With the following privacy policy, we would like to inform you about the types of your personal data we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and especially on our websites and external online presences, such as our social media profiles. For our Twitter profile twitter.com/BeastLabsSuits, the separate privacy policy, accessible at: beastlabs.de/datenschutz-social-media, applies additionally and, in case of deviation, takes precedence.
BeastLabs Suits&Crafts by Nadine Kirchner und Martin Köhn GbR
Suckelgasse 1
96364 Marktrodach
| Phone: | +49(0)1726924485 |
| E-Mail: | beastlabssuits@gmail.com |
The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected individuals.
We process personal data based on the following legal bases. It should be noted that in addition to the provisions of the General Data Protection Regulation (GDPR), national data protection regulations may apply.
In addition to the data protection regulations of the GDPR, the Federal Data Protection Act (BDSG) applies in Germany. The BDSG contains special regulations, in particular, on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), especially with regard to the initiation, implementation, or termination of employment relationships as well as the consent of employees. State data protection laws of the individual federal states may also apply.
During website visits, we use the common SSL (Secure Socket Layer) protocol in conjunction with the highest encryption level supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we instead rely on 128-bit v3 technology. You can recognize whether a single page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. In addition, we use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
In the course of processing personal data, it may happen that the data is transmitted to other bodies, companies, or individuals or disclosed to them. The recipients of this data may include, for example, payment institutions in the context of payment transactions, IT service providers entrusted with tasks, or providers of services and content embedded in a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data, serving to protect your data.
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing/transferring data to other persons, entities, or companies, this only occurs in compliance with legal requirements. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This primarily concerns data processing by US companies such as Google or Facebook, but also other providers that exchange data with the USA. This may result in data being processed and stored without anonymization. Additionally, US authorities may potentially access individual data.
We use cookies on our site. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your end device; they do not contain viruses, trojans, or other malicious software. The cookie stores information that results in connection with the specifically used end device. However, this does not mean that we immediately become aware of your identity. The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. For example, we use session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site. Furthermore, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specific, defined period. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already visited us when you visit our site again. These cookies are automatically deleted after a defined period. The data processed by cookies is necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties in accordance with Art. 6(1)(f) GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may result in you not being able to use all the functions of our website. The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this applies and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed based on our legitimate interests (e.g., in the operation and improvement of our online offering) or, if the use of cookies is necessary, to fulfill our contractual obligations. Regardless of whether the processing is based on consent or legal permission, you have the option to revoke a given consent or object to the processing of your data by cookie technologies at any time.
We process data of our customers and interested parties within the framework of contractual and similar legal relationships as well as associated measures and in the context of communication with contractual partners (or pre-contractually), e.g., to respond to inquiries. We process this data to fulfill our contractual obligations, safeguard our rights, and for the purposes of the administrative tasks associated with this information, as well as organizational matters. We only disclose the data of customers within the scope of the applicable law to third parties insofar as this is necessary for the aforementioned purposes or to fulfill legal obligations or with the consent of the contractual partners (e.g., to telecommunications and transport companies involved, as well as banks, tax and legal advisors, payment service providers, or tax authorities). We delete the data after the expiration of statutory warranty and comparable obligations, in principle after 4 years, unless the data is stored in a customer account and must be kept for legal reasons (e.g., for tax purposes, usually 10 years). Data disclosed to us as part of an order by the customer is deleted in accordance with the specifications of the order, generally after the end of the order. If we use third-party providers or platforms to provide our services, the terms and privacy policies of the respective third-party providers or platforms apply in the relationship between users and providers.
We use the services of the hosting service provider Firehost24, Firehost24.com, Schönhaiderstraße 32, 95676 Wiesau, Bavaria, Germany ("Firehost24"), which provides us with infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services for our website. We have concluded a data processing agreement with them. To display our website properly, connections to Firehost24's web servers are established, which also transmit your IP address. You can find specific information on data protection at firehost24.com/privacy. The legal basis is our legitimate interest in the operation and maintenance of the operational security of these websites according to Art. 6(1)(f) GDPR.
As part of contractual and other legal relationships, due to legal obligations, or otherwise based on our legitimate interests, we offer efficient and secure payment options to the individuals concerned. In doing so, we use additional payment service providers alongside banks and credit institutions (hereinafter referred to as "Payment Service Providers"). The data processed by the payment service providers includes inventory data, such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract-related, sum-related, and recipient-related information. This information is necessary to carry out transactions. However, the entered data is processed and stored only by the payment service providers. In other words, we do not receive account or credit card-related information, but only information with confirmation or denial of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. This transmission is for the purpose of identity and credit checks. For this, we refer to the terms and conditions and privacy notices of the payment service providers. The terms and conditions and privacy notices of the respective payment service providers apply to payment transactions and can be accessed within the respective websites or transaction applications. We also refer to them for further information and to assert revocation, information, and other data subject rights. The following data is processed: Inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contract data (e.g., contract object, term, customer category), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses). Legal bases for processing are: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR). Services and service providers used: PayPal: Payment services; Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: www.paypal.com/de; Privacy Policy: www.paypal.com/de/webapps/mpp/ua/privacy-full. Legal basis for processing personal data is Art. 6(1)(b) GDPR. Locally, we offer payment via SumUp, among others. The provider of this payment service is SumUp Payments Limited, 32 – 34 Great Marlborough St, W1F 7JB, London, United Kingdom (hereinafter "SumUp"). If you choose to pay via SumUp, the payment data you enter will be transmitted to SumUp. The transmission of your data to SumUp is based on Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. Revoking consent does not affect the legality of data processing carried out in the past. Further information on the handling of user data can be found in SumUps privacy policy at: sumup.de/datenschutzbestimmungen. Contact Form For inquiries of any kind, we offer the opportunity to contact us through a form provided on the website. Providing a valid email address is necessary for us to know the origin of the inquiry and to be able to respond to it. Additional information can be provided voluntarily. The data processing for the purpose of contacting us is done in accordance with Art. 6(1)(a) GDPR, based on your voluntarily given consent.
We process personal data for online marketing purposes, which include the presentation of advertising and other content (collectively referred to as "Content") based on potential user interests, as well as the measurement of their effectiveness. For these purposes, user profiles are created and stored in a file (so-called "cookie") or similar methods are used to store information relevant to the user for the presentation of the aforementioned content. This information may include viewed content, visited websites, used online networks, as well as communication partners and technical details such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data, this data may also be processed. The IP addresses of users are also stored. However, we use IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored in the context of online marketing procedures, but pseudonyms. This means that both we and the providers of the online marketing procedures do not know the identity of the users, but only the information stored in their profiles. The information in the profiles is usually stored in cookies or similar methods. These cookies can later be read on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, supplemented with additional data, and stored on the server of the online marketing procedure provider. Exceptionally, clear data can be assigned to the profiles. This is the case, for example, when users are members of a social network whose online marketing procedures we use, and the network connects the user profiles with the aforementioned information. Please note that users can make additional agreements with the providers, for example, through consent during registration. We generally only have access to aggregated information about the success of our advertisements. However, we can use conversion measurements to determine which of our online marketing methods have led to a so-called conversion, i.e., to a conclusion of a contract with us. Conversion measurement is used solely for the analysis of the success of our marketing measures. If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent (Art. 6(1)(a) GDPR). Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services, Art. 6(1)(f) GDPR). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy. The following user data is processed: Usage data (e.g., visited websites, interest in content, access times), Meta/communication data (e.g., device information, IP addresses). Purposes of processing are tracking, remarketing, visit action evaluation, interest-based and behavior-based marketing, profiling, conversion measurement, and reach measurement. We refer to the privacy policies of the respective providers and the opt-out options provided by the providers (so-called "Opt-Out"). If no explicit opt-out option has been specified, there is the possibility to disable cookies in your browser settings. However, this may limit the functionality of our online offering. Therefore, we recommend the following opt-out options, which are summarized for the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-region: http://optout.aboutads.info. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may mean that data is not processed and stored anonymously under certain circumstances. US authorities may also have access to individual data. Services and service providers used: Google Analytics: Online marketing and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (Ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov; Opt-out option (Opt-Out): Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertising: https://adssettings.google.com/authenticated. Instagram Ads: Online marketing and web analysis; Service provider: Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA; Website: https://business.instagram.com/advertising/; Privacy Policy: https://www.instagram.com/about/legal/privacy/. How is Social Media integrated? On our domain, there is the possibility to share blog posts via the social networks Instagram, Pinterest, and Facebook. After clicking on the embedded graphic, the user is redirected to the page of the respective provider of Instagram, Pinterest, and Facebook, i.e., user information is only transmitted to the respective provider at that point. The legal basis for data processing is then the users consent in accordance with Art. 6(1)(a) GDPR. If the user is logged into their user profile on the respective social network during activation of the button, an assignment with the visit to our website takes place. If the user does not wish data to be collected about the website by the social networks, they should log out of them before visiting the website. However, when activating the corresponding button by clicking, cookie(s) with an identifier are still set with each visit to the website. Therefore, data may be collected and a profile created through this function that can possibly be traced back to an individual. If the user does not wish this, they can deactivate the corresponding link on the website with a click. The user can also set their browser to reject cookies in general; however, we would like to point out that in this case, the functionality of our website may be restricted. Information on the handling of personal data when using these websites can be found in the respective privacy policies of the providers. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may mean that data is not processed and stored anonymously under certain circumstances. US authorities may also have access to individual data. Instagram The privacy policy of Instagram (operated by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA) can be found at https://www.instagram.com or https://help.instagram.com/155833707900388. Audio and Video Conferences For communication with our customers, we use, among other things, online conference tools. The tools used by us in detail are listed below. When you communicate with us via video or audio conference via the Internet, your personal data is collected and processed by us and the provider of the respective conference tool. The conference tools record all data that you provide/use to use the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants, and other "context information" related to the communication process (metadata). The provider of the tool also processes all technical data required to process online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection. If content is exchanged, uploaded, or otherwise provided within the tool, this is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service. Please note that we do not have full influence on the data processing processes of the tools used. Our possibilities are largely based on the company policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection declarations of the respective tools listed below. Purpose and Legal Bases The conference tools are used to communicate with potential or existing contracting parties or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest in accordance with Art. 6(1)(f) GDPR). Insofar as consent has been requested, the tools in question are used on the basis of this consent; the consent can be revoked at any time with effect for the future. Storage Duration The data directly collected by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly. To conduct online meetings via the Internet, we use the software solutions of WhatsApp Video of WhatsApp Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Privacy Policy: https://www.whatsapp.com/legal/privacy-policy-eea#fSIvbbHxLP6TsrV51). The user has consented to the respective privacy policies when using the platforms. Responsibility for the use of the data by the platforms is excluded on our part. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. Data processing is primarily carried out by Zoom. This may mean that data is not processed and stored anonymously under certain circumstances. US authorities may also have access to individual data. Deletion of Data The data processed by us will be deleted in accordance with the legal requirements, as soon as their consent to processing is revoked or other permissions no longer apply. If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes, i.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person. Further information on the deletion of personal data can also be provided within the scope of the individual data protection information in this privacy policy.
We ask you to regularly inform yourself about the content of our data protection declaration. We adapt the data protection declaration as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.
You have various rights as a data subject under the GDPR, which arise in particular from Articles 15 to 18 and 21 of the DS-GVO: Right of objection: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Art. 6(1)(e) or (f) DS-GVO, including profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing. Right of withdrawal for consents: You have the right to revoke granted consents at any time. Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the statutory provisions. Right to rectification: You have the right to request the completion of the data concerning you or the correction of the incorrect data concerning you in accordance with the statutory provisions. Right to erasure and restriction of processing: You have the right to demand that the data concerned be deleted immediately or, alternatively, to demand a restriction of the processing of the data in accordance with the statutory provisions. Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, common, and machine-readable format in accordance with the statutory provisions or to request its transfer to another responsible party. Complaint to the supervisory authority: You also have the right, in accordance with the statutory provisions, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of the data concerning you violates the DS-GVO.
The Bavarian State Commissioner for Data Protection
Postfach 22 12 19
80502 München
| Phone: | +49 (0)89 / 21 26 72 0 |
| Fax: | +49 (0)89 / 21 26 72 50 |
| E-Mail: | poststelle@datenschutz-bayern.de |
Stand 1. November 2023
96364 Marktrodach,
Suckelgasse 1,
Bayern, Deutschland.