Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about the handling of your personal data when you use our website. Personal data is all data with which you can be personally identified.

1.2 The controller for data processing on this website in the sense of the General Data Protection Regulation (GDPR) is Mareike Rieck, Mara´s Kreativkischdle, Karl-Truchsess- Weg 10, 72534 Hayingen, Germany, Tel.: 01783547347, E-Mail: mareikerieck@web.de. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

When using our website for informational purposes only, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time of access
Amount of data sent in bytes
Source/referral from which you accessed the page
Browser used
Operating system used
Used IP address (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.

3) Hosting & Content Delivery Network

Shopify

For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the servers of the provider. We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device for a longer period and allow for the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings.

If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of a given consent, or in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the visit to the page.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contacting Us

5.1 WhatsApp Business

You have the option to contact us via the WhatsApp messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business version" of WhatsApp.

If you contact us via WhatsApp regarding a specific business transaction (e.g., an order placed), we will store and use your mobile phone number used on WhatsApp and – if provided – your first and last name in accordance with Art. 6 Para. 1 lit. b GDPR to process and respond to your request. On the basis of the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address, or email address) in order to assign your request to a specific process.

If you use our WhatsApp contact for general inquiries (e.g., about the range of services, availability, or our website), we will store and use your mobile phone number used on WhatsApp and – if provided – your first and last name in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in the efficient and timely provision of the requested information.

Your data will only be used to respond to your request via WhatsApp. It will not be passed on to third parties.

Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transmits telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device whose address book only stores the WhatsApp contact data of users who have also contacted us via WhatsApp.

This ensures that every person whose WhatsApp contact data is stored in our address book has already consented to the transmission of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6 Para. 1 lit. a GDPR by accepting the WhatsApp terms of use when they first use the app on their device. The transmission of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is thus excluded.

For the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights in this regard and setting options for protecting your privacy, please refer to WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.

In the context of the processing operations mentioned above, data transfers to servers of Meta Platforms Inc. in the USA may occur.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision of the European Commission, ensures compliance with the European level of data protection.

5.2 When you contact us (e.g., via contact form or email), personal data is processed - exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted when the circumstances indicate that the matter concerned has been finally clarified and provided that no statutory retention obligations conflict with this.

6) Use of Customer Data for Direct Marketing

6.1 Newsletter subscription via email

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive the newsletter if you have expressly confirmed your consent to receive the newsletter by clicking a verification link sent to the email address you provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. In this context, we store your IP address registered by the Internet Service Provider (ISP) as well as the date and time of registration, in order to be able to trace a possible misuse of your email address at a later time. The data collected by us during the newsletter registration will be used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.

6.2 WhatsApp Newsletter

If you subscribe to our WhatsApp newsletter, we will regularly send you information about our offers via WhatsApp. The only mandatory information for sending the newsletter is your mobile phone number.

To send the newsletter, you add our communicated mobile phone number to the address contacts of your mobile device and send us the message "Start" via WhatsApp. By sending this WhatsApp message, you give us your consent for the use of your personal data in accordance with Art. 6 Para. 1 lit. a GDPR for the purpose of sending newsletters. We will then add you to our newsletter distribution list.

The data collected by us during newsletter registration will only be processed for the purpose of promotional communication via the newsletter. You can unsubscribe from the newsletter at any time by sending us the message "Stop" via WhatsApp. After unsubscribing, your mobile phone number will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.

For sending our WhatsApp newsletter, we therefore use a mobile device whose address book exclusively stores the WhatsApp contact data of our newsletter recipients. This ensures that every person whose WhatsApp contact data is stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts in accordance with Art. 6 Para. 1 lit. a GDPR by accepting the WhatsApp terms of use when they first use the app on their device. The transmission of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is thus excluded.

We have concluded a data processing agreement with WhatsApp, which protects the data of our newsletter recipients and prohibits disclosure to third parties.

In the context of the processing operations mentioned above, data transfers to servers of Meta Platforms Inc. in the USA may occur.

7) Data Processing for Order Fulfillment

7.1 Transmission of image files for order processing via email

On our website, we offer customers the possibility to order product personalization by submitting image files via email. The submitted image motif is used as a template for personalizing the selected product.

The customer can send us one or more image files from the storage of the used end device via the email address provided on the website. We then collect, store, and use the files transmitted in this way exclusively for the production of the personalized product in accordance with the respective service description on our website. If the transmitted image files are passed on to special service providers for production and order processing, you will be explicitly informed about this in the following paragraphs. No further disclosure takes place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all the processing operations just mentioned are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 Para. 1 lit. b GDPR.

After final processing of the order, the transmitted image files will be automatically and completely deleted.

7.2 Transmission of image files for order processing via message function

If the customer has the possibility to order the personalization of products by transmitting image files via the message function, the submitted image motif will be used as a template for the personalization of the selected product.

The customer can transmit one or more image files from the storage of the used end device to us via the existing message function. We then collect, store, and use the files transmitted in this way exclusively for the production of the personalized product in accordance with the respective description of our services.

If the transmitted image files are passed on to special service providers for production and order processing, you will be explicitly informed about this in the following paragraphs. No further disclosure takes place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all the processing operations just mentioned are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 Para. 1 lit. b GDPR.

After final processing of the order, the transmitted image files will be automatically and completely deleted.

7.3 To the extent necessary for contract fulfillment for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data you provided when ordering to personally inform you within the scope of our legal information obligations in accordance with Art. 6 Para. 1 lit. c GDPR. Your contact data will be used strictly for the purpose of notifications about updates owed by us and processed by us for this purpose only to the extent necessary for the respective information.

To process your order, we also cooperate with the following service provider(s) who support us entirely or partially in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

7.4 Disclosure of personal data to shipping service providers

- DHL

As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

We will pass on your email address and/or telephone number to the provider in accordance with Art. 6 Para. 1 lit. a GDPR before the goods are delivered for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR, we will only pass on the recipient's name and delivery address to the provider. The disclosure only takes place insofar as this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery notification is not possible.

Consent can be revoked at any time with effect for the future towards the controller named above or towards the provider.

7.5 Use of payment service providers (payment services)

- PayPal

One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider where you pay in advance, your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be transmitted to them in accordance with Art. 6 Para. 1 lit. b GDPR. In this case, the transmission of your data takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.

If you select a payment method where we pay in advance, you will also be asked to provide certain personal data (first and last name, street, house number, postcode, city, date of birth, email address, telephone number, if applicable, data on an alternative payment method) during the order process.

To safeguard our legitimate interest in determining your creditworthiness in such cases, we forward this data to the provider in accordance with Art. 6 (1) lit. f GDPR for the purpose of a credit check. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experiences), the provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks.

The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.

8) Page functionalities

Instagram Plugins

Plugins of the social network of the following provider are used on our website: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

These plugins enable direct interactions with content on the social network.

To increase the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using a so-called "2-click" or "Shariff" solution.

This integration ensures that when you access a page of our website that contains such plugins, no connection is established with the provider's servers yet.

Only when you activate the plugins and thus give your consent to the data transfer in accordance with Art. 6 (1) lit. a GDPR, your browser establishes a direct connection to the provider's servers. In this process, regardless of a login to an existing user profile, certain information about your end device (including your IP address), your browser and your page history is transmitted to the provider and possibly further processed there.

If you are logged into an existing user profile on the provider's social network, information about interactions made via the plugins will also be published there and displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin by clicking on it again. However, the revocation does not affect the data that has already been transferred to the provider.

Data may also be transferred to: Meta Platforms Inc., USA

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

9) Rights of the Data Subject

9.1 The applicable data protection law grants you, vis-à-vis the controller, the following data subject rights (rights of access and intervention) regarding the processing of your personal data, with reference to the stated legal basis for the respective exercise conditions:

Right of access in accordance with Art. 15 GDPR;
Right to rectification in accordance with Art. 16 GDPR;
Right to erasure in accordance with Art. 17 GDPR;
Right to restriction of processing in accordance with Art. 18 GDPR;
Right to notification in accordance with Art. 19 GDPR;
Right to data portability in accordance with Art. 20 GDPR;
Right to withdraw granted consents in accordance with Art. 7 (3) GDPR;
Right to lodge a complaint in accordance with Art. 77 GDPR.

9.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

10) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and - if applicable - additionally by the respective statutory retention period (e.g. commercial and tax law retention periods).

When personal data is processed on the basis of an explicit consent in accordance with Art. 6 (1) lit. a GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) lit. b GDPR, this data will be routinely deleted after the expiry of the retention periods, unless it is no longer required for the fulfillment or initiation of a contract and/or we no longer have a legitimate interest in continued storage.

When personal data is processed on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

When personal data is processed for direct marketing purposes on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.