Privacy Policy

General

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

As a rule, it is possible to use our website without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done, as far as possible, on a voluntary basis. This data will not be passed on to third parties without your express consent.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Personal data (hereinafter referred to as “data”) are processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its contents and the services offered there.

In accordance with Art. 4 No. 1. of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following data protection declaration, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of the processing. In addition, we inform you below about the third-party components we use for optimisation purposes and to increase the quality of use, insofar as third parties process data under their own responsibility.

Right to information, deletion, blocking

With regard to the data processing described in more detail below, users and data subjects have the right to

to confirmation of whether data relating to them is being processed, to information about the data processed, to further information about the data processing and to copies of the data (cf. also Art. 15 GDPR);
correction or completion of inaccurate or incomplete data (cf. also Art. 16 of the GDPR);
immediate erasure of the data concerning them (cf. also Art. 17 of the GDPR), or, alternatively, insofar as further processing is necessary pursuant to Art. 17 (3) of the GDPR, restriction of processing in accordance with Art. 18 of the GDPR;
to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 DSGVO);
to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions (cf. also Art. 77 of the GDPR).
In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or restriction of processing that takes place on the basis of Articles 16, 17 (1), 18 DSGVO. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.
Likewise, according to Art. 21 DSGVO, users and data subjects have the right to object to the future processing of data concerning them, insofar as the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) DSGVO. In particular, an objection to data processing for the purpose of direct advertising is permissible.
Information on data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information is provided below on individual processing procedures.

Data collection and use for contract processing

We collect personal data if you voluntarily provide it to us in the context of your order or when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such because in these cases we need the data to process the contract or to process your contact and you cannot send the order or contact without providing it. Which data is collected can be seen from the respective input forms. We use the data provided by you in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO for contract processing and processing your enquiries. If you have given your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO by deciding to open a customer account, we will use your data for the purpose of opening a customer account. After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described below or via a function provided for this purpose in the customer account.

If you subscribe to our company’s newsletter, the data in the respective input mask will be transmitted to the service responsible for processing (Mailchimp). Subscription to our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register with other people’s email addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are stored by us. This serves to prevent misuse of the services or the e-mail address of the person concerned. This is very important to us, as misuse on the Internet is a major challenge in these times. The data will not be passed on to third parties! An exception is made if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. Subscription to the newsletter can be terminated by the data subject at any time. Consent to the storage of personal data can also be revoked at any time. There is a corresponding link for this purpose in every newsletter. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a) GDPR if the user has given consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

Description and purpose: We use Mailchimp to send newsletters. The provider is Mailchimp (Mailchimp® is a registered trademark of the Rocket Science Group).

The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA

Mailchimp is used to organize and analyze the sending of newsletters, among other things. The data you enter for the purpose of subscribing to the newsletter is stored on Mailchimp’s servers. If you do not wish to be analyzed by Mailchimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the emails sent with Mailchimp contain a so-called tracking pixel, which connects to the Mailchimp servers when the email is opened. This allows us to determine whether a newsletter message has been opened. We can also use Mailchimp to determine whether and which links in the newsletter message are clicked on. Optionally, links in the email can be set as tracking links, which can be used to count your clicks. These simple analyses help me as an artist to better assess what my subscribers are really interested in.

Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.

Recipient: The recipient of the data is Mailchimp.

Transfer to third countries: Data is not transferred to third countries.

Duration: The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and Mailchimp’s servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected by this.

Revocation option: You have the option to revoke your consent to data processing at any time with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

Further data protection information: You can find more details in Mailchimp’s data security information at: https://mailchimp.com/de/gdpr

Data sharing

For the fulfillment of the contract pursuant to Art. 6 para. 1 p. 1 lit. b DSGVO, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves, insofar as you create an account there. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

The same applies to the transfer of data to our manufacturers or wholesalers in cases where they take over the shipping for us (drop shipment).

We use payment service providers and shipping service providers that are based in a country outside the European Union. The transfer of personal data to these companies only takes place within the scope of necessity for the fulfillment of the contract.

PayPal Commerce-Plattform

We offer the option to process the payment transaction via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, we share the following data with PayPal to the extent necessary for the performance of the contract (Art. 6 para. 1 lit b. DSGVO).

First name
Last name
E-mail address
Phone number

The processing of the data provided under this section is not required by law or contract. We cannot process a payment via PayPal without the transmission of your personal data. [You have the option to choose another payment method].

PayPal carries out a credit check for various services such as payment by direct debit to ensure your willingness and ability to pay. This corresponds to the legitimate interest of PayPal (according to Art. 6 para. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). For this purpose, your data (name, address and date of birth, bank account details) will be passed on to credit agencies. We have no influence on this process and only receive the result of whether the payment has been made or rejected or a check is pending.

For more information on objection and removal options vis-à-vis PayPal, please visit:https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Your data will be stored until the completion of the payment processing. This also includes the period required for the processing of refunds, claims management and fraud prevention. [A statutory retention period of 2 years applies to us in accordance with [§ 147 AO / § 257 HGB].

No order processing according to Art. 28 DSGVO.

PayPal is not a commissioned processor in the sense of Art. 4 No. 8 DSGVO. There is an own responsibility. (https://www.lda.bayern.de/media/FAQ_Abgrenzung_Auftragsverarbeitung.pdf)

Other

Special features apply to the use of Instant Payment Notifications (https://developer.paypal.com/docs/api-basics/notifications/ipn/IPNIntro/).

Cookies

We do not use cookies and do not include third party domains.

Server-Log-Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

browser type and browser version
Operating system used
referrer URL
Host name of the accessing computer
Time of the server request

This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.

Contact form

If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

Online presence in social media

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights. With regard to U.S. providers that are certified under the Privacy Shield, we point out that they thereby commit themselves to comply with the data protection standards of the EU.

Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of users’ personal data is based on our legitimate interests in providing users with effective information and communication with users pursuant to Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.

For a detailed description of the respective processing and the opt-out options, please refer to the information of the providers linked below.

Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland), Facebook-Seiten auf Grundlage einer Vereinbarung über gemeinsame Verarbeitung personenbezogener Daten – Privacy policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland) – Datenschutzerklärung: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Datenschutzerklärung/ Opt-Out: http://instagram.com/about/legal/privacy/.
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Datenschutzerklärung: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Datenschutzerklärung/ Opt-Out: https://about.pinterest.com/de/privacy-policy.
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland) – Datenschutzerklärung https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland) – Datenschutzerklärung/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

SSL-Encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

Statistics

The website uses the WP Statistics analysis plugin from wp-statistics.com to generate anonymized statistics. No user profiles are created and no cookies are set. WP Statistics collects all data anonymously and stores it completely on the web server. Thus, it is not possible to identify a visitor personally, even after the fact.

The analysis tool records various website visitor data, which is visualized via widget in WordPress. These include:

IP address
Referring website
Browser
Search engine
Search term
Operating system
Country
City
Visited content

All data is stored locally on our web server, no scripts are included which communicate with third party domains. WP Statistics is DSGVO compliant.

Part of this privacy policy were created with the Muster-Datenschutzerklärung of Anwaltskanzlei Weiß & Partner created.