Privacy policy
1) Introduction and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data is any data that can be used to identify you personally.
1.2The responsible party for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is Berlin Stylist GbR, Proskauer Straße 19, 10247 Berlin, Germany, Tel.: 03064825496, E-Mail: shop@findvintagebeauty.com. The entity responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
2.1When using our website purely for informational purposes, meaning if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the web server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you arrived at the page
- Browser used
- Used Operating System
- Used IP address (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to review the server log files retrospectively should there be concrete indications of unlawful use.
2.2This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.
3) Hosting & Content-Delivery-Network
Shopify
"For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ('Shopify')"
Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the provider's servers. We have entered into a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
"In the case of data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission."
4) Cookies
To make the visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device for a longer period and allow the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.
If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of granted consent, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
You can configure your browser to be informed about the setting of cookies and to decide individually on their acceptance or to exclude the acceptance of cookies for specific cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be limited.
5) Contact
In the context of contacting us (e.g. via contact form or email), personal data will be processed – solely for the purpose of handling and responding to your request and only to the extent necessary for that purpose.
The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.
6) Comment function
As part of the comment function on this website, in addition to your comment, information about the time of creation of the comment and the commentator name you have chosen will be stored and published on this website. Furthermore, your IP address will be logged and stored. This storage of the IP address is done for security reasons and in case the affected person violates the rights of third parties or posts illegal content through a submitted comment. We need your email address to contact you in case a third party should contest your published content as illegal.
The legal basis for the storage of your data is Article 6(1)(b) and (f) of the GDPR. We reserve the right to delete comments if they are challenged as unlawful by third parties.
7) Data processing when opening a customer account
According to Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent necessary when you provide us with this information when opening a customer account. The data required for account opening can be found in the input mask of the corresponding form on our website.
"Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the responsible party. After deletion of your customer account, your data will be deleted, provided that all contracts concluded in this regard have been fully settled, no legal retention periods are opposed, and we have no legitimate interest in further storage."
8) Use of customer data for direct marketing
Registration for our email newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. For the newsletter dispatch, we use the so-called double opt-in procedure, which ensures that you only receive the newsletter after you have explicitly confirmed your consent to receive the newsletter by clicking on a verification link sent to the specified email address.
By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In this context, we store your IP address registered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any potential misuse of your email address at a later time. The data we collect during the newsletter registration will be used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the designated link in the newsletter or by sending a corresponding message to the responsible party mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data in a manner that is legally permitted and of which we inform you in this statement.
9) Data processing for order processing
9.1"As far as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR."
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact details you provided when placing the order (name, address, email address) in order to inform you personally about upcoming updates within the legally prescribed period in accordance with our statutory information obligations pursuant to Art. 6 para. 1 lit. c GDPR via an appropriate communication channel (e.g., by post or email). Your contact details will be used strictly for the purpose of notifications regarding updates owed by us and will be processed by us only to the extent necessary for the respective information.
"To process your order, we also work with the service provider(s) listed below, who assist us in whole or in part with the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information."
9.2Use of payment service providers (payment services)
- Apple Pay
If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing will be done through the "Apple Pay" function of your device running iOS, watchOS, or macOS by charging a payment card stored in "Apple Pay". Apple Pay uses security features that are integrated into the hardware and software of your device to protect your transactions. Therefore, to authorize a payment, you will need to enter a code that you have previously set, as well as verify using the "Face ID" or "Touch ID" function of your device.
For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be transmitted in encrypted form to Apple. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for processing the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the success of the payment.
"If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR."
Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, as well as an indication of whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
When you use Apple Pay on your iPhone or Apple Watch to complete a purchase made through Safari on your Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay" and turn off "Allow Payments on Mac."
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- Google Pay
If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is carried out via the "Google Pay" application on your mobile device, which must be operated with at least Android 4.4 ("KitKat") and have an NFC function, by charging a payment card stored in Google Pay or a verified payment system there (e.g. PayPal). For the approval of a payment via Google Pay exceeding €25, it is necessary to unlock your mobile device beforehand using the respective verification method set up (such as facial recognition, password, fingerprint, or pattern).
For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be shared with Google. Google will then transmit your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, which verifies that a payment has been made. This transaction number does not contain any information about the actual payment data of your payment method stored in Google Pay, but is created and transmitted as a uniquely valid numerical token. In all transactions through Google Pay, Google acts solely as an intermediary for processing the payment. The execution of the transaction occurs exclusively between the user and the originating website by charging the payment method stored in Google Pay.
"If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR."
Google reserves the right to collect, store, and analyze certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description for the reason for the transaction, and any associated offer related to the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR based on the legitimate interest in proper accounting, the verification of transaction data, and the optimization and maintenance of the Google Pay service.
"Google also reserves the right to combine the processed transaction data with additional information collected and stored by Google when using other Google services."
The terms of use for Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection with Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Paypal
On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
When selecting a payment method from the provider that requires you to make an advance payment, your payment data provided during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be shared with them in accordance with Art. 6 para. 1 lit. b GDPR. The sharing of your data in this case is solely for the purpose of processing the payment with the provider and only to the extent necessary for this.
"When selecting a payment method where we advance payment, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and if applicable, data for an alternative payment method) during the ordering process."
"In order to safeguard our legitimate interest in determining your creditworthiness in such cases, this data will be forwarded to the provider in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of a credit check. The provider will assess, based on the personal data you provided as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment option you selected can be granted in terms of payment and/or default risk."
The credit report may contain probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things, but is not limited to, address data.
You can object to this processing of your data at any time by sending us a message or by contacting the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- Stripe
"This website offers one or more online payment methods from the following provider: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland."
When selecting a payment method from the provider where you make an advance payment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be shared in accordance with Art. 6 para. 1 lit. b GDPR. The sharing of your data in this case is solely for the purpose of processing the payment with the provider and only to the extent necessary for this.
When selecting a payment method where the provider goes into advance payment (such as invoice or installment purchase or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and if applicable, data for an alternative payment method).
In order to safeguard our legitimate interest in determining the creditworthiness of our customers, this data will be forwarded to the provider in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of a credit check. The provider checks, based on the personal data you provided as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment option you selected can be granted in terms of payment and/or default risk.
The credit report may contain probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things, but is not limited to, address data.
You can object to this processing of your data at any time by sending us a message or by contacting the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
10) Retargeting/ Remarketing and Conversion Tracking
Meta Pixel
"Within our online offering, we use the service "Meta Pixel" from the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta")"
When a user clicks on an advertisement we have placed on Facebook and/or Instagram, the URL of our linked page is extended by a parameter using "Meta Pixel". This URL parameter is then entered into the user's browser after redirection by a cookie that our linked page itself sets.
This allows Meta, on the one hand, to identify the visitors of our online offering as a target group for the display of advertisements (so-called "Ads"). Accordingly, we use the service to show the Facebook and/or Instagram Ads we place only to those users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in specific topics or products determined by the visited websites), which we transmit to Meta (so-called "Custom Audiences").
"On the other hand, the 'Meta Pixel' can be used to track whether users were redirected to our website after clicking on an advertisement and what actions they take there (so-called 'conversion tracking')."
The collected data is anonymous to us, meaning it does not provide any conclusions about the identity of the users. However, the data is stored and processed by Meta, allowing a connection to the respective user profile and enabling Meta to use the data for its own advertising purposes.
All processing described above, in particular the setting of cookies for reading information on the device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
"We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties."
The information generated by Meta is usually transmitted to a server of Meta and stored there; in this context, there may also be a transfer to servers of Meta Platforms Inc. in the USA.
"For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission."
11) Page functionalities
YouTube
This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Data can also be transmitted to: Google LLC., USA
"When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the provider's servers to load the plugin. In this process, certain information, including your IP address, is transmitted to the provider."
"If the playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behavior, create playback statistics, and prevent abusive behavior."
If you are logged into a user account with the provider during your site visit, your data will be directly associated with your account when you click on a video. If you do not wish for this association with your account, you must log out before pressing the play button.
All of the aforementioned processing activities, in particular the setting of cookies for reading information on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke the consent granted at any time with effect for the future by deactivating this service via the "Cookie Consent Tool" provided on the website.
"For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission."
12) Tools and Miscellaneous
Cookie Consent Tool
This website uses a so-called "cookie consent tool" to obtain valid user consents for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users in the form of an interactive user interface when the page is accessed, where consents for specific cookies and/or cookie-based applications can be granted by checking boxes. With the use of the tool, all cookies/services that require consent are only loaded if the respective user grants the corresponding consents by checking the boxes. This ensures that such cookies are only set on the user's device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.
"In individual cases, if the processing of personal data (such as the IP address) occurs for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our online presence."
Another legal basis for processing is also Article 6(1)(c) of the GDPR. As data controllers, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
"As far as necessary, we have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties."
Further information about the operator and the settings options of the cookie consent tool can be found directly in the corresponding user interface on our website.
13) Rights of the data subject
13.1The applicable data protection law grants you the following rights as a data subject against the controller regarding the processing of your personal data (rights to information and intervention), with reference to the respective conditions for exercise based on the legal basis mentioned:
- Right of access according to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure according to Art. 17 GDPR;
- Right to restriction of processing according to Art. 18 GDPR;
- Right to information pursuant to Art. 19 GDPR;
- Right to data portability according to Art. 20 GDPR;
- Right of withdrawal of granted consents according to Art. 7 para. 3 GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
13.2RIGHT OF OBJECTION
"IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERWHELMING LEGITIMATE INTEREST AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE."
"IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING PROTECTABLE REASONS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS."
"IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE."
"IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES."
14) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and – if applicable – additionally by the respective statutory retention period (e.g. commercial and tax retention periods).
When processing personal data based on explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the affected data will be stored until you revoke your consent.
"If there are statutory retention periods for data processed in the context of contractual or contract-like obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer necessary for the fulfillment of the contract or the initiation of a contract and/or we have no legitimate interest in further storage."
When processing personal data based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
When processing personal data for the purpose of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information of this declaration regarding specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
