Schreiben Sie den Inhalt des Pop-ups Ihres Geschäfts
Privacy Policy
1) Introduction and contact details of the controller
1.1 We appreciate your visit to our website. The protection of your personal data is important to us. In this privacy policy, we inform you about what personal data we collect, how we use it, on what basis this is done, and what rights you have. The GDPR requires transparent information, among other things, on purpose, contact, rights, and processing.
Personal data is any information with which you can be personally identified.
1.2 Controller
The controller for data processing on this website in the sense of the General Data Protection Regulation (GDPR) is:
Kaatusha’s Studio
Ekaterina Dehand
Uhlandstraße 10
88512 Mengen
Germany
Email: info@kaatusha.de
Phone: +49 1520 6378817
2) Data collection when visiting our website
2.1 When you visit our website for informational purposes only, i.e., if you do not register, order anything, or provide us with any information, technical data that your browser transmits to our server or to Shopify's servers is automatically collected. This includes, in particular:
* visited page
* date and time of access
* amount of data transferred
* referrer URL
* browser type and browser version
* operating system
* IP address
* device data
The processing of this data takes place according to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest to ensure the security and functionality of our website. The data will not be passed on to third parties. We reserve the right to evaluate the data retrospectively only if there are concrete indications of illegal use.
2.2 To protect your data, we use SSL or TLS encryption on this website. You can recognize a secure connection by the "https://" displayed in your browser's address bar and a lock symbol.
3) Cookies
Our website uses cookies. These are small text files that are stored on your device and enable certain functions of the website as well as improve its use.
Some cookies are automatically deleted after closing your browser (so-called session cookies). Other cookies remain stored on your device for a certain period and allow settings to be saved (persistent cookies). You can view the storage duration in your browser settings.
If personal data is also processed by cookies, this is done, depending on the purpose, on the basis of Art. 6 para. 1 lit. b GDPR (for contract execution), Art. 6 para. 1 lit. a GDPR (based on your consent) or Art. 6 para. 1 lit. f GDPR (based on our legitimate interest in a functional and user-friendly website).
You can set your browser so that you are informed about the setting of cookies and decide yourself whether to allow them. You can also deactivate cookies at any time.
Please note that if cookies are deactivated, the functionality of our website may be limited.
4) Hosting via Shopify
Our online shop is operated via Shopify. The provider is:
Shopify International LimitedVictoria Buildings, 1–2 Haddington RoadDublin 4, D04 XN32Ireland
In the course of using our shop, personal data is also processed by Shopify. This is done to provide and ensure the technical functionality of our online offer.
The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in a secure and efficient operation of our online shop.
Further information on data processing by Shopify can be found at: https://privacy.shopify.com
5) Contact
5.1 WhatsApp Business
We offer you the possibility to contact us via the messaging service WhatsApp (WhatsApp Ireland Limited, Dublin, Ireland).
If you contact us via WhatsApp, we process your phone number and, if applicable, other data provided by you (e.g., name or message content) to process your request. If the contact is made in connection with an order or a contract, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR. For general inquiries, the processing is carried out on the basis of our legitimate interest in fast and efficient communication in accordance with Art. 6 Para. 1 lit. f GDPR.
Please note that when using WhatsApp, data may be transferred to servers of Meta Platforms Inc. in the USA. Further information on data processing by WhatsApp can be found at:
https://www.whatsapp.com/legal/privacy-policy
5.2 If you contact us by email or via a contact form, we process the data you provide exclusively to process your request.
The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR. If your request is aimed at concluding a contract, the processing also takes place in accordance with Art. 6 Para. 1 lit. b GDPR.
6) Customer Account
6.1 If you create a customer account in our online shop, we process the personal data you provide, insofar as this is necessary for setting up and using the account. The processing takes place in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contractual relationship.
The data required for this can be found in the respective input fields in the registration form.
You can have your customer account deleted at any time by sending us a corresponding message via the contact details provided. After deletion, your data will be deleted, unless there are statutory retention obligations and no legitimate interests on our part prevent further storage.
6.2 We process personal data in particular for the following purposes:
* for the provision and technical execution of our online shop
* for processing and fulfilling orders
* for payment processing
* for delivery and shipping organization
* for communication with you
* for processing returns and complaints
* for fraud prevention and IT security
* for fulfilling legal obligations
* possibly for marketing purposes, if you have consented or if this is legally permissible
7) Newsletter
7.1 If you subscribe to our newsletter, we use your e-mail address to regularly send you information about our offers. The registration takes place using the so-called double opt-in procedure. You will receive an e-mail in which you must confirm your registration.
The legal basis is your consent according to Art. 6 Para. 1 lit. a GDPR. As part of the registration, we also store your IP address as well as the date and time to be able to prove your consent.
You can unsubscribe from the newsletter at any time via the unsubscribe link in every email or by notifying us.
7.2 Shipping & Analysis via Shopify Email and Klaviyo
Our newsletter is sent via the following providers:
* Shopify International Limited, Dublin, Ireland
* Klaviyo Inc., Boston, USA
These providers process your data on our behalf for sending the newsletter and for statistical evaluation (e.g., open and click rates). The processing is carried out exclusively on the basis of your consent in accordance with Art. 28 GDPR.
Klaviyo has joined the EU-US Data Privacy Framework.
You can revoke your consent at any time via the unsubscribe link in the newsletter.
8) Order Processing
To process your order, we process in particular:
* order data
* billing and delivery data
* payment data
* communication data
* shipping data
This data is only passed on to service providers as far as this is necessary for the execution of the contract.
For payment processing, we pass on personal data in accordance with Art. 6 Para. 1 lit. b GDPR to payment service providers such as PayPal, Klarna, Apple Pay, or Google Pay.
9) Shipping Service Provider
To process your order, we process personal data (e.g., name, address, email address) and pass it on to the service providers necessary for the execution in accordance with Art. 6 Para. 1 lit. b GDPR (in particular payment and shipping service providers).
For the delivery of the goods, we transmit the necessary data to the shipping service provider. If you have expressly consented during the ordering process, we will also pass on your email address and/or telephone number in accordance with Art. 6 Para. 1 lit. a GDPR for coordinating a delivery date or for shipping announcements. Otherwise, the data will only be passed on for the purpose of delivery.
Where legally required, we use your contact details in accordance with Art. 6 Para. 1 lit. c GDPR to inform you about necessary updates or information regarding your order.
10) Links to Third-Party Providers
Our website may contain links to external websites or third-party services. The respective operators are solely responsible for their content and data protection practices.
11) Storage Period
We store personal data only as long as this is necessary for the respective purposes or as long as statutory retention obligations exist. After that, the data will be deleted, unless there is another legal basis for storage.
12) Your Rights
You have the following rights within the framework of legal provisions, in particular:
* Right to information
* Right to rectification
* Right to erasure
* Right to restriction of processing
* Right to data portability
* Right to object
* Right to withdraw granted consents
* Right to lodge a complaint with a data protection supervisory authority
The GDPR generally grants these rights to data subjects.
If you wish to exercise any of these rights, please contact us using the contact details provided above.
13) International Data Transfers
When using Shopify or other integrated services, personal data may be transferred to countries outside the European Union or the European Economic Area. Shopify points out that merchants should configure their privacy settings and notices accordingly.
