Data Protection Policy

This Data Protection Policy informs about which personal data is collected in the using of the website www.xouxouberlin.com (hereinafter: “Website”), the purposes, the methods the referring data will be used, and the rights which users are entitled.

 

§1 Responsible Party

The responsible party within the meaning of the General Data Protection Regulation

(hereinafter: “GDPR”) for the processing of personal data concerning the use of the website:

 

XOUXOU Berlin - Inh. Richard Kirschstein

Hasenheide 12

10967 Berlin

Email:  support@xouxouberlin.com

(hereinafter: “xouxouberlin”, “us”, “we”)

 

§2 Processing of data by navigating the website

When you navigate the website, the personal data is collected and transmitted by your browser on the server of the website and stored in temporarily Log Files. In this meaning, stored data means especially the following data:

  • IP Address of the inquiring computer
  • Name and URL of the accessed data
  • Date and hour of the access
  • Status of the access/HTTP Code Status
  • Respectively transferred data volume
  • Identification data from the used browser

The processing of this referring data is technically essential to ensure the stability and security as well as connection reports of the website. The storage in the Log Files occurs to guarantee the functionality of the website. Besides, this data is also used to optimize the website and to guarantee the security of our systems. 

The processing of the data is the object of Article 6 (1) (f) GDPR (named as legitimate interests) insofar the processing of respective data is within the framework of the navigation of the website. The legitimate interests arise from the purposes aforementioned.

 

 §3 Cookies

Our website uses Cookies. Cookies are text files which are stored on a computer system through an Internet browser. When a user visits our website, cookies can be stored on the user’s operating system. These cookies contain a peculiar character sequence which enables the unique identification of the browser in case the website is visited again. 

We use cookies to elaborate a more user-friendly website experience. A few elements from our internet site require that the accessed browser can even be identified after the user changes internet sites. 

Concerning cookies the following data are stored and transferred:

  • Language settings
  • Items in the shopping cart
  • Log in/User information
  • Frequency of product view
  • Order procedure 
  • Use of the website functions

 

You can configure the browser settings accordingly to your wishes, for instance, the acceptance of third-party cookies or the rejection of all cookies. We inform you that if you have rejected the use of all cookies, you may not be able to use the full functionality of this website.

We use cookies to identify the subsequent visits in case you have an account on the website. On the contrary, you must log in again for each visit.

The legal basis concerning the processing of personal data originated by the use of cookies is the object of Article 6 (1) (f) GDPR (so-called legitimate interests). The legitimate interests arise from the purposes aforementioned and to optimize the use of the website and to improve your user experience.

  

 §4 Marketing on our website

When you visit our website we analyze and we keep records of your user behavior to make our website more interesting and to target our advertising individually. In addition, we process your personal data for advertising purposes in the form of remarketing.

 

4.1. Google AdWords

We use on our website the online advertising system called Google-Ads which is provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

In the context of Google Ads, we use the conversion tracking service (visit evaluation). If you click on an advertisement placed by Google, a conversion tracking cookie is set. After 30 (thirty) days this mentioned cookie is not valid which means that the users cannot be individually identified. When you visit specific pages of our website and the cookies have not yet expired, Google and we can identify that you clicked on an advertising and that you have been transferred to this website.

Each Google-Ad customer receives a different cookie. Thus, the cookies cannot be tracked through the websites of AdWords customers. The conversion cookie collects information which is used in the production of conversion statistics and for ads customers who have opted-in for conversion tracking. Customers are informed about the total number of users who clicked on the ad and were forwarded to a conversion tracking tag page. However, you will not receive any information enabling you to identify users personally. 

The use of Google Ads is legally based on Article 6 (1) (f) GDPR (legitimate interests). We have the legitimate interests concerning targeted advertising and the analysis pursuant to the effects and efficiencies of this targeted advertising. You are also entitled by law to refute at any time the processing of your personal data based on the Article 6 (1) (f) GDPR.

You can set your browser up to be informed when cookies are set and only allow cookies in certain cases, such as to accept cookies for specific cases or total exclusion, including to activate automatic deletion of cookies when the browser is closed. You will find instructions on how to do this under this link.

If cookies are deactivated, the functionality of this website may be restricted. 

For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield.

Further information can be found here.

Further information and the privacy policy of Google can be found here. 

 

4.2. Facebook-Pixel

We use the tool analysis named as “Facebook-Pixel” provided by the social media Facebook. Facebook-Pixel is a part of Facebook Inc., and it is located at 1 Hacker Way, Menlo Park, CA 94025, USA, in case you are located in the EU,  Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“).

Facebook-Pixel helps us concerning the measurement of our advertising efficiency and the analysis of actions taken by users on our website. Through Facebook-Pixel we are able to identify you as a visitor of our website as a target group for the presentation of ads (so-called "Facebook ads").

We use Facebook-Pixel to target the Facebook-Ads only to display to Facebook users who have shown interest in our website or who shown certain features (for instance interest in certain topics or products) that we transfer to Facebook (named as “custom audience”). We want to ensure you that the Facebook-Ads are in accordance with the potential interest of the user.  In addition, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing if users were redirected to our website after clicking on a Facebook ad (name as "conversion").

The establishment of Facebook Pixel as the storage of the “Conversion Cookies° are based on Article 6 (1) (f) GDPR (legitimate interests). We have a legitimate interest in the analysis of the behaviour of the user in order to optimize our website and advertising.

For the exceptions where personal information is transferred to the United States, Facebook has submitted to the EU-US Privacy Shield, please access this link.

For more information about Facebook's collection and use of this information, your rights in this regard, and how Facebook can protect your privacy, please visit Facebook's privacy policy.

 

4.3. Google Analytics Remarketing

On the website, we use the Google Analytics Remarketing features in conjunction with the cross-device features of Google Ads and Google DoubleClick. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This feature enables you to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google Ads and Google DoubleClick. This allows us to display interest-based, personalized ads that have been customized to you based on your past usage and browsing behaviour on one device (e.g., mobile phone) on another of your devices (e.g., tablet or PC). If you have given your consent, Google will link the web and app browser history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on any device on which you sign in with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data. This allows target audiences to be defined and created for cross-device advertising.

You can permanently opt out of cross-device remarketing/targeting by deactivating personalized advertising in your Google Account here and/or by following the link below and downloading and installing the plug-in provided here.

The data collected in your Google account is summarized on the basis of your consent, which you can give or revoke at Google (Art. 6 (1) (a) GPDR). In the case of data processing that is not merged into your Google Account - for example, because you do not have a Google Account or because you have been objected to the merging - the legal basis is the processing of the data Art. 6 (1) (f) GDPR (legitimate interests). The legitimate interest results from our interest in the anonymous analysis of website visitors for advertising purposes in order to address you in a targeted manner with interest-related advertising.

For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield. You can find further information here

Further information and the privacy policy of Google can be found here.

 

§5 Establishment of contact

A contact form is available on the website, which can be used for electronic contact. The data entered in the registration form will be transmitted to us and stored, if you send us an inquiry. These data are: 

  • Your name 
  • E-mail address 

Moreover, at the time the message is sent, the date and time will be stored and, if applicable, other data provided by you if you specify in the message sent.

Alternatively, you can contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored. The data is used exclusively for the purpose of processing contact inquiries and serves to prevent misuse of the contact form and to ensure the security of our information technology systems. 

The legal basis for the processing of this personal data is Art. 6 (1) (f) GDPR (legitimate interests). The legitimate interest arises from the fact that we can only process the user accordingly with the user has acknowledged  (e.g. answering inquiries). Additionally, the legal foundation of data processing is Art. 6 (1) (b) GDPR if the purpose of the contact is to conclude a contract.

 

§6 Newsletter

 On the website, there is a possibility to sign up for free newsletter. When you sign up for it, your email is transferred. The customer’s email address is collected in order to send the newsletter.

We use for the registration of the newsletter a Double-Opt-In procedure. This means that after registration we will send you an email to the given email address in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of this procedure is to prove your registration and to clarify and clear any possible misuse of your data.

The newsletter is sent by a service called “MailChimp”, which is located in the USA. Therefore, the transmitted data is processed in this mentioned jurisdiction. 

The email delivery MailChimp has certified to the EU-U.S. Privacy Shield Framework, and therefore offers a guarantee to comply with the European data protection level.

The data protection regulations of this service provider can be viewed here.  

"MailChimp" can use the data of the recipients without allocation to an individual user, to optimize its own service or for statistical purposes. The email delivery service does not use the data of our newsletter recipients to itself or to forward the data to third parties. When the newsletter is sent, your user behavior is evaluated by MailChimp. For this evaluation, the e-mails sent contain so-called Web-beacons, more specifically, tracking pixels, which represent one-pixel image files stored on our website. For evaluation purposes, we link the data specified in §2 and the Web-Beacons with your e-mail address and an individual ID. We use the data obtained in this way to create a user profile in order to target the newsletter to your individual interests. We record when you read our newsletter, which links you click in it and infer your personal interests from this. We link this data with the actions you take on our website. You can unsubscribe this tracking at any time by clicking on the separate link provided in each e-mail or by informing us through another contact procedure. The information is stored as long as you have subscribed to the newsletter. After you have unsubscribed, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the above tracking will take place in connection with data processing for the delivery of newsletters, except for the provider MailChimp, no data is forwarded to third parties. The data will be used exclusively for the email delivery of the newsletter.

The data will only be stored until you unsubscribe from the newsletter. Subsequently, the e-mail address will be blocked for the delivery of the newsletter and may be deleted altogether. You can unsubscribe from the newsletter at any time. For this purpose, you will find a corresponding opt-out link in every newsletter. You can also declare your cancellation by e-mail or by sending a message to the address given in our Imprint.


The legal basis for the processing of data relating to the delivery of newsletter by us is Article 6 (1) (a) GDPR (consent of the user) or, if there is a business relationship with regard to information on at least similar services by us, also Art. 6 (1) (b) GDPR (performance of contract). The email delivery service provider "MailChimp" will be informed based on legitimate interests pursuant to Art. 6 (1) (f) GDPR as well as data processing agreement under Art. 28 (1) (3) GDPR.

 

§7 Third parties

 

7.1. Vimeo

We have integrated videos and plug-ins of the online video platform "Vimeo" of the operator Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. The content is stored on the servers of Vimeo and can be played directly from our website. Each time you access a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. The information about your visit and your IP address is also stored in the USA. Through interactions with the Vimeo plugins (e.g. clicking the start button), this information is also transmitted to Vimeo and stored in the USA. You can access the Vimeo's Privacy Policy

If you have a Vimeo user account and you do not want that Vimeo collects information about you and link it to your Vimeo member information through this website, you must log out of Vimeo before visiting this website.

Besides, Vimeo uses the Google Analytics tracker via an iFrame in which the video is played. This is Vimeo's own tracking and we do not have any access to it. You can cancel the tracking through Google Analytics by using the deactivation tools that Google offers for determined Internet browsers. You can also prevent Google from collecting the data generated by Google Analytics and according to your use of the website (including your IP address) as well as prevent Google from processing this data by downloading and installing the browser plug-in available on the following link.

The legal foundation is Art. 6 (1) (f) GDPR (legitimate interests). The legitimate interest hereby is that the provider has a legitimate interest in understanding whether and how often the website is used to ensure and improve the functionality of its services. In addition, our legitimate interest lies in an appealing presentation and illustration of our offers through videos on the website for the benefit of the users and a needs-based design of our website.

 

7.2. Social Media 

 

7.2.1. Plug-Ins

We currently use the following social media plug-ins: Facebook, Instagram, and Pinterest. We  use the so-called Double-click solution.
This means that when you visit our website, no personal data will be forwarded to providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box above its initial letter or logo. The buttons allow you to communicate directly with the provider of the plug-in. If you click on the marked area and thereby activate it, the plug-in provider receives the information that you have visited the corresponding website of our online service. In addition, the data aforementioned to in §2 (Processing of data by navigating the website) shall be transmitted. 

In Germany, the IP information originated through the Facebook platform will be automatically anonymized after collection. By activating the plug-in, your personal data will be transferred to the Plug-In provider and then stored in the USA in case the provider is situated in this jurisdiction. Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the grey box. 

We do not influence the collected data and data processing procedures, nor are we aware of the full scope of the data processing, the purposes of data processing, the periods of storage. Moreover, no information is present to us according to the deletion of the raised data by the plug-in providers.

The plug-in provider stores the data collected about you as usage profiles, and uses the following data for purposes of advertising, market research and/or demand-oriented designs of its website. Such evaluation is carried out in particular (also for users who are not logged in) to display demand-driven and oriented advertising and to attract your network about your activities on our website. You are entitled to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. 

The legal basis for the use of the plug-ins is Art. 6 (1) (f) GDPR (legitimate interests). 

The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in. If you are logged in at the plug-in provider, your data collected by us will be directly transferred to your existing account in the platform of the plug-in. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and communicates it publicly to your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this avoids assigning your profile to the plug-in provider.

 

7.2.2.  Website of the Company

When you visit our Facebook, Instagram and/or Pinterest profiles, these platforms collect your personal information. This is also valid if you do not have a respective user account. Please note that we cannot control the type and extent of data processing by social media providers. The providers only provide us with anonymous demographic data in aggregated form, which helps us to get to know our audience better. Each interaction that you may have through Fanpages Insights, Facebook uses cookies and similar technologies to track the usage patterns of fan page visits. On this basis, fanpage operators receive so-called "Fanpage Insights". Such tool only contains statistical, depersonalized (anonymized) information about visitors to the fanpage that cannot be assigned to a specific person. We do not have access to the personal data that Facebook uses to create page views ("page views data"). Page Insights data is selected and processed exclusively by Facebook.

With the help of page insights, we obtain information about how our fan pages are used, which interests the visitors of our fan pages have and which topics and contents are particularly popular. This enables us to optimize our fanpage activities, for example by better addressing the interests and usage habits of our audience when planning and selecting our content.

We and Facebook are jointly responsible for the processing of your data for the provision of page insights. For this purpose, we and Facebook have agreed in an agreement which company fulfils which data protection obligations under the observance of the GDPR with regard to the processing of Page Insights data.

When you visit our fan pages, we generally collect all shared posts , content and other information that you directly communicate to us there, such as when you post something on a fan page or send us a private message. If you have an account with the mentioned social network, we may also see your public information, such as your username, information in your public profile and content you share with a public audience.

To the extent that you have consented to Facebook's creation of Page Insights as described above, the legal basis is Article 6 (1) (a) GDPR (consent). Otherwise, the legal basis is Article 6 (1) (f) GDPR, whereby our legitimate interests lie in the above-mentioned purposes.

 

7.2.3. Further Information about the Social Media Providers

Further information on the purpose and scope of data processing and the processing by social media providers can be found in the Data Privacy Policies of these providers. In the mentioned policies, you will also find further information on the relevant rights and setting options to protect your privacy.

Facebook, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, under the following links here and here.

Instagram, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, under the following link.

Pinterest, Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, under the following link.

Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA, under the following link.

 

§8 Shopping

 

8.1. Registration and User Account

You can create a user account on our website. The data is entered in an entry form and transmitted to us and stored. When registering for a user account, the following data is  collected and stored:

 

  • IP ADDRESS
  • DATE AND TIME OF REGISTRATION
  • YOUR FIRST AND LAST NAME
  • YOUR EMAIL ADDRESS
  • DELIVERY ADDRESS
  • INFORMATION ON PAYMENT METHOD SUCH AS ACCOUNT NUMBER; CREDIT CARD NUMBER; IBAN OR PAYPAL

As part of the login process, your e-mail address and a self-chosen password need to be inserted. Moreover, the IP address of the user as well as the date and time of the login are stored at the time of the login. 

The legal basis for the processing of the aforementioned data is Art. 6 (1) (b) GDPR (performance of contract and pre-contractual measures).

The registration and the login area are necessary for the performance of the contract or the implementation of pre-contractual measures.

The purpose of registration and login is to provide the login function for the order, to view your most recent orders, to manage your delivery and billing addresses and to edit the password and account details. 

Your personal information will be used to support your user experience on our website and to manage the access to your account.

 

8.2. Order

In addition, on the website, we offer the possibility to request and purchase our products without registering for a customer account via an order form.

The following data is collected as part of the order process through the order form:

  • First and last name (required)
  • Billing or delivery address (required)
  • E-mail address (required)
  • If applicable, it will be required details of payment method such as bank account number or credit card number, IBAN or Paypal

The order form serves the purpose of concluding a contract with us or sending a manufacturing request. The data which is processed in the order form, thus serves to conclude or terminate the contract with the user.

The legal basis for this data processing is Art. 6 (1) (b) GDPR (fulfilment of contract and pre-contractual measures), as the user provides us with the data based on the respective contractual relationship (for example, managing the customer account, processing the purchase contract).

 

8.3. Shopify

For the operation of our online store, we use Shopify, a service of Shopify Inc 1266 York Street, Suite 200, Ottawa, ON, Kanada, K1N 5T5. Shopify provides an e-commerce platform through which we sell our goods.

Shopify stores your data on a secure server. If you are located in the EU, the European Economic Area (EEA) or Switzerland, your data will be processed and stored in Ireland by Shopify International Ltd. Shopify points out, however, that data may also be transferred to other regions, including the United States and Canada. Shopify strictly adheres to the agreement between the EU and the USA or the agreement between Switzerland and the USA on data collection and use (EU - US Privacy Shield Framework (see Shopify's privacy policy for further details here.

Shopify sets cookies while you navigate our homepage. These are small text files that are stored on your Internet browser or by the Internet browser on your computer system. If you visit a website as a user, a cookie can be stored on your operating system. This cookie contains a unique string of characters that enables the browser to be uniquely identified when the website is visited again. The cookies are set in order to make our website user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies:

  • Name
  • Language
  • Region

In addition, cookies allow an analysis of the user behaviour while visiting the website. In this way, the following data can be transmitted:

  • Keywords entered
  • Frequency of homepage views
  • Use of the website functions

The data collected in this way is pseudonymized by technical precautions. It is therefore not possible to assign the data to an individualized user. The data are not stored together with other personal data of the users. 

Some of the cookies used are deleted after the end of the browser session, i.e. after closing your browser (so-called cookie session). Other cookies remain on your device and enable us to recognize your browser the next time you visit us (persistent cookies). Cookies are stored on your computer and transmitted to our website. Therefore, you as a user have full control over the use of cookies. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or whether to exclude the acceptance of cookies in certain cases or in general. Cookies that have already been saved can be deleted at any time. This can be done automatically. If cookies are not accepted, the functionality of our website may be restricted.

When you select a direct payment portal to complete your purchase, Shopify stores your credit card information. Your personal data is encrypted during the online ordering process using PCI-DSS (Payment Card Industry Data Security Standard). Your purchase processing data will only be stored for as long as is necessary to complete the transaction. Your purchase transaction data will then be deleted.

Further information can be found in Shopify's privacy policy under the following link here.

The legal foundation of such data processing is found on is Art. 6 (1) (f) GDPR. The purpose of using Shopify is to distribute our products online quickly, easily and securely. Likewise, we would also like to simplify the use of our websites for you and make your visit more attractive to you. With the collaboration of Shopify, we learn how our website is used and can therefore always optimize our offer and better match it to your needs and interests. For this purpose, our legitimate interest lies in the processing of personal data in accordance with Art. 6 (1) (f) GDPR.

 

8.4. Back-In-Stock

On our website, we offer you the "Back-in-Stock" option, a service of SureSwift Capital, Inc., 5201 Eden Ave Suite 300, Edina, MN 55436 Canada. If a product from our website is not available, you can leave your email address via Back-in Stock and receive an e-mail notification as soon as the item is available again.

When you visit our store and register for back-in-stock notification, your web browser's email address, language and time zone, and any marketing permissions you may have are collected and submitted to the vendor.

The Provider will retain your information for as long as it deems necessary to provide the User with an appropriate service, unless a User has specifically requested that its information be deleted. The provider stores and transmits the data to provide you with the best possible service and experience, in particular to improve the products and services and to provide you with the opportunity to make automated decisions, including the creation of profiles, with the aim of providing new users with a better and more personalized experience for the user or optimized marketing. The Provider may from time to time use the services of other parties to process certain processes necessary to operate the Site. Providers of such services may have access to certain personal information provided by users of this Site and may be located in different locations around the world. In addition, data may be shared with third parties for relevant marketing purposes at the sole discretion of Back in Stock.

More information can be found in Back in Stock's privacy policy here.

The legal basis is Art. 6 (1) (f) GDPR. The purpose of the use of Back in Stock is to improve our service to our customers by providing them with an opportunity to obtain information about products that are available again, thus making their visit more attractive. For this purpose, our legitimate interest is also based on the processing of personal data pursuant to Art. 6 (1) (f) GDPR.

 

8.5. Payment Service Providers

We use external payment service providers such as Paypal, Instant Transfer, Google Pay and Apple Pay to process credit card payments, whose platforms are used to process payment transactions. The following data belong to the data processed by the payment service providers: Inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, totals and recipient details. Depending on the service provider, this information is mandatory in order to successfully complete the transactions. 

The data entered by you will only be processed and stored by the external payment service providers named by us. We do not receive account or credit card related information. We will be only informed either the payment is completed or we will receive negative information. Under certain circumstances, the data may be transmitted to credit agencies of the payment service providers named by us. The purpose of this transmission is to check identity and creditworthiness. The payment transactions are subject to the data protection notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications. We refer to these also for the purpose of further information and assertion of revocation, information and any other affected rights:

  • Paypal under the following link 
  • Apple Pay under the following link
  • Google Pay under the following link
  • Instant transfer under the following link

The legal basis is Art. 6 (1) (f) GDPR (legitimate interests). The legitimate interest is based on the fact that payment providers have a legitimate interest in understanding whether and how often the website is used to ensure and improve the functionality of your services. In addition, we have a legitimate interest in offering our customers different payment methods.

 

§9 Transmission of Data

The personal data collected within the framework of the use of the website will not be passed on to third parties or transmitted in any other way without your consent, unless otherwise expressly described in this Data Protection Policy.

For the operation of the website and the services offered on the website, external service providers (e.g. hosting providers; newsletter service providers) are used who process your personal data on our behalf and exclusively in accordance with our instructions. The legal basis for such data processing is Art. 6 (1)(b) GDPR (performance of contract and pre-contractual measures) and Art. 28 GDPR  (data processing agreement).

If necessary, personal data will be transferred to state institutions and authorities, insofar as there is a legal obligation to do under Art. 6 (1) (c) GDPR.

 

§10 Storage Duration

Your personal data will only be stored for as long as is necessary to process your requests to us, unless a different storage duration results from other provisions of this Data Protection Policy. Moreover, we store your data only to the extent and to the extent that we are obliged to do so by mandatory statutory storage obligations. If we no longer need your data for the purposes described above, they will only be stored during the respective legal retention period and not processed for other purposes.

 

§11 Rights of affected persons 

 

11.1. Right of Objection

You have the right of objection against the processing of your personal data (Art. 21 GDPR) if the relevant personal data is processed based on legitimate interests (Art. 6 (1) (f) GDPR) and in case reasons are arising from your particular situation. In case of direct advertising, you may object to the processing of the data is possible at any time without providing any particular information.

 

11.2. Further Rights

 

Moreover, you have the right to:

a) to request information about the personal data stored about you at any time (Art. 15 GDPR);

b) to demand the correction or completion (Art. 16 GDPR), deletion (Art. 17 GDPR) or restriction (Art. 18 GDPR) of the processing of the corresponding personal data, insofar as the legal requirements are met;

c) to receive your personal data in a structured, common and machine-readable format (Art. 20 GDPR);

d) revoke at any time for the future any consent granted to the use of personal data (Art. 7 para. 3 GDPR); and

e) complain to the competent data protection supervisory authority if you are of the opinion that the processing of your personal data concerning the use of the website violates applicable data protection law (Art. 77 GDPR).

To make use of one of your rights mentioned above, simply send an e-mail to

support@xouxouberlin.com.

 

§12 Data Security

 To guarantee data security, in particular, to protect your personal data from the risks involving data transmissions and from third parties gaining knowledge, we use current technical and organizational measures when operating the website. These are being adjusted accordingly to the latest forms of technology.

 

§13 Changes and Update

Due to further developments of our website or the amendment of legal dispositions, it may be necessary to change this privacy policy. Therefore, we reserve the right to change this Data Protection Policy at any time with effect for the future and thus recommend that you read this Data Protection Policy regularly.

 

Stand November 2019

We realised that you live out of the current shop domain location. Please choose your store for better fullfillment:
EU US