« back
gotlands.de / Privacy Policy

Privacy Policy

Version: 05/2018

We process personal data (hereinafter: “data”) of users only to the extent that this is necessary to provide a functional and convenient website and our content and services.

“Processing” is understood as the collection, usage, disclosure and/or storage. “Personal data” under the General Data Protection Regulation (hereinafter: “GDPR”) is understood as basically all data by which a natural person can be identified. The exact definitions of the terms are set out in Article 4 GDPR.

The following explanations give you details in particular on the nature, scope, purpose, duration and legal basis of the processing of personal data whose purpose and means of processing we decide alone or with others, and in particular on components which may be used by us for optimisation and usage quality which belong to third parties who process the data autonomously:
_________________________________________

A) Information on the controller
B) Rights of the user
C) Information on the data processing
_________________________________________



A) Information on the controller


The controller (hereinafter: “provider”) within the meaning of the GDPR and other national data protection laws of the Member States and other data protection provisions is:

Gotlands Fashion
Nico Seifert
Bismarckstraße 11
35390 Gießen

Tel: +49 641 3405951
Fax: +49 641 9312912
E-mail: info@gotlands.de



B) Rights of the user


In relation to the processing of his personal data as set out by the provider below, the user has the right

1. to demand confirmation as to whether data concerning him is being processed and to accurate information on this data and to further details and copies of the data in line with Article 15 GDPR;

2. to demand the immediate correction of inaccurate data concerning him or the completion of this data in line with Article 16 GDPR;

3. to demand that the data concerning him be deleted immediately in line with Article 17 GDPR, alternatively, if for instance further processing is required in line with Article 17 (3) GDPR, to demand a restriction on processing of the data in accordance with Article 18 GDPR;

4. to receive the data concerning him and provided by him in line with Article 20 GDPR and to demand its transmission to other controllers;

5. to lodge a complaint with a supervisory authority in line with Article 77 GDPR if the user is of the opinion that the processing of his data by the provider infringes the GDPR.
_________________________

6. The user can in principle object in line with the provisions of Article 21 GDPR at any time to the future processing of data concerning him which is done by a controller on the basis of Article 6 (1) (f) GDPR. The objection can in particular be to processing for the purpose of direct marketing.
_________________________

7. The provider is also obliged to inform all data recipients to whom he disclosed the data, of every correction or deletion of the personal data or restriction of processing which occurs on the basis of Article 16 GDPR, Article 17 (1) GDPR and Article 18 GDPR. The obligation does not exist in the case that this notification proves impossible or is associated with a disproportionately high level of effort. The user has a right to information in respect of these recipients.



C) Information on the data processing


If no detailed information on the specific data processing is given below, the user’s data processed by the provider must be deleted or blocked as soon as the purpose of the storage is extinguished and there are no statutory retention duties preventing the deletion.


Server data

For communication and security reasons during website visits data is collected, including the following, which is transmitted to the Internet browser of the user or his webspace provider (known as server logfiles):

- browser type and version;
- operating system used;
- website from which the user transferred to the website of the provider (referrer URL);
- website visited by the user;
- date and time of access;
- Internet protocol (IP) address of the user.

The data is also temporarily stored. There is no storage of this data together with other personal data of the user. The legal basis for the temporary storage is Article 6 (1) (f) GDPR on the basis of the legitimate interest in improving the stability, functionality and security of the website.

At the latest after seven days the data is deleted. Data whose further retention is required for evidence purposes is excluded from deletion until final clarification of the relevant circumstances.

Cookies

a) “Session“ cookies/ “Persistent” cookies

The provider uses what are known as cookies on his website. Cookies are small text files or other storage technologies which the user’s Internet browser creates and stores on the terminal. These cookies process to an individual extent certain information on the user, such as browser and location data and IP address values.

The processing allows the provider to design his website to be more user friendly, effective and secure. Thus the processing of the “session” cookies may enable presentation of the content in various languages or perhaps the use of a shopping cart function.

The “persistent” cookies enable the website to recognise the user again by his browser in case he visits the website regularly.

If personal data is processed by these cookies for the purposes of contractual initiation or settlement then the legal basis for the processing is Article 6 (1) (b) GDPR.

Should the processing not be intended for contractual initiation or settlement then the processing serves the legitimate interest of the provider in improving the functionality of the website and is founded upon the legal basis of Article 6 (1) (f) GDPR.

The “session” cookies are deleted when the user closes his browser. The “persistent” cookies are deleted automatically after a period established by the provider. This period differs depending on the cookie, but never exceeds a period of one month.

b) Cookies of third party providers

Cookies from third party providers may also be created on the provider’s website. These third party providers are partner firms with whom the provider collaborates for the purposes of marketing, analysis or the functionalities of the website. Should this be the case the purposes and legal foundations for the relevant processing are set out in the explanations below.

c) Possibility of elimination

The user can prevent or limit the installation of cookies by establishing the appropriate settings on his browser. Cookies already stored can also be deleted at any time. The settings for this depend upon the relevant browser. In the case of flash cookies processing cannot be prevented by browser settings but by corresponding settings on the flash player. Should the user prevent or restrict the installation of cookies, this can mean that not all the functions of the website are fully usable.

Contractual settlement

a) Processing

The personal data given by the user for the purpose of obtaining goods or services is processed by the provider for the purpose of contractual settlement. The details of the data are needed for contractual conclusion; without provision of the data contractual conclusion is not possible. The legal basis for the processing is Article 6 (1) (b) GDPR. After full settlement of the contract the data of the user is deleted taking account of the retention duties under taxation and commercial law provisions.

b) Disclosure

The personal data of the user is disclosed in the course of contractual settlement to a service provider commissioned with settlement of the acquisition of goods or services, to the transport companies commissioned with delivery or to the financial service providers to the extent that this is necessary for the settlement, delivery or payment of the goods.

The legal basis for disclosure of the data in this case is Article 6 (1) (b) GDPR.

Notes on PayPal:
If the customer selects the payment service PayPal, credit checks may be made by PayPal in the case of certain payment methods also selected by the customer. Further details on the processing of the customer’s personal data by PayPal can be found under

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Customer account

If the user registers with the provider for a customer account, the data entered in the course of this registration (e.g. name, address, e-mail address) is collected and stored exclusively for the fulfilment of a contract or the performance of pre-contractual measures and for general administration of the customer relationship (e.g. retrieval of previous orders or reminder list function). Upon registration the IP address and the date and time of registration are stored. This data is not disclosed to third parties.

The legal basis where there is consent from the user is Article 6 (1) (a) GDPR. In the context of the registration process the explicit consent of the user to the above processing may be obtained and reference made to this Privacy Statement. The data collected in this way is used exclusively for the purpose stated above. This data is not disclosed to third parties.

If establishment of the customer account serves the fulfilment of a contract or the performance of pre-contractual measures then the additional legal basis is Article 6 (1) (b) GDPR.

The user can withdraw issued consent for the customer account at any time in line with Article 7 (3) GDPR by notification to the provider. The data processed in this connection is deleted as soon as its processing is not longer required. If the data is needed to fulfil a contract or to perform pre-contractual measures then the user’s data is deleted upon expiry of the taxation and commercial law retention duties.

Contact enquiries

In the case that contact is made by the user, the personal data of the user entered at this time are used to process the enquiry. The details of the data are needed to respond to the enquiry, without the provision of data a response is not possible, or only to a limited extent.

If the contact enquiry serves the fulfilment of a contract or the performance of pre-contractual measures, then the legal basis is Article 6 (1) (b) GDPR.

The user’s data is deleted as soon as the enquiry of the user is definitively settled and there are no statutory retention duties to prevent this, such as in the case of subsequent contractual settlement.

The legal basis can also be consent from the user in line with Article 6 (1) (a) GDPR. In the context of the contact form the user’s consent can be obtained for the above-mentioned processing and reference made to this Privacy Statement.

The user can withdraw consent issued for the contact enquiry at any time in line with Article 7 (3) GDPR by notification to the provider. The data processed in this connection is deleted as soon as its processing is no longer necessary.

Newsletter

If the user registers for the provider’s free newsletter, the data collected on the input screen (e-mail address and optionally name and address) are transmitted to the provider. In addition the IP address and the date as well as the time of registration are stored. In the course of the registration process the consent of the user is collected and the content described in concrete terms. At the same time reference is made to this Privacy Statement. The data thus collected is used exclusively in relation to the Newsletter. There is no disclosure of the data to third parties.

The legal basis is Article 6 (1) (a) GDPR. The user can withdraw the consent for this with effect for the future at any time in line with Article 7 (3) GDPR by notification to the provider or via the deregistration link in the newsletter.

Google Analytics

This website uses Google Analytics, a web analytics service of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google.”

Google is certified in line with the “EU-US Privacy Shield” and thereby guarantees compliance with the data protection provisions of the EU for processing of the data in the USA.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The provider uses Google Analytics to analyse usage of the website. The legal basis here is Article 6 (1) (f) GDPR. The legitimate interest of the provider consists of the analysis, optimisation and commercial operation of the website.

Information, for instance the time, place and frequency of the visit to the user’s website, including his IP address, are passed on to a server of Google in the USA and stored there.

For this the provider uses Google Analytics with an anonymisation function. Through this add-on the IP address is shortened by Google already within the Member States of the European Union or in other contracting states to the Treaty on the European Economic Area.

Google will use the data so collected to analyse the user’s visit to the website and compile reports on the website activities for the provider. In addition the data is used to provide other services associated with website usage and Internet usage. Google may also transmit this information to third parties if this is statutorily required or if third parties process this data on behalf of Google.

Google will, according to its own statements, on no account connect the IP address of the user with other data of Google. More detailed information, in particular on the possibilities to prevent usage of the data, are offered by Google under the following link:

https://www.google.com/intl/de/policies/privacy/partners

Google also offers a deactivation add-on for the most common browsers which gives the user more control over which data can be collected by Google on the website called up by the user. The add-on informs JavaScript (ga.js) of Google Analytics that no information on the website visit should be transmitted to Google Analytics. The deactivation add-on for browsers of Google Analytics does not however prevent information being transmitted to the provider or any other web analytics services which may be used by the provider and listed in this Privacy Statement. Further information on the installation of the browser add-on can be found under the following link:

Browser add-on for deactivation of Google Analytics

Alternatively future analysis of website visits by Google Analytics can be deactivated by clicking the link below. Clicking on this link results in creation of what is known as an “opt-out cookie”, which has the result that analysis of visits to the provider’s website is prevented with effect for the future:

Activate the “opt-out cookie" for Google Analytics »
Please note: If you delete the cookies in your browser settings this generally also deletes the opt-out cookie and this must then be reactivated.