1. Data protection overview
Data collection on this website
WHO IS RESPONSIBLE FOR THE DATA COLLECTION ON THIS WEBSITE?
The data processing on this website is carried out by the website operator. His contact details can be found in the imprint of this website.
HOW DO WE COLLECT YOUR DATA?
Your data is collected on the one hand by the fact that you communicate them to us. This can be data which you enter during the ordering process.
Other data is collected automatically or with your consent by our IT systems when you visit the website. These are mainly technical data (eg internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter this website.
WHY DO WE USE YOUR DATA?
A part of the data is collected in order to guarantee the error-free provision of the website. Other data is used to process your order or can be used to analyze your user behavior.
WHAT RIGHTS DO YOU HAVE IN RELATION TO YOUR DATA?
You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data at any time. You also have the right to demand the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent for the future at any time. You also have the right, under certain circumstances, to request that the processing of your personal data be restricted. Furthermore, you have the right of appeal to the competent supervisory authority.
You can contact us at any time at the address given in the imprint for this and other questions on the subject of data protection.
Analysis tools and third-party tools
When you visit this website your surfing behavior can be statistically evaluated. This is mainly done with so-called analysis programs.
Detailed information on these analysis programs can be found in the following data protection declaration.
2. Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by a website.
The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hoster will only process your data to the extent that this is necessary to fulfill its performance obligations and will follow our instructions with regard to this data.
We use the following hosts:
Shopify International Ltd. Attn: Data Protection Officer c / o Intertrust Ireland 2nd Floor 1-2 Victoria Buildings Haddington Road Dublin 4, D04 XN32 Ireland
CONCLUSION OF A CONTRACT ON CONTRACTUAL PROCESSING
In order to guarantee processing in accordance with data protection regulations, we have concluded a contract for order processing with our host.
3. General notes and compulsory information
We would like to point out that data transmission over the Internet (eg communication by e-mail) may have security gaps. A complete protection of data against access by third parties is not possible.
Note on the responsible body
The person responsible for data processing on this website is
Pascal Schmidt & Oliver Stammler GbR
Authorized representatives: Pascal Schmidt and Oliver Stammler
phone: + 49 170 7131920
Responsible body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (eg names, e-mail addresses, etc.).
In this respect, as no more specific storage period has been mentioned within this data protection declaration, your personal data will remain with us until the purpose for which it was collected ceases to apply. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (eg storage periods under tax or commercial law); In the latter case, the deletion will take place after these reasons have ceased to apply.
Note on data transfer to the USA
Included on our website are, among others, tools from companies based in the USA. If these tools are active, your personal data may be transferred to the US servers of these companies. We would like to point out that the USA is not a safe third country in terms of EU data protection law. US companies are obliged to release personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be excluded that US authorities (eg secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
Cancellation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke any consent already given at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
YOUR PERSONAL DATA WILL BE PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO PROVIDE ANY TIME CONTRARY TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION ACCORDING TO ART. 21 PARA. 2 GDPR).
Right of appeal to the competent supervisory authorityIn the event of infringements of the DPAs, the persons concerned have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place where the suspected infringement was committed. This right of appeal is without prejudice to other administrative or judicial remedies.
Right to data transferability
You have the right to have data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place to the extent that it is technically feasible.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential contents, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http: //" to "https: //" and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
Information, deletion and correction
Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, the right to correct or delete this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the imprint.
Right to restrict processing
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the imprint. The right to limit processing exists in the following cases:
- If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
- If the processing of your personal data was / is carried out unlawfully, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that we limit the processing of your personal data instead of deleting it.
- If you have lodged an objection under Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests outweigh the interests, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, apart from the storage of such data, they may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Contradiction against advertising emails
The use of contact data published within the scope of the imprint obligation for the transmission of not expressly requested advertising and information material is hereby contradicted. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, eg via spam e-mails.
4. Data collection on this website
Our internet pages use so-called "cookies". Cookies are small text files and do not cause any damage on your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.
Partially, cookies from third party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third party company (eg cookies for the processing of payment services).
Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (eg the shopping basket function or the display of videos). Other cookies are used to evaluate user behavior or display advertisements.
Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, eg for the shopping basket function) or to optimize the website (eg cookies to measure the web audience) are stored on the basis of Art. 6 Paragraph 1 letter f GDPR, unless another legal basis is given. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of his services. If consent to the storage of cookies has been requested, the storage of the cookies in question will take place exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent may be revoked at any time.
You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or generally and to activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
If cookies from third parties or for analysis purposes are used, we will inform you separately within the scope of this data protection declaration and, if necessary, request your consent.
Inquiry by email or telephone
If you contact us by e-mail or telephone, your inquiry, including all personal data resulting from it (name, inquiry), may be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The processing of this data is carried out on the basis of Art. 6 para. 1 letter b GDPR, if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) , provided that the inquiry was made.
The data sent to us by you via contact inquiries will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies (eg after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
On this website functions of the Instagram service are integrated. These functions are offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
If you are logged in to your Instagram account, you can link the contents of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the sites, have no knowledge of the content of the data transmitted or of how Instagram uses it.
The storage and analysis of data is based on Art. 6 para. 1 lit.f GDPR. The website operator has a legitimate interest in the widest possible visibility in the social media. If the relevant consent has been requested, processing shall be carried out exclusively on the basis of Art. 6 para. 1 letter a GDPR; consent may be revoked at any time.
The data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum , https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381 .
Analysis tools and advertising
We use Google Analytics to analyze website usage. The resulting data is used to optimize our website and advertising measures.
Google Analytics is a web analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, United States). Google processes the data for website use on our behalf and is contractually obliged to take measures to ensure the confidentiality of the data processed.
During your visit to the website the following data is recorded:
- Selected pages
- Orders including the turnover and the ordered products
- The achievement of "website objectives" (eg contact requests and newsletter subscriptions)
- your behavior on the pages (for example clicks, scroll behavior and dwell time)
- your approximate location (country and city)
- your IP address (in abbreviated form so that no clear assignment is possible)
- Technical information such as browser, internet provider, terminal device and screen resolution
- the source of your visit (ie via which website or advertising medium you came to us)
This data is transferred to a Google server in the USA. Google observes the data protection regulations of the "EU-US Privacy Shield" agreement.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that allows you to be recognized during future visits to the website.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. These user-related data are automatically deleted after 14 months. Other data remain stored in aggregated form for an unlimited period of time.
If you do not agree with the recording, you can remove it by installing the Browser add-ons to disable Google Analytics or do not accept the corresponding cookies.
To ensure that processing is in accordance with data protection regulations, we have concluded a contract for order processing with Google.
7. Order and shipping process on this website
For our online shop we use a shop integration of the provider "Shopify". This is the company Shopify International Ltd. (Attn: Data Protection Officer, c / o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32) in Ireland.
Shopify processes and stores the data, which are indicated in the context of the order process, among other things also on a server in the USA.
All personal data which you provide during the ordering and / or registration process will be processed and stored exclusively by Shopify and not by pasoli.
In order to ensure data protection compliant processing, we have concluded a contract for order processing with Shopify.
Shopify - Payment service provider
As explained in the previous section, the complete ordering process is handled by the service provider Shopify. This also includes the integration of the payment service providers.
As part of the ordering process, we send the goods you have purchased with our transport service provider "DHL".
DHL is part of Deutsche Post AG (Charles-de-Gaulle-Strasse 20, 53113 Bonn)
The following data will be forwarded to DHL within the scope of the shipment:
- first and last name
- address suffix
- house number
If you have specified a packing station or a branch office as shipping address, the data transfer is limited to the following data:
- first and last name
- At Packstation: Postal number of the recipient
- Packstation / post office number
- At post office: e-mail address