95647
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

CONTACTING US

When you contact us (e.g., via contact form or email), personal data is collected. Which data is collected in connection with a contact form is specified in the respective contact form. This data is stored and used solely for the purpose of responding to your inquiry or contacting you as well as the associated technical administration. The legal basis for data processing is our legitimate interest in responding to your inquiry in accordance with Article 6(1)(f) of the GDPR. If your contact aims to conclude a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted after the final processing of your inquiry, unless there are statutory storage obligations. This is the case if it can be deduced from the circumstances that the matter has been finally clarified.

DATA PROCESSING WHEN CREATING A CUSTOMER ACCOUNT AND FOR CONTRACT EXECUTION

According to Article 6(1)(b) GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. The collected data can be viewed in the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the data controller’s address mentioned above. We store and use the data you provide for contract processing. After completion of the contract or deletion of your customer account, your data will be blocked with regard to storage periods under tax and commercial law and deleted after these periods have expired, unless you have explicitly consented to further use of your data or we reserve the right to use data beyond this as permitted by law and informed you in this policy.

USE OF YOUR DATA FOR DIRECT MARKETING

6.1 Subscription to our email newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information to send the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. We use a so-called double opt-in procedure for sending the newsletter. This means that we will only send you an email newsletter if you have explicitly confirmed to us that you consent to the newsletter being sent. We then send a confirmation email where you are asked to confirm by clicking on a corresponding link that you wish to receive the newsletter in the future.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6(1)(a) GDPR. When subscribing to the newsletter, we store your IP address assigned by your internet service provider (ISP), as well as the date and time of registration, to be able to track possible misuse of your email address. The data we collect when registering for the newsletter will only be used for advertising purposes in the form of the newsletter. You can unsubscribe from the newsletter at any time via the link in the newsletter or by sending a message to the data controller mentioned above. After unsubscribing, your email address will be immediately deleted from our newsletter list unless you have explicitly consented to further use of your data or we reserve the right to use data beyond this as permitted by law and informed you in this policy.

6.2 Newsletter distribution to existing customers
If you have given us your email address when purchasing goods or services, we reserve the right to regularly send you offers of similar goods or services from our range via email. For this purpose, we do not need to obtain separate consent from you. Data processing is only based on our legitimate interest in personal direct marketing in accordance with Article 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any further emails. You may object at any time to the use of your email address for the aforementioned advertising purposes with effect for the future by notifying the data controller mentioned at the beginning. You will only incur transmission costs according to basic tariffs. After receipt of your objection, the use of your email address for advertising purposes will cease immediately.

DATA PROCESSING FOR ORDER PROCESSING

7.1 To fulfill the contract, we work with external service providers (logistics companies, payment service providers). We will only share your personal data with third parties to the extent necessary to perform the contract.

7.2 Use of payment service providers

PayPal
If you choose PayPal as a payment method, the payment is processed via PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal"). During payment processing, your payment data will be transferred to PayPal. The transfer of your data takes place in accordance with Article 6(1)(b) GDPR and only to the extent necessary for payment processing.

PayPal reserves the right to carry out a credit check for payment methods such as credit cards via PayPal, direct debit via PayPal, or, if offered, "purchase on account" or "instalment payment" via PayPal. For this purpose, your payment data may be transferred to credit agencies based on PayPal's legitimate interest in determining your payment ability pursuant to Article 6(1)(f) GDPR. The result of the credit assessment in relation to the statistical probability of default is used by PayPal to decide whether the respective payment method should be made available. The credit assessment may contain probability data (so-called score values). If score values are included in the result of the credit assessment, they are based on a scientifically recognized mathematical-statistical procedure. Address data is included, among other things, in the calculation of score values.

Further data protection information, including information about the credit agencies used, can be found in PayPal's Privacy Policy:

https://www.paypal.com/webapps/mpp/ua/privacy-full

You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still have the right to process your personal data if this is necessary for contractual payment processing.

SOFORT
If you choose the payment method "SOFORT," payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany ("SOFORT"). We will share your data with SOFORT to the extent necessary for payment processing in accordance with Article 6(1)(b) GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of your data takes place solely for the purpose of payment processing with SOFORT and only to the extent necessary. More information about SOFORT’s privacy policy can be found at: https://www.klarna.com/sofort/datenschutz

CONTACT FOR REVIEW REMINDERS Own review reminder (no customer rating system)
We use your email address to send you a one-time reminder to submit a review of your order. This will only be sent if you have given your explicit consent during or after placing your order, in accordance with Article 6(1)(a) GDPR. You can revoke your consent at any time by sending a message to the data controller.

USE OF SOCIAL MEDIA PLUGINS

9.1 Facebook as plugin with the "Shariff" solution
Our website uses so-called social plugins ("plugins") from the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). To ensure data protection on our website, we use a solution called "Shariff." This means that these plugins are not directly integrated on the page but are only embedded as an HTML link. This type of embedding ensures that no connection is established to Facebook servers when you visit a page on our website containing such plugins. Only when you click the button is a new browser window opened, leading to Facebook’s page where you can interact with the plugins (if relevant, after entering your login details).

For more information about Facebook’s data protection practices, please see their privacy policy: https://www.facebook.com/policy.php

9.2 Google+ as plugin with the "Shariff" solution
Our website also uses plugins from the social network Google+, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). As with Facebook plugins, we also use the "Shariff" solution here. No direct connection to Google servers is established unless you click the button. For more details on how Google processes your data, please refer to Google’s privacy policy: https://policies.google.com/privacy

9.3 Instagram as plugin with the "Shariff" solution
We also use plugins from Instagram, operated by Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram"). As with Facebook and Google+, the "Shariff" solution ensures no data is transferred unless you interact with the button. You can find more information about how Instagram uses your data at: https://help.instagram.com/519522125107875

ONLINE MARKETING

10.1 DoubleClick by Google
Our website uses the online marketing tool DoubleClick by Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick"). DoubleClick uses cookies to show ads relevant to users, improve campaign performance reports, or prevent the same ads from appearing multiple times. Using a cookie ID, Google tracks which ads are shown in which browser, preventing repetitive display. The processing is based on our legitimate interest to optimize the marketing of our website according to Article 6(1)(f) GDPR. For more information about DoubleClick’s privacy policy, please visit: https://www.google.com/policies/privacy/

10.2 Google AdWords Conversion Tracking
This website uses Google AdWords Conversion Tracking, a service provided by Google LLC. It enables us to track the effectiveness of Google AdWords campaigns. When you click on a Google ad, a cookie is stored on your device, allowing us to track conversions. You can prevent this tracking by disabling cookies for Google AdWords in your browser settings. More information about Google’s privacy policy can be found at: https://www.google.com/policies/privacy/

WEB ANALYTICS SERVICES

Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to analyze how users interact with our website. Data is generally transferred to Google's servers in the USA and anonymized to exclude personal references. For more information on data processing by Google Analytics, please refer to: https://tools.google.com/dlpage/gaoptout?hl=en

RETARGETING/REMARKETING/RECOMMENDATION ADVERTISING

Facebook Custom Audiences via Pixel
Our website uses "Facebook Pixel," provided by Facebook Inc. If you have given your consent, Facebook can track user behavior after interacting with an ad. This data is used for statistical purposes and future ad optimization. You can revoke your consent to this tracking at any time. More information can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/

Google AdWords Remarketing
Our website uses Google AdWords Remarketing features to advertise this website in Google search results and on third-party websites. The service provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, Google places a cookie in your browser device, which automatically enables interest-based advertising based on the websites you visit, using a pseudonymized cookie ID. Data processing is based on our legitimate interest in optimal marketing of our website under Article 6(1)(f) GDPR.

Further data processing will only take place if you have agreed with Google that your internet and app browsing history will be linked to your Google account, and that information from your Google account will be used to personalize the ads you see online. In such case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define audiences for cross-device remarketing. To support this function, Google temporarily links your personal data to Google Analytics data to form audiences.

You can permanently disable the use of cookies for ad accuracy by downloading and installing the browser plugin available at the following link: https://www.google.com/settings/ads/onweb/

Alternatively, you can find more information about setting cookies and adjusting preferences at the Digital Advertising Alliance website: www.aboutads.info. You can also configure your browser to notify you of cookies and allow you to accept or reject them on a case-by-case basis. Disabling cookies may limit the functionality of our website.

Google LLC, based in the USA, is certified under the US-EU "Privacy Shield" agreement, which guarantees compliance with the data protection level applicable in the EU.

Additional information and Google's privacy policy regarding advertising can be found here: https://www.google.com/policies/technologies/ads/

RIGHTS OF THE DATA SUBJECT

13.1 Applicable data protection law grants you the following rights as the data subject in connection with the processing of your personal data:

• Right to information pursuant to Article 15 GDPR: You have the right to obtain information about which personal data we process about you, the purposes of processing, categories of data, recipients, storage periods, your rights to correction or deletion, restrictions on processing, and the right to object or lodge a complaint with a supervisory authority.
• Right to correction pursuant to Article 16 GDPR: You have the right to have inaccurate data about you corrected without delay and incomplete data completed.
• Right to deletion pursuant to Article 17 GDPR: You have the right to request deletion of your personal data if the conditions in Article 17(1) GDPR are met. However, this right does not apply if processing is necessary for exercising freedom of expression, complying with legal obligations, public interest, or establishment, exercise, or defense of legal claims.
• Right to restriction of processing pursuant to Article 18 GDPR: You have the right to request restriction of processing of your personal data while the accuracy of your data is verified, if you oppose deletion due to unlawful processing and instead request restriction of use, or if you need the data for legal claims.
• Right to notification pursuant to Article 19 GDPR: If you exercise your right to correction, deletion, or restriction of processing, the controller is obliged to inform all recipients to whom your personal data has been disclosed, unless this is impossible or involves disproportionate effort.
• Right to data portability pursuant to Article 20 GDPR: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request transfer to another controller where technically feasible.
• Right to withdraw consent pursuant to Article 7(3) GDPR: You have the right to withdraw your consent at any time with effect for the future. After withdrawal, we will promptly delete your data unless further processing is lawful without your consent.
• Right to lodge a complaint pursuant to Article 77 GDPR: If you believe the processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the member state where you reside, work, or where the alleged violation occurred.

13.2 RIGHT TO OBJECT

If we process your personal data based on our overriding legitimate interest, you have the right to object to this processing at any time for reasons arising from your particular situation. If you exercise this right, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if processing is necessary for legal claims.

If we process your personal data for direct marketing purposes, you have the right to object to processing at any time. If you exercise this right, we will stop processing your data for direct marketing purposes.

DATA RETENTION PERIODS

The retention period for personal data depends on the respective statutory retention period (e.g., tax or commercial law). After this period expires, the relevant data is routinely deleted unless still required for contract fulfillment or establishment of a contract, or if we have a legitimate interest in further retention.