1. information on the collection of personal data and contact details of the person responsible.
2. data collection when visiting our website
4. data processing for order processing
5. data processing when opening a customer account and for contract processing
7. comment function
8. use of your data for direct marketing
9. contact for evaluation reminder
10. web analytics services
11. retargeting / remarketing / referral advertising
12. tools and other
13. rights of the data subject
14. duration of the storage of personal data 1. information on the collection of personal data and contact details of the person responsible.
1.1 Thank you for visiting our website. In the following, we would like to inform you about the handling of your personal data when using our website. Personal data is basically all data with which you can be personally identified.
1.2. responsible for the processing of data on our website within the meaning of the General Data Protection Regulation (DSGVO) is:
Harold's Leather Goods Ltd.
Lämmerspieler street 40-42
1.3 The responsible party has appointed the following data protection officer:
Lämmerspieler street 40-42
1.4 To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL or TSL) via HTTPS. 2. data collection when visiting our website
Each time you visit our website, our system automatically collects data and information that your browser transmits to our server (so-called "server log files"). The following data, which is technically necessary for us, is collected:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Operating system used
- Browser used
- IP address used (if applicable: in anonymized form)
The legal basis for the processing is Art. 6 (1) lit. f DSGVO due to our legitimate interest in improving the stability and maintaining the functionality of our website. A transfer or other use of the data does not take place. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
We reserve the right to check the server log files retrospectively if there are concrete indications of illegal use. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object. 3. cookies
You can find help on the settings in the respective help menu of your browser under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Some of the cookies used here are deleted after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. 4. data processing for order processing
4.1 If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. We process the data you provide to process your order.
In some cases, we work together with external service providers to process your order. For this purpose, we must pass on the necessary personal data.
If we commission transport companies with the delivery of your goods, we will pass on your data required for the delivery of the goods to the respective transport company. For the processing of payments, we pass your data to the extent necessary to the commissioned credit institution. If we use payment service providers, you will also be informed about this below.
The legal basis for the transfer of your data is Art. 6 para. 1 lit. b DSGVO.
4.2 Passing on your personal data to shipping service providers
If the goods are delivered to you by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany), we will only disclose the name of the recipient and the delivery address to DHL for the purpose of delivery and within the scope of necessity pursuant to Art. 6 (1) lit. b DSGVO. Only if you have given your express consent in the ordering process, we will pass on your e-mail address to DHL in accordance with Art. 6 para. 1 lit. a DSGVO before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification. Your consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider DHL.
If the goods are delivered to you by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany), we will only disclose the name of the recipient and the delivery address to DPD for the purpose of delivery and within the scope of necessity pursuant to Art. 6 Para. 1 lit. b DSGVO. Only if you have given your express consent in the ordering process, we will pass on your e-mail address to DPD in accordance with Art. 6 para. 1 lit. a DSGVO before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification. Your consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider DPD.
If the goods are delivered to you by the transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany), we will only disclose the name of the recipient and the delivery address to UPS for the purpose of delivery and within the scope of necessity pursuant to Art. 6 (1) lit. b DSGVO. Only if you have given your express consent in the ordering process, we will pass on your e-mail address to UPS in accordance with Art. 6 para. 1 lit. a DSGVO before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification. Your consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider UPS.
4.3 Use of payment service providers
- Amazon Pay
If the payment method PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal is selected, the payment will be processed via PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
We pass on your personal data to PayPal in accordance with Art. 6 Para. 1 lit. b DSGVO within the scope of necessity. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal.
For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) lit. f DSGVO due to PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method.
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process, together with information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 (1) lit. b DSGVO. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this purpose. You can find more information on the data protection of Shopify Payments at the following Internet address: https://www.shopify.com/legal/privacy
You can find data protection information on Stripe Payments Europe Ltd. here: https://stripe.com/de/privacy
4.4. Google Pay
When selecting the payment method "Google Pay" (a service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google")), the mediation of the payment processing takes place via the "Google Pay" application of your Android (at least 4.4 "KitKat") operated and NFC-enabled mobile device. When payment is made via one of your payment cards deposited with Google Pay or a payment system verified there (e.g. PayPal). To release a payment via Google Pay of more than EUR 25, you must first unlock your mobile device. Your information provided during the order process will be passed on to Google for the purpose of payment processing. Google generates a uniquely assigned transaction number that is transmitted to the order website to verify the payment. This transaction number is merely a numeric token that does not contain any information about your data. The execution of the actual transaction takes place between the user and the ordering website by debiting the means of payment deposited with Google Pay. During the described operations, personal data may be processed. In this case, the processing is carried out for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b DSGVO.
Further information, in particular information on how Google handles your data, can be found here:
4.5. Apple Pay
If you select the payment method "Apple Pay" (a service of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), the payment will be processed via the "Apple Pay" function of your terminal device running iOS, watchOS or macOS by charging a payment card deposited by you with "Apple Pay".
Your transaction is protected by the security functions of the hardware and software of your device. If a payment is to be released, it must be released by entering a code and verification using the "Face ID" or "Touch ID" function of your end device.
The information you provide during the ordering process, together with information about your order, will be passed on to Apple in encrypted form for the purpose of payment processing. This data is then encrypted again by Apple and then transmitted to the payment service provider of the payment card stored in Apple Pay to make the payment. The encryption ensures that only the website on which the order was placed can access the payment data.
After payment, Apple sends the device account number and a transaction-specific dynamic security code to the store website to confirm the payment.
Personal data may be processed for the aforementioned curtains. In the case this happens for the purpose of payment processing according to Art. 6 para. 1 lit. b DSGVO.
When using Apple Pay on the iPhone or Apple Watch to complete a purchase you made through Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. In the process, Apple may process or store data. However, this is done in a format that does not identify you personally.
Information on the data protection of Apple Pay is available here: https://support.apple.com/de-de/HT203027 5. data processing when opening a customer account and for contract processing
If you open a customer account with us, personal data will be collected and processed in accordance with Art. 6 para. 1 lit. b DGSVO. The scope of the data can be seen from the input form. The data you enter will be stored and used by us to process the contract.
You can delete your customer account at any time. This can be done by sending a message to the address of the responsible person or, if offered, directly in the customer account. In that case, we will also block your data with regard to retention periods under tax and commercial law and delete it after these periods have expired. This can only be opposed by your consent to permanent storage or a legally permitted further use of data on our part. 6. contact
If you contact us via contact form, the data entered in the input mask will be transmitted to us and stored. The data collected can be found in the respective input mask. If you contact us by e-mail, only the data you enter there will be transmitted to us.
The data is used exclusively for processing the conversation and your request. The legal basis for the processing of the data is Art. 6 para. 1 lit. a) DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f) DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and provided that there are no legal retention obligations to the contrary. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. 7. comment function
If you use the comment function of our website, in addition to your comment content, information on the time of creation of the comment as well as the comment name you have chosen will be stored and published on the website. In addition, your IP address is logged and stored.
The legal basis for the storage of your data is Art. 6 para. 1 lit.b and f DSGVO. The IP address is stored for security reasons and in the event that the data subject violates the rights of third parties or publishes illegal content through a submitted comment. Your e-mail address is required in order to contact you in the event that a third party objects to your published content as being illegal. We reserve the right to delete comments if they are objected to by third parties as unlawful. 8. use of your data for direct marketing
On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. The only mandatory information is your email address. If you make further voluntary entries, these will only be used for the personal address.
The legal basis for the processing of your data after registration for the newsletter is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. We obtain this consent by sending you a confirmation email containing a confirmation link after you have registered for the newsletter. If you click on this link, you also give your consent to receive the newsletter.
When sending the registration for the newsletter, we store your IP address and the date and time of registration. This storage serves to be able to trace a possible misuse of your e-mail address.
We use the data we collect when you register for the newsletter exclusively for the purpose of sending the newsletter.
You can cancel the subscription to the newsletter at any time. For this purpose, you will find a corresponding link in each newsletter. This also allows you to revoke your consent to the storage of personal data collected during the registration process.
8.2 Newsletter for existing customers
If you purchase goods or services on our website and enter your e-mail address, this may subsequently be used by us to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter.
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG and Art. 6 (1) lit. f DSGVO. In this respect, the data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising.
If you have already objected to the use of your email address for direct marketing purposes, you will not receive this newsletter. However, you also have the option later and at any time to object to the use of your email address for the purpose stated here. advertising purpose at any time with effect for the future by sending a message to the address mentioned at the beginning After receipt of your objection, the use of your email address for advertising purposes will then be discontinued immediately. 9. contact for evaluation reminder
Own evaluation reminder
Following your express consent pursuant to Art. 6 (1) lit. a DSGVO, you will receive an e-mail from us as a one-time reminder to submit an evaluation of your order. You can revoke your consent at any time by sending a message to the person responsible for processing your data. 10. web analytics services
10.1 Google Universal Analytics
We use the web analytics service Google Analytics (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) for this website.
Google Analytics uses "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website.
The information generated in this way about your use of this website (including the shortened IP address) is transferred to a Google server and stored there, whereby a transfer to the USA is possible.
We use Google Analytics with the extension "_anonymizeIp()", which ensures anonymization of the IP address by shortening it and excludes direct personal reference. Your IP address is therefore shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. In exceptional cases, the full IP address is transferred to a Google server, also in the USA, and only shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf, Google uses this information to evaluate your website usage, to create reports about website activities and to provide us with further services related to website and internet usage. Your IP address collected in this context will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser accordingly.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the following browser plugin:
Alternatively, you can set an out-out cookie:Deactivate Google Analytics
This opt-out cookie works only in this browser and only for this domain. If you delete your cookies in this browser, you must click this link again.
In the event of data transfer to Google LLC, which is based in the USA, Google LLC is certified for the us-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU.
This website also uses Google Analytics for cross-device analysis of visitor flows, which is performed via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".
10.2 Shopify Analytics
We use the web analytics service of Shopify (Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland).
The legal basis is Art. 6 para. 1 lit. f DSGVO.
Shopify does not associate your IP address with any other data held by Shopify.
https://www.shopify.de/legal/datenschutz 11. retargeting / remarketing / referral advertising
Facebook Custom Audience via the pixel process
On this website, we use the "Facebook Pixel" of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").If express consent has been given, this can be used to track the behavior of users after they have seen or clicked on a Facebook ad. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimize future advertising measures. The data collected is anonymous for us, so we cannot draw any conclusions about the identity of the users. However, data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/).
Google Web Fonts
We use so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the uniform display of fonts.
As soon as you visit our website, your browser loads the required web fonts into the browser cache.
For this purpose, your browser must establish a connection to Google's servers, whereby Google will transfer your IP address. In this case, your personal data may also be transferred to the servers of Google LLC. in the USA. Our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO lies in the uniform and appealing presentation of our online offers.
If your browser does not support web fonts, a default font is used by your computer.
In the event that personal data is transferred to Google LLC , USA, Google has certified itself for the US-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU.
Details about Google Web Fonts can be viewed here:
https://www.google.com/policies/privacy/ 13. rights of the data subject
13.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
- Right to information according to Art. 15 DSGVO:
You may request confirmation from the controller as to whether personal data concerning you is being processed by the controller. In addition, you have a right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage and about the existence of further rights such as correction of the data or the existence of a right of complaint to a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making including profiling and, if applicable. meaningful information about the logic involved and the scope and intended effects of such processing that affect you, as well as your right to be informed about what guarantees exist in accordance with Article 46 of the GDPR when your data is transferred to third countries;
- Right to rectification pursuant to Art. 16 DSGVO:
You have a right to the immediate correction of incorrect data concerning you and/or the completion of your incomplete data stored by us; the correction or completion must take place immediately.
- Right to restriction of processing pursuant to Art. 18 DSGVO:
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse the deletion of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data for the assertion, exercise or defense of legal claims after we no longer need this data after the purpose has been achieved or if you have objected on the grounds of your particular situation as long as it has not yet been determined whether our legitimate reasons prevail;
Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State. If the restriction of processing has been restricted, you will be informed by the controller before the restriction is lifted.
- Right to erasure pursuant to Art. 17 DSGVO:
You have the right to request the immediate deletion of your personal data as the conditions of Art. 17 (1) DSGVO are met. However, this right to erasure does not exist in particular - not conclusively - if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
- Right to information pursuant to Art. 19 GDPR:
If you have exercised your right to rectification, erasure or restriction of processing, the controller is obliged to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this is impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
- Right to data portability according to Art. 20 DSGVO:
You have the right to receive your personal data disclosed to us in a structured, common and machine-readable format or to request that it be transferred to another responsible party, insofar as this is technically possible;
- Right of revocation pursuant to Art. 7 (3) DSGVO:
You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
You also have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
- Right to lodge a complaint pursuant to Art. 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
13.2. Right of objection
You have the right to object to the processing of your data at any time with effect for the future if we process your data on the basis of our overriding legitimate interest after weighing up your interests.
If you exercise this right of objection, we will terminate the processing of your data if there are no demonstrably overriding compelling legitimate grounds for the termination or if the further processing serves the exercise or defense of legal claims. 14. duration of the storage of personal data
The duration of the storage of personal data depends in each case on statutory retention periods. After expiry of these periods, we routinely delete the data if it is no longer required for the fulfillment or initiation of a contract and/or we have no further legitimate interest in continuing to store it.