Data protection
Below we inform you about the type, scope and purpose of the processing of your personal data when using our shop at the address "www.lounalashes.com". Personal data is any information relating to an identified or identifiable natural person.
1. Controller
The person responsible within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data. The person responsible for the personal data processed in this shop within the meaning of the GDPR is: Louna Lashes, Riesenwaldstrasse 5, 77797, telephone +491786972859, e-mail: info@lounalashes.com (hereinafter "we").
2. When you visit our website
When you visit our website, our server collects the following information from your end device: browser type and version, operating system, the previously visited website (“referrer”), IP address and time the page was accessed.
We collect and process this data in order to ensure the trouble-free operation of our website and to be able to detect, ward off and track misuse of our services. We also use the collected data for statistical purposes, for example to evaluate which end devices and browsers are used to access our shop in order to continuously adapt and improve our offer to the needs of the users on this basis. This data processing is based on Article 6 Paragraph 1 Letter f GDPR.
We delete all of the above-mentioned personal data no later than twelve months after they have been collected.
3. When you order from us
If you place an order in our shop, we process your name, the delivery address and your e-mail address as you provide them during the ordering process. If you voluntarily provide additional data when placing your order (e.g. a different billing address or a telephone number), we will also process this data.
We process this data electronically for the proper fulfillment of the contract, in particular for delivery, invoicing, booking payments and processing returns and complaints. This data processing is based on Article 6 Paragraph 1 Letter b GDPR.
We store this data until all mutual claims from the respective contractual relationship with you have been completely settled and the commercial and tax retention periods to which we are subject have expired.
For a contract to be concluded between you and us, it is necessary for us to receive your name, the delivery address and your e-mail address. The necessity of providing this data results from legal regulations (e.g. § 312i paragraph 1 number 3 BGB, § 14 paragraph 4 UStG). If you do not provide this data, you cannot conclude a contract with us.
When deciding on the conclusion of a contract, we refrain from automated decision-making and profiling.
4. Customer Account
You can optionally create a customer account in our online shop. The data required for this and processed by us result from the input mask for opening the customer account. The customer account will only be set up at your request. The legal basis is therefore your consent in accordance with Article 6 Paragraph 1 Letter a GDPR. We keep the personal data associated with the customer account stored until you delete the customer account or you ask us to delete it. For personal data from contracts that have already been concluded, the retention periods set out in the “If you order from us” section apply, regardless of the status of the customer account.
5. Delivery and Payment
If we send physical goods based on the purchase contract, we will send the name and address of the recipient and, if you have consented to it, your e-mail address to DHL (DHL Paket GmbH, 53113 Bonn) as the shipping service provider, for the purpose of the delivery of the shipment, if necessary including a prior e-mail notification about the expected delivery time, and for the purpose of a possible return of your shipment to us on the basis of Article 6 paragraph 1 letter b DSGVO.
To pay for your purchase, the payment service provider you have selected collects and processes your name, your e-mail address, your card or account number and/or other data, insofar as this is necessary for the payment method you have chosen. In this respect, the contract and data protection provisions of the payment service provider you have selected also apply.
When receiving a payment, we process the data that the payment service provider transmits to us.
The processing is based on Article 6 Paragraph 1 Letter b GDPR. We store this data until all mutual claims from the respective contractual relationship with you have been completely settled and the commercial and tax retention periods to which we are subject have expired.
6. Processors
To operate our website on the Internet, we use the technical services of Shopify (Shopify International Limited, Dublin 4, D04 XN32, Ireland) as a processor in accordance with Article 28 GDPR.
7. Contact
If you use the contact form on our website, we process the data you enter in the form, in particular your name, your e-mail address and your message.
If you send us a message by e-mail, we will save your message with the sender data transmitted with it (name, e-mail address and any other information added by your e-mail program and the transmitting servers). For receiving, storing and sending e-mails, we use an e-mail provider who works for us as a processor in accordance with Article 28 GDPR.
The legal basis for this data processing is our legitimate interest in answering your message and being able to respond to any follow-up questions you may have (Article 6 Paragraph 1 Letter f GDPR). We delete the data collected with your message no later than twelve months after the last communication with you about your request, subject to the regulation in the following paragraph.
If you send us a legally relevant declaration on the contractual relationship (e.g. a revocation or a complaint), the legal basis for processing, regardless of the transmission channel, is also Article 6 Paragraph 1 Letter b GDPR. In such a case, we will delete the data related to your declaration as soon as all mutual claims from the contractual relationship have been finally settled and the commercial and tax retention periods have expired.
8. Newsletters
If you have subscribed to our newsletter, we will inform you by e-mail about new offers and functions of our shop. You will not receive more than one newsletter per week. You can informally object to the use of your e-mail address for advertising purposes at any time without incurring any costs other than the transmission costs according to the basic tariffs.
This data processing takes place on the basis of your consent in accordance with Article 6 Paragraph 1 Letter a GDPR. If you revoke your consent to the use of your email address for advertising purposes, we will delete your email address from our newsletter distribution list.
9. Comments and Ratings
If you write a comment or an evaluation of one of our products in our shop, we will publish your contribution in the appropriate place on our shop website together with your user name, for which you can also provide a pseudonym. In order to counteract misuse of our offer, we store the IP address of the end device from which you write for a period of twelve months (Article 6 Paragraph 1 Letter f DSGVO). We reserve the right to delete irrelevant or thematically inappropriate posts at any time. Otherwise, we only delete published articles at the request of the respective author.
10. Google Services
We use certain Google services for our shop. If you visit our shop from a location in the European Union, Norway, Iceland, Liechtenstein or Switzerland, "Google" is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, otherwise it is the Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Insofar as services are provided by Google LLC in the USA, Google has undertaken under the EU-US Privacy Shield Agreement to comply with European Union data protection law.
You can find general information about data use by Google at Google at https://policies.google.com/technologies/partner-sites ("How we use data from websites or apps on or in which our services are used").
11.Google Analytics
We use Google Analytics, a web analytics service provided by Google. Google places cookies on your end device. With these cookies, Google can collect information about how you use our website. This information is transmitted to a Google server, evaluated there and made available to us. The legal basis is Article 6 Paragraph 1 Letter f GDPR, namely our legitimate interest in the evaluation and optimization of our website.
We use Google Analytics with activated IP anonymization. This means that your IP address is usually shortened within the scope of the GDPR in such a way that the IP can no longer be traced back to you. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. The IP address transmitted by your browser will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly.
12. Social media
Social media buttons may be displayed in our shop; they can be recognized by the logos of the social media platforms (hereinafter "platforms") (Facebook: "f" logo, Instagram: square camera, Google+: "g+"). These are links to the respective platforms based in the USA. Clicking on such a link calls up the website of the respective platform, whereby the IP address of the calling device and the address of the page from which the link is made ("referrer") are transmitted to the called platform in the USA. However, we do not collect or process any data in connection with the social media buttons.
13. Your Rights
You have the following rights with regard to the personal data that we process about you:
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, we will inform you of the personal data stored about you and further information in accordance with Article 15 (1) and (2) GDPR.
You have the right to have incorrect personal data concerning you corrected immediately. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
You can demand the immediate deletion of the personal data concerning you under the conditions of Article 17 Paragraph 1 GDPR, insofar as their processing is not required in accordance with Article 17 Paragraph 3 GDPR.
You can ask us to restrict the processing of your data if one of the requirements of Article 18 Paragraph 1 GDPR is met. In particular, you can request the restriction instead of deletion.
We will notify all recipients to whom we have disclosed your personal data of any correction or erasure of your personal data and restriction of processing, unless this proves impossible or involves a disproportionate effort. We will also inform you about these recipients if you request it.
You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format and you can request that we transmit this data to another person responsible without hindrance, insofar as this is technically possible.
If data processing is based on your consent, you have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the data processing that has taken place up to your revocation.
RIGHT TO OBJECT: FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, YOU MAY OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA; This right of objection exists in relation to the data processing that takes place on the basis of Article 6 Paragraph 1 Letter f DSGVO to protect legitimate interests on our part or a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail. If you exercise your right to object, we will no longer process the data in question, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or that the processing is necessary for the assertion, exercise or defense of legal claims.
IN THE EVENT THAT WE PROCESS PERSONAL DATA FOR DIRECT ADVERTISING (E.G. NEWSLETTER), YOU MAY OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING, WITH THE RESULT THAT WE WILL NO LONGER PROCESS YOUR DATA FOR SUCH PURPOSES.
If you believe that the processing of your personal data violates the GDPR, you can lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged violation. This does not exclude other official or judicial remedies.