The responsible party within the meaning of the EU General Data Protection Regulation ("GDPR") for the processing of personal data with regard to the use of the Website is:
(hereinafter referred to as: "ClaraCos", "We", "Us").
B. PROCESSING WHEN VISITING THE WEBSITE
When visiting the website, personal data is collected that your browser transmits to the website server and temporarily stores in a log file (so-called "log files"). The data stored in this context includes, in particular, the following data:
Your IP address
Identification data of the browser used
Country and region of the page call
Name and URL of the pages called up
Date and time of the page views
Time spent on the page(s)
Access status/HTTP status code
Amount of data transferred in each case
In order to display the website (connection establishment) and to ensure its stability and security, the processing of this data is technically necessary. The storage in log files is done to ensure the functionality of the website. In addition, this data is used to ensure the security of our systems and to optimize the website.
Insofar as the processing of data in the context of visiting the website involves personal data, the corresponding processing of this data is based on Art. 6 (1) p. 1 lit. f DSGVO (legitimate interest). The legitimate interest results from the above-mentioned purposes.
The following data is stored and transmitted in the cookies:
Articles in a shopping cart
Last viewed items
Log-in information (without password)
Frequency of product viewing
Order process (e.g. preferred payment methods, without direct access to sensitive payment data such as credit card numbers, banking logins or similar)
Use of website functions.
The legal basis for the processing of personal data using cookies results from Article 6 (1) lit. f DSGVO (legitimate interest). The legitimate interest follows from the above-mentioned purposes of optimizing website use as well as customer friendliness.
D. DATA PROCESSING FOR ADVERTISING PURPOSES
1. GOOGLE ANALYTICS
We use Google Analytics on our site, a web analytics service provided by Google LLC. ("Google"), is used. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and allow an analysis of the use of the website by them. The information generated by the cookie about your use of the website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on the website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
In order to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and internet usage to the website operator, Google will, on behalf of the operator of this website.
- GOOGLE REMARKETING
- GOOGLE ADWORDS
- FACEBOOK PIXEL
We use the analysis tool "Facebook Pixel" of the social media platform Facebook. Facebook Pixel is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Facebook Pixel helps analyze the actions that users of our website take and thus measure the effectiveness of advertising. Facebook Pixel allows us to target you, as a visitor to our online offering, for the display of ads.
We use Facebook pixels so that the Facebook ads placed by us are only displayed to Facebook users who have also shown an interest in our website or who have certain characteristics (such as interest in certain topics or products) that we transmit to Facebook (so-called " Custom Audiences"). By using Facebook Pixel, we want to make sure that our Facebook Ads match the potential interest of users. By seeing whether users were redirected to our website after clicking on a Facebook Ad (so-called " Conversion"), we can also track the effectiveness of the Facebook Ads for statistical and market research purposes. The legal basis for the use of the Facebook Pixel and the storage of "conversion cookies" is Art. 6 para. 1 lit. f DSGVO (legitimate interests). We have a legitimate interest in analyzing user behavior in order to optimize both our ads and our website.
For the exceptional cases in which personal data is transferred to the USA, Facebook has submitted to the EU-US Privacy Shield. You can object to the collection by Facebook Pixel and use of your data to display Facebook Ads. To do so, you can deactivate the "Custom Audiences" remarketing function.
E. OTHER RECIPIENTS OF THE DATA
For the offer of our online store, we use the service of Shopify International Ltd, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32 Ireland. All data that you provide in our online store is thereby processed by Shopify on our behalf in order to provide you with the services of the online store. This includes supporting and fulfilling orders, authentication and payment processing. For more information, please visit: https://www.shopify.com/legal/privacy.
In order to use electronic contact, contact forms are available on the website. If you send us an inquiry in this way, the data entered in the input mask will be transmitted to us and stored. These data are:
Order number (optional)
Phone number (optional)
Additionally for dealer inquiries:
Company name + address
Website of the company
Commercial register number
In addition, the date and time of the request will be stored. Alternatively, it is possible to contact us via the e-mail address provided (firstname.lastname@example.org). In this case, the user's personal data transmitted with the e-mail will be stored. The data is used exclusively for the purpose of processing the contact requests.
The legal basis for the processing of this personal data is Art. 6 para. 1 sentence 1 lit. f. DSGVO (legitimate interests). The legitimate interest results from the fact that we can only perform the action desired by the user (e.g. feedback on orders) by processing the user's data accordingly. If the reason for the contact is the conclusion of a contract (e.g. telephone order), the additional legal basis for the processing is Art. 6 para. 1 lit. b. DSGVO.
G. THIRD PARTIES SOCIAL MEDIA
We use the following social media plug-ins: Instagram, Facebook and TikTok. We use the so-called two-click solution for this. This means that when you visit our website, initially no personal data is passed on to the providers of the plug-ins. You can recognize the provider of the plug-in via the logo on product detail pages (share buttons). Via the buttons, we give you the opportunity to communicate directly with the provider of the plug-in.
In the case of Facebook, according to the provider in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA).
We have neither influence nor insight into the collected data and data processing procedures of these external sites, nor are we aware of the full scope of data processing, the purpose or the storage periods.
For more information, please refer to the respective data protection pages of the corresponding social media providers.
2 COMPANY PAGE ON SOCIAL MEDIA SITES.
If you visit our company website on Instagram, Facebook or TikTok, these providers collect personal data. This also applies if you do not have a respective user account.
We have neither insight nor influence on the collected data and data processing procedures of these external sites, nor are we aware of the full scope of data processing, the purpose or the storage periods.
The providers only provide us with anonymous demographic data in aggregate form, which helps us to get to know our audience better. For more information, please refer to the respective privacy pages of the corresponding social media providers.
For more information, please see the respective privacy pages of the corresponding social media providers.
1. USER ACCOUNT/REGISTRATION
If you create an optional user account on our website, the data entered will be transmitted to us in the process and stored. When registering for a user account, the following data is collected and stored:
Date and time of registration
Your first and last name
Your e-mail address
Information about the payment method
During the login process, your e-mail address and a password are collected. In addition, at the time of login, the user's IP address and the date and time of login are stored.
The legal basis for the processing of the aforementioned data is Art. 6 para. 1 lit. b. DSGVO (contract performance and pre-contractual measures). The registration and login area are necessary for the fulfillment of the contract or for the implementation of pre-contractual measures. This is because the registration and login serve the purpose of providing the login function for ordering, viewing your recent orders, managing your delivery and billing addresses and editing the password and account details. Your personal information is used to support your user experience on the Site and to manage access to your account.
Generally, you can place orders with us without creating a customer account (ordering as a guest).
During the ordering process via the order form, the following data is collected:
First and last name (mandatory fields)
Billing or delivery address (mandatory fields)
E-mail address (mandatory fields)
Information on payment method
The order form serves the purpose of concluding a contract.
The legal basis for this data processing is Art. 6 para. 1 lit. b. DSGVO (contract performance and pre-contractual measures), as the user provides us with the data on the basis of the respective contractual relationship (for example, management of the customer account, processing of the purchase contract).
3. PAYMENT SERVICE PROVIDERS
We use external payment service providers.
Our payment methods offered are VisaCard, MasterCard, AmericanExpress, Paypal, Sofortüberweisung, Google Pay and Apple Pay and are used to process payments for our products or services. The following data is processed by the payment service providers: Inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, totals and recipient-related information. Depending on the service provider, these details are mandatory in order to successfully complete the transactions.
The data you enter will only be processed and stored by the external payment service providers named by us. We do not receive account or credit card related information. We only receive the status of the payment such as "accepted", "declined" or "failed".
We refer to this also for further information and assertion of revocation, information and other data subject rights:
Paypal at the following link
Apple Pay at the following link
Google Pay at the following link
Sofortüberweisung under the following link
The legal basis is Art. 6 para. 1 p. 1 lit f DSGVO (legitimate interests). The legitimate interest here is that the payment providers have a legitimate interest in understanding whether and how often the website is used in order to ensure and improve the functionality of your services. In addition, our legitimate interest is to offer different payment methods to our customers.
I. DISCLOSURE OF DATA
For the operation of the website and the services offered on the website, external service providers (for example, hosting providers; newsletter service providers) are used, which process your personal data on our behalf and exclusively according to our instructions. The legal basis for such data processing is Art. 6 (1) p. 1 lit. b DSGVO (contract performance and pre-contractual measures) and Art. 28 DSGVO (order processing).
If necessary, personal data will be transmitted to governmental institutions and authorities if there is a legal obligation to do so (Art. 6 para. 1 p. 1 lit. c DSGVO).
J. STORAGE PERIOD & DELETION
As a matter of principle, we store your data only as long as it is required for the respective purpose of processing, it is required by law (e.g. according to commercial and tax law) or until you inform us that your customer account is to be deleted.
As long as an active member account exists or you request deletion of this data beforehand, your customer data (first name, last name, middle name, name changes, postal address) will be stored by us...
We store your order data, invoices and related information for ten years, as required by law.
We store data of your behavior in connection with browsing our website (e.g. clicking on a product), data of your behavior in connection with actions in our newsletter (e.g. clicking on a link in the newsletter) and login data (date and time when you logged in to our website) for up to 25 months after its collection in order to improve your shopping experience. After that, the collected data is anonymized in such a way that it can no longer be assigned to you as a person.
K. YOUR RIGHTS
You have a right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
- RIGHT OF OBJECTION
If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for the assertion, exercise or defense of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
- FURTHER RIGHTS
In addition, you have the right
- a) to request information about the personal data stored about you at any time (Art. 15 DSGVO);
- b) to demand the correction or completion (Art. 16 DSGVO), deletion (Art. 17 DSGVO) or restriction (Art. 18 DSGVO) of the processing of the relevant personal data, insofar as the legal requirements are met;
- c) to receive the personal data concerning you in a structured, common and machine-readable format (Art. 20 DSGVO);
- d) to revoke at any time in the future any consent given for the use of personal data (Art. 7 (3) DSGVO); and
- e) complain to the competent data protection supervisory authority if you believe that the processing of personal data concerning you in relation to the use of the Website violates applicable data protection law (Art. 77 DSGVO).
To exercise any of your above rights, contact us by email at email@example.com.
M. MODIFICATION / UPDATE
Status: March 2023