Last Modified: 24 May 2018
What type of information we collect?
Information we collect from business partners
Information we collect from users
How we use the information we collect?
How we collect your information?
With whom we share the information, and for what purpose?
Right to obtain a copy, delete or revise the data collected & opt – out rights
For how long we retain the information we collect?
How do we safeguard your information?
Our servers’ location
Do Not Track disclosure
Partners who collect Data via www.leoniemergen.com
How to contact us
The data protection declaration of the Karabakh Collection GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
f) Further Definitions
You will find further definitions directly where certain terminologies are used.
NAME AND CONTACT INFORMATION OF THE CONTROLLER
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Karabakh Collection GmbH
Data Security Officer:
Busso von der Groeben
WHAT TYPE OF INFORMATION WE COLLECT?
We may collect two types of information from you.
The first type of information is non-identifiable information which may be made available via the use of the Website or Services. Thus, we are not aware of the identity of the user from which the Non-Personal Information was collected. (“Non-Personal Information”).
The Non-Personal Information collected by us may include your aggregated usage information and technical information transmitted by your device, including but not limited to: type of browser and the settings, operating system, type of the device used to access our Services, your ISP, log data, visits to the Website, pages viewed, Items views or Items saved, date and time stamp, duration on the page, location data(if you have that functionality set up) the path taken in the site and your IP addresses (***Please note, we consider IP to be Non-Personal Information, however, in some countries and jurisdictions this data might be considered as identifying and “Personal Information”), etc. We use this information, which does not identify individual users, to analyze trends, to administer the Website, to track users' movements around the Website in order to ensure that our Website’s Content is presented as effectively as possible as well as to gather demographic information about our user base as a whole.
The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Information”). Personal Information includes your name, email address and private password submitted upon registration, etc.
Please note that we may collect different categories of Personal and Non-Personal information from you depending on the nature of your interaction with the Services, as detailed below.
If we combine Personal Information with Non-Personal Information, the combined information will be treated as Personal Information for as long as it remains combined.
INFORMATION WE COLLECT FROM BUSINESS PARTNERS
If you are one of our Business Partners, we may collect the following information from you:
Registration: information that you provide when you create an account. For example, in order to register to the Services, we require basic contact information such as: first and last name, email address, brand name and brand’s site/online shop etc. Further, during the registration process the Business Partners will be provided with a user name and a password, which can be replaced following login in. you represent and warrant that you are responsible for maintaining the confidentiality of your username and password. You represent and warrant that you will not provide inaccurate, misleading or false information to us. If information provided to us subsequently becomes inaccurate, not updated, misleading or false, you will promptly notify us of such change.
Payment: In order to receive payments from us, you will be required to fill in your payment details, such as: bank or financial account information, PayPal account, etc.
Technical: we also collect viewing and usage information that relates to your interaction with the Site, such as your IP address.
INFORMATION WE COLLECT FROM OUR USERS
If you are one of our Users, we may collect the following Information from you:
Registration: In order to purchase an Item or create a Wish List you might be required either to submit your email address or to sign up and register by creating an account (“Account”). During the registration process, you will be asked to provide us with the following information: full name, private password (“Password”), email address as well as shipping and billing addresses, you can then choose to provide us with further information about yourself such as your phone number and date of birth. During the checkout, you will be required to provide us with your payment details (i.e., gift card, credit card or PayPal details). WE DO NOT STORE THE PAYMENT DETAILS AT ANY TIME, thus you will need to re-enter the payment information for each order. In addition, the transaction is provided by our secured partners and third-party payment processors.
Please note, that we may also see and store parts of your data, if you leave your Shopping Card unfinished and do not check out.
Signing in from your Facebook account: If the option is povided you can also sign in from your Facebook account, if you do so, you authorize us to access certain Facebook account information, such as your public Facebook profile in consistency with your privacy settings in Facebook.
Technical: we also collect viewing and usage information that relates to your interaction with the Website, such as your IP address
If the option is provided you can voluntarily subscribe to our Newsletter you will be asked to provide us with your email address, you can unsubscribe at any moment through your account or by clicking unsubscribe.
Contact Us: if you voluntarily contact us, you might provide us with your contact information such as your name, telephone number, address, email, etc. we will use this information solely to respond to your request and support your needs.
Newsletters may contain so called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. Based on the embedded tracking pixel, the Karabakh Collection GmbH may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. The Karabakh Collection GmbH automatically regards a withdrawal from the receipt of the newsletter as a revocation.
HOW DO WE USE YOUR INFORMATION?
We collect your information during your access or use of the Website and Service as detailed above. We collect your information in an effort to operate, manage and improve the Services and shopping experience, to communicate with Users about our Items, services and promotions and respond to your inquiries, provide you with requested services and to enhance and improve the performance and accuracy of our service and website. We may use Users’ information collected online to process and fulfill Users’ order. In addition, we maintain a record of Users’ Items interests, purchases and whatever else might enable us to enhance and personalize Users’ shopping experience. We also monitor our website use and traffic patterns to improve our designs, the Items and Services we offer and the way in which we offer them, all to enhance your experience.
HOW WE COLLECT INFORMATION
Depending on the nature of your interaction with the Services or Website, we may collect information from you automatically or when you voluntarily choose to provide us with information, all as detailed in this Policy.
If you are User or a Business Partner, we collect information that you voluntarily provide us during your interaction with the Services solely for the purpose of providing the Services.
For information regarding choices you may have with respect to our use of your information, please refer to the “right to obtain a copy, delete or revise the data collected” section of the Policy.
We may use industry-wide technologies such as “cookies” and other technologies (e.g. web beacons, pixels, etc.) in our Website and Services, as we gather certain information automatically, by ourselves or by using third party service and store it in log files. A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and your Account and our Website quicker and easier. You can find more information about cookies at www.allaboutcookies.org. Please note that most browsers will allow you to erase cookies from your device, block acceptance of cookies, or receive a warning before a cookie is stored, through your device or browser settings. However, if you choose to disable cookies, some features of our Services may not operate properly and your online experience may be limited.
WITH WHOM WE SHARE THE INFORMATION AND FOR WHAT PURPOSE?
We do not share any Personal Information collected from you with third parties or any of our partners except in the following events:
1) Authorized Disclosures. We may disclose your Personal Information to third parties when you consent to a particular disclosure of your Personal Information. Please note that once we share your information with another company, that information becomes subject to the other company’s privacy practices.
2) Third Party Partners- share your Personal Information with third parties that perform services on our behalf (e.g. customer service, marketing assistance, delivery services, payment process, tracking, servers, service functionality and support, etc.) these third parties may be located in different jurisdictions;
3) Law Requirement- we will share your information, solely to the extent needed to comply with any applicable law, regulation, legal process or governmental request.
4) Policy Enforcement- we will share your information, solely to the extent needed to enforce our policies including investigations of potential violations thereof or to detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues;
5) Company’s Rights- we will share your information, solely to the extent needed to establish or exercise our rights to defend against legal claims;
6) Third Party Rights- we will share your information, solely to the extent needed to prevent harm to the rights, property or safety of us, our users, yourself or any third party or for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.
We always strive to serve you better and improve our performance, therefore, we may combine information you give us through our Website with publicly available information and information we receive from or cross-reference with select partners and others. By combining the different information, we are able to enhance Users’ shopping experience by providing Users’ with more relevant items, promotions and special events which we believe Users’ will find interesting, as well as to communicate with you better.
We may store Non-Personal and Personal Information on our servers or our cloud servers, use or share Non-Personal Information in any of the above circumstances, as well as for the purpose of providing and improving our Website and Service, aggregate statistics, marketing and conduct business and marketing analysis, and enhance your experience with the Website.
RIGHT TO OBTAIN A COPY, DELETE OR REVISE THE DATA COLLECTED
You have a right to obtain a copy of your Personal Information that we hold. Further, you have the right to have the information associated with you corrected, if inaccurate, or erased, if we do not have a legitimate reason for retaining the information.(e.g.: We need your e-mail address to confirm the deletion of your data to you) you may, at any time, make such request (to access, change, update or remove your Personal Information) by contacting us at: firstname.lastname@example.org. Further, note that we may require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.
Even after providing your consent to this Policy, you are entitled to change your mind and opt-out of the data collection and sharing process related to our Website, by changing your browser or settings and disabling or blocking cookies, in any event the cookies will be automatically deleted within a reasonable period of time, with respect to Company’s collection proposes. You may also opt-out by contacting us at: email@example.com. Note that once you opt out, part of the Services provided by us might no longer be available.
FOR HOW LONG WE RETAIN THE INFORMATION WE COLLECT?
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion. Please note that unless you decide to delete your Account by sending us a request do so, or any part thereof, or instruct us otherwise, we retain the information we collect for as long as needed to provide the service and to comply with our legal obligations, resolve disputes and enforce our agreements.
Once you delete your account you will not be able to recover it and will have to register again with a new account in case you choose to use the Service.
In addition, some of the data we receive depends on your privacy settings with the social network (i.e., Facebook) and you should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Website.
If you delete your account we will delete all information and data of you. Please note, that we cannot send you your details if you request them after you deleted your account.
HOW DO WE SAFEGUARD AND TRANSFER YOUR INFORMATION?
We take great care in implementing and maintaining the security of the Website and your information. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Website, and we make no warranty, express, implied or otherwise, that we will prevent such access. We may adopt what we believe is appropriate data collection, storage and processing practices and security measures to protect against unauthorized access to such data.
If you feel that your privacy was treated not in accordance with our policy, or if any person attempted to abuse our Website or acted in an inappropriate manner, please contact us directly at firstname.lastname@example.org
The Website and Services are not designated to users under the age of 16 and the Company does not knowingly collect or maintain information from users who it positively knows are under the age of 16. If a parent or guardian becomes aware of personal information we have collected from an individual under the age of 16 please contact us at email@example.com In the event that we become aware that a user under the age of 16 has shared any information, we will discard such information.
In the event of a material changes we will make best efforts to notify you by email or through your Account.
We promote the service Instagram on www.leoniemergen.com. Instagram is a service of Instagram Inc. By means of the integrated “Insta” button on our page, Instagram receives the information that you have accessed the corresponding page of Leonie Mergen. If you are logged into Instagram, Instagram may assign the visit to our site to your Instagram account and link the data by this means. The data transmitted by clicking the “Insta” button is stored by Instagram. You can find more information regarding the purpose and scope of data collection, it’s processing and use, as well as your related rights and settings options for protecting your privacy in the Instagram data protection notice under https://help.instagram.com/155833707900388.
To prevent your visit to our site from being accessed by your Instagram account, you must log out of your Instagram account before visiting our site.
We promote the service Facebook on www.leoniemergen.com. Facebook is a service of Facebook Inc. By means of the integrated “Facebook” button on our page, Facebook receives the information that you have accessed the corresponding page of Leonie Mergen. If you are logged into Facebook, Facebook may assign the visit to our site to your Facebook account and link the data by this means. The data transmitted by clicking the “Facebook” button is stored by Facebook. You can find more information regarding the purpose and scope of data collection, its processing and use, as well as your related rights and settings options for protecting your privacy in the Instagram data protection notice under https://www.facebook.com/policy.php. To prevent your visit to our site from being accessed by your Facebook account, you must log out of your Facebook account before visiting our site.
We promote the service of the payment provider PayPal. Payments may be processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A. If the data subject chooses "PayPal" as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.
The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to PayPal, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between PayPal and the controller for the processing of the data will be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks.
PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed in the order.
The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.
The applicable data protection provisions of PayPal may be retrieved under https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
In our online shop there is the possibility to pay with Credit Card.
The following Data is collected if you pay via Credit Card:: Provider of the Card, card number, CVV and Expiry Date. As stated before we will not store your Credit Card or other payment details.
The Website is hosted by squarespace.com. It uses Squarespace Analytics, to help us provide the best service for you. Squarespace Analytics shows us your IP Adress including an activity log for our website. Squarespace ensures in its own data protection provisions, that they do not store any Data of our customers. The data protection provisions of squarespace may be retrieved under https://de.squarespace.com/privacy/
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller
If any part of this Privacy Policiy is not valid after law and other restrictions the other terms and parts are not affected and still valid.
If you have any general questions about the Website, Service or the information that we collect about you and how we use it, please contact us at: firstname.lastname@example.org