Privacy Policy (EN)

Privacy Policy

Personal data (hereinafter referred to as "data") are processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its contents and the services offered there.

Pursuant to Art. 4 no. 1. of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as "GDPR"), "processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following data protection declaration, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of the processing. In addition, we inform you below about the third-party components we use for optimisation purposes and to increase the quality of use, insofar as third parties process data under their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as data controllers
II. Rights of users and data subjects
III. Information on data processing

I. Information about us as the responsible party

The responsible provider of this website in terms of data protection law is:

Contessa Berlin

Kirstine Graf
Hagenauer Str. 17
10435 Berlin
Phone: +49 30 - 23499841

E-mail: graf (@) contessaberlin.com
Data protection officer at the provider is:
Kirstine Graf


II Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right to

  • to confirmation as to whether data concerning them are being processed, to information about the data being processed, to further information about the data processing and to copies of the data (cf. also Art. 15 GDPR);
  • to correct or complete incorrect or incomplete data (cf. also Art. 16 DSGVO);
  • to the immediate erasure of the data relating to them (cf. also Art. 17 of the GDPR), or, alternatively, insofar as further processing is necessary pursuant to Art. 17(3) of the GDPR, to restriction of processing in accordance with Art. 18 of the GDPR;
  • to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 GDPR);
  • to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions (cf. also Art. 77 of the GDPR).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider about any correction or deletion of data or restriction of processing that takes place on the basis of Articles 16, 17 (1), 18 DSGVO. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Notwithstanding the above, the user has a right to information about these recipients.

Likewise, users and data subjects have the right to object to the future processing of data concerning them in accordance with Art. 21 DSGVO, insofar as the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) DSGVO. In particular, an objection to data processing for the purpose of direct advertising is permitted.

III. Information on data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information is provided below on individual processing procedures.

Server data

For technical reasons, in particular to ensure a secure and stable internet presence, data is transmitted by your internet browser to us or to our web space provider. These so-called server log files are used to collect, among other things, the type and version of your internet browser, the operating system, the website from which you accessed our website (referrer URL), the website(s) of our website that you visit, the date and time of the respective access as well as the IP address of the internet connection from which the use of our website takes place.

The data collected in this way is temporarily stored, but not together with other data about you.

This storage takes place on the legal basis of Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data will be deleted again after seven days at the latest, unless further storage for evidence purposes is required. Otherwise, the data is exempt from deletion in whole or in part until the final clarification of an incident.

Cookies

a) Session cookies / session cookies

We use so-called cookies with our website. Cookies are small text files or other storage technologies that are placed and stored on your end device by the internet browser you use. These cookies are used to process certain information about you on an individual basis, such as your browser or location data or your IP address.  

This processing makes our website more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our website in different languages or the offer of a shopping cart function.

The legal basis for this processing is Art. 6 para. 1 lit b.) DSGVO, insofar as these cookies data are processed for contract initiation or contract processing.

If the processing does not serve to initiate or execute a contract, our legitimate interest lies in improving the functionality of our website. In this case, the legal basis is Art. 6 para. 1 lit. f) DSGVO.

When you close your internet browser, these session cookies are deleted.

b) Third-party cookies

Where applicable, cookies from partner companies with which we cooperate for the purpose of advertising, analysis or the functionalities of our website are also used with our website.

Please refer to the following information for details on this, in particular the purposes and legal bases of the processing of such third-party cookies.

c) Elimination option

You can prevent or restrict the installation of cookies by setting your internet browser. You can also delete cookies that have already been stored at any time. However, the steps and measures required for this depend on the specific internet browser you use. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called Flash cookies, however, processing cannot be prevented via the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required for this also depend on the specific Flash player you use. If you have any questions, please also use the help function or documentation of your Flash player or contact the manufacturer or user support.

However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be fully used.

Customer account / registration function

If you create a customer account with us via our website, we will collect and store the data you entered during registration (e.g. your name, address or e-mail address) exclusively for pre-contractual services, for the fulfilment of the contract or for the purpose of customer care (e.g. to provide you with an overview of your previous orders with us or to be able to offer you the so-called notepad function). At the same time, we will store your IP address and the date of your registration along with the time of day. Of course, this data will not be passed on to third parties.

Within the scope of the further registration process, your consent to this processing is obtained and reference is made to this data protection declaration. The data collected by us in this process will be used exclusively for the provision of the customer account. 

Insofar as you consent to this processing, Art. 6 para. 1 lit. a) DSGVO is the legal basis for the processing.

If the opening of the customer account also serves pre-contractual measures or the fulfilment of the contract, the legal basis for this processing is also Art. 6 para. 1 lit. b) DSGVO.

In accordance with Art. 7 (3) DSGVO, you can revoke the consent you have given us to open and maintain the customer account at any time with effect for the future. To do so, you only need to inform us of your revocation.

The data collected in this respect will be deleted as soon as processing is no longer necessary. However, we must observe retention periods under tax and commercial law.

Newsletter

If you register for our free newsletter, the data you requested for this purpose, i.e. your email address and - optionally - your name and address, will be transmitted to us. At the same time, we store the IP address of the internet connection from which you access our website as well as the date and time of your registration. During the further registration process, we will ask for your consent to send you the newsletter, describe the content in detail and refer to this data protection declaration. We use the data collected in this process exclusively for sending the newsletter - it is therefore not passed on to third parties in particular.

The legal basis for this is Art. 6 para. 1 lit. a) DSGVO.

In accordance with Art. 7 (3) DSGVO, you can revoke your consent to receive the newsletter at any time with effect for the future. To do so, you only need to inform us of your revocation or click on the unsubscribe link contained in each newsletter.

Contact requests / contact possibility

If you contact us via the contact form or e-mail, the data you provide will be used to process your enquiry. The provision of the data is necessary for processing and answering your enquiry - without their provision we cannot answer your enquiry or at best only to a limited extent.

The legal basis for this processing is Art. 6 para. 1 lit. b) DSGVO.

Your data will be deleted as soon as your enquiry has been finally answered and there are no legal obligations to retain the data, e.g. in the case of subsequent contract processing.

User contributions, comments and ratings

We offer you the opportunity to publish questions, answers, opinions or evaluations, hereinafter referred to as "contributions", on our website. If you make use of this offer, we will process and publish your contribution, the date and time of submission and the pseudonym used by you, if applicable.

The legal basis for this is Art. 6 para. 1 lit. a) DSGVO. In accordance with Art. 7 (3) DSGVO, you can revoke your consent at any time with effect for the future. To do so, you only need to inform us of your revocation.

In addition, we also process your IP and email address. The IP address is processed because we have a legitimate interest in taking or supporting further action if your contribution infringes the rights of third parties and/or it is otherwise unlawful.

The legal basis in this case is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the legal defence that may be necessary.

Facebook

We operate a company presence on the Facebook platform to advertise our products and services and to communicate with interested parties or customers.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Facebook's data protection officer can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, from which the mutual obligations result, is available under the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of personal data that takes place as a result and is reproduced below is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest is the analysis, communication, sales and advertising of our products and services.

The legal basis may also be the user's consent pursuant to Art. 6 para. 1 lit. a DSGVO vis-à-vis the platform operator. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 (3) DSGVO.

When our online presence is called up on the Facebook platform, the user's data (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as the operator of the platform in the EU.

This user data is used for statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create profiles of the users. On the basis of these profiles, Facebook Ireland Ltd. is able, for example, to advertise users within and outside of Facebook according to their interests. If the user is logged into his or her Facebook account at the time of the call, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Facebook, the personal data entered by the user on this occasion will be used to process the enquiry. The user's data will be deleted by us if the user's enquiry has been conclusively answered and there are no statutory retention obligations, such as for subsequent contract processing, to the contrary.

Facebook Ireland Ltd. may also set cookies to process the data.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been stored can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the settings of the browser, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all functions of Facebook can be fully used.

For more details on the processing activities, how to stop them and how to erase the data processed by Facebook, please refer to Facebook's Data Policy:

https://www.facebook.com/privacy/explanation

It is not excluded that processing by Facebook Ireland Ltd. also takes place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Instagram

We operate a company presence on the Instagram platform to advertise our products and services and to communicate with interested parties or customers.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Instagram's data protection officer can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, from which the mutual obligations result, is available under the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of personal data that takes place as a result and is reproduced below is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest is the analysis, communication, sales and advertising of our products and services.

The legal basis may also be the user's consent pursuant to Art. 6 para. 1 lit. a DSGVO vis-à-vis the platform operator. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 (3) DSGVO.

When our online presence is called up on the Instagram platform, the user's data (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as the operator of the platform in the EU.

This user data is used for statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create profiles of the users. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise users within and outside of Instagram according to their interests. If the user is logged into his or her Instagram account at the time of the call, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Instagram, the personal data entered by the user on this occasion will be used to process the enquiry. The user's data will be deleted by us if the user's enquiry has been conclusively answered and there are no statutory retention obligations, such as for subsequent contract processing, to the contrary.

Facebook Ireland Ltd. may also set cookies to process the data.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been stored can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the settings of the browser, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all functions of Facebook can be fully used.

For more details on the processing activities, how to stop them and how to erase the data processed by Instagram, please refer to Instagram's data policy:

https://help.instagram.com/519522125107875

It is not excluded that processing by Facebook Ireland Ltd. also takes place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Social media link via graphic or text link

We also promote presences on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents a connection from being automatically established to the respective server of the social network when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the user redirected to the service of the respective social network.

After the user has been forwarded, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.

This is initially data such as IP address, date, time and page visited. If the user is logged into his or her user account of the respective network during this time, the network operator may be able to assign the collected information of the user's specific visit to the user's personal account. If the user interacts via a "Share" button of the respective network, this information may be stored in the user's personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his/her user account, he/she must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.

The following social networks are integrated into our site by linking:

facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.

Privacy policy: https://www.facebook.com/policy.php

Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.

Privacy policy: https://help.instagram.com/519522125107875

Google Analytics

We use Google Analytics on our website. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis, optimisation and economic operation of our website.

Usage and user-related information, such as IP address, location, time or frequency of visits to our website, is transmitted to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymisation function. This function allows Google to truncate the IP address within the EU or EEA.

The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and of the usage activities there. This data may also be used to provide other services related to the use of our website and the use of the internet.

Google states that it does not associate your IP address with any other data. In addition, Google keeps under

https://www.google.com/intl/de/policies/privacy/partners

The website also provides you with further information on data protection law, for example on the options for preventing data use.

In addition, Google offers

https://tools.google.com/dlpage/gaoptout?hl=de

a so-called deactivation add-on together with further information on this. This add-on can be installed with the most common internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs the JavaScript (ga.js) of Google Analytics that information about your visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services. Of course, you can also find out whether and which other web analytics services we use in this privacy policy.

Web analytics Hotjar

We use Hotjar on our website. This is a web analytics service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, hereinafter referred to as "Hotjar".

Hotjar is used to analyse the usage behaviour of our website. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis, optimisation and economic operation of our website.

Hotjar enables us to log and evaluate your usage behaviour on our website, such as your mouse movements or mouse clicks. However, your visit to our website is anonymised. In addition, Hotjar evaluates information about your operating system, your Internet browser, incoming or outgoing links, the geographical origin as well as the type and trigger of the terminal device you are using and processes this information for statistical purposes. Hotjar may also obtain direct feedback from you. In addition, Hotjar offers under

https://www.hotjar.com/privacy

for further information on data protection.

In addition, you have the option to stop the analysis of your usage behaviour by way of the so-called opt-out. By confirming the link

https://www.hotjar.com/opt-out

a cookie is stored on your end device via your internet browser, which prevents further analysis. Please note, however, that you will have to click on the above link again if you delete the cookies stored on your terminal device.

Google AdWords with conversion tracking

In our website, we use the advertising component Google AdWords and the so-called conversion tracking. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

We use conversion tracking for the targeted advertising of our offer. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis, optimisation and economic operation of our website.

If you click on an ad placed by Google, the conversion tracking we use saves a cookie on your terminal device. These so-called conversion cookies lose their validity after 30 days and do not serve to identify you personally.

If the cookie is still valid and you visit a specific page of our website, both we and Google can evaluate that you have clicked on one of our ads placed on Google and that you have subsequently been redirected to our website.

Google uses the information collected in this way to provide us with statistics about visits to our website. In addition, we receive information about the number of users who have clicked on our ad(s) and about the pages of our website that were subsequently accessed. However, neither we nor third parties who also use Google AdWords are able to identify you in this way.

You can also prevent or restrict the installation of cookies through the corresponding settings of your internet browser. At the same time, you can delete cookies already stored at any time. However, the steps and measures required for this depend on your specific Internet browser used. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support.

Furthermore, Google also offers

https://services.google.com/sitestats/de.html

https://www.google.com/policies/technologies/ads/ 

http://www.google.de/policies/privacy/

for further information on this topic and in particular on the possibilities of preventing the use of data.

Shopify (shop software + web analysis)

a) Shopify shop software

We use "Shopify" to host our shop system and to present our offers and process contracts.

The legal basis is Art. 6 para. 1 lit. b) DSGVO (contract initiation/contract execution).

"Shopify" is the service of a group of companies consisting of Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc, Shopify (USA) Inc, Shopify Commerce Singapore Pte. Ltd, and Shopify International Limited.

Where we are located in the European Economic Area (EEA), the processing is carried out by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, hereinafter referred to only as "Shopify".

Due to the group of companies, however, it cannot be ruled out that processing also takes place in Canada and the USA, i.e. outside the EEA. In the case of data transfer to the Canadian Shopify Inc, however, an adequate level of data protection is guaranteed by the adequacy decision of the European Commission.

Shopify processes the following data on our behalf:

Name, billing and, if applicable, delivery address, email address, payment data, company name if applicable, telephone number if applicable, IP address, information about orders, information about the merchant shops supported by Shopify that you visit, and information about your terminal device and your internet browser.

In addition, Shopify offers under

https://www.shopify.de/legal/datenschutz

for further information on data protection.

b) Shopify web analytics

Insofar as we also use the Shopify web analytics service on our website, Shopify stores cookies on your end device via your internet browser. Via these cookies, further information, such as location, time or frequency of your visit to our website is transmitted to a Shopify server and evaluated.

The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis and optimisation of our website.

If you do not agree to this processing, you have the option of preventing the storage of the cookie by making a setting in your internet browser. You can find more information on this above under "Cookies".

Klarna "CHECK-OUT

For the payment processing of orders via our online shop, we use the payment service of Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden, hereinafter referred to as "Klarna".

For this purpose, we have integrated the so-called check-out from Klarna into the final order page of our online shop.

The legal basis is the fulfilment of the contract according to Art. 6 para. 1 lit. b.) DSGVO. In addition, we have a legitimate interest in offering effective and secure payment options, so that a further legal basis follows from Art. 6 para. 1 lit. f.) DSGVO. 

By integrating Klarna, your internet browser loads the check-out page from a Klarna server. The operating system you use, the type and version of your internet browser, the website from which the check-out was requested, the date and time of the request and the IP address are transmitted to Klarna - even without you interacting with the check-out page.

As soon as you complete the order in our online shop, the data you enter in the input fields on the check-out page will be processed by Klarna on its own responsibility to process the payment.

In the case of the offered payment methods "PayPal" and "Prepayment", the processing is limited to the forwarding of the payment data to us or PayPal without your further consent.

In the case of the offered payment methods "purchase on account", "hire purchase", "credit card", "direct debit" or "instant bank transfer", the following personal data in particular will be processed by Klarna for the purpose of payment processing as well as for identity and creditworthiness checks:

- Contact information, such as names, addresses, date of birth, gender, email address, telephone number, mobile phone number, IP address, etc.

- Information on the processing of the order, such as product type, product number, price, etc.

- Payment information, such as debit and credit card data (card number, expiry date and CCV code), invoice data, account number, etc.

In the event that you select the payment method "purchase on account" or "purchase by instalment", Klarna collects and uses personal data and information about your previous payment behaviour to decide whether to grant you the desired payment method. In addition, probability values for your future payment behaviour (so-called scoring) are used. The scoring is calculated on the basis of scientifically recognised mathematical-statistical methods.

Klarna provides under: https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf

https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf

further information on the processing described above as well as the applicable data protection provisions.

Model data protection declaration of the law firm Weiß & Partner