Personal data protection
Data collection on our website
Who is responsible for data collection on our website?
The data processing on this website is carried out by
the website operator. You can find their contact details below:
MS Management
Michaela Sittsam
Beverwijker Ring 12
56564 Neuwied
Germany
Phone: +49 (0) 2631 9393912
How do we collect your data?
On the one hand, your data is collected when you
communicate it to us. This can, for example, be data that you enter in a
contact form.
Other data are automatically recorded by our IT
systems when you visit the website. This is mainly technical data (e.g.
internet browser, operating system or time of the page was viewed). This data
is collected automatically as soon as you enter our website.
Legal basis for data collection on our website
The basis for data collection and processing as well
as the use of the services of external service providers such as Google,
Facebook, Instagram is Article 6 Paragraph 1 Letter b GDPR or Article 9
Paragraph 2 Letter A GDPR, as special data categories are concerned processed
according to Art. 9 Para. 1 GDPR. This legal basis allows the processing of
data to fulfill a contract or pre-contractual measures.
If you have consented to the storage of cookies or
access to information on your end device (e.g. via device fingerprinting), data
processing is also based on Section 25 (1) TTDSG. The consent can be revoked at
any time. If your data is required to fulfill the contract or to carry out
pre-contractual measures, we process your data on the basis of Article 6 (1)
(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a
legal obligation on the basis of Art. 6 Para. 1 lit. c GDPR. Data processing
can also take place on the basis of our legitimate interest in accordance with
Art. 6 Para. 1 lit. f GDPR.
Data protection declaration for our social media
appearances
This data protection declaration applies to the
following social media sites:
https://www.facebook.com/loveofbagsde
https://www.instagram.com/love.of.bags_official/
https://www.tiktok.com/@loveofbagsde
Hosting
We host the content on our website with the following
provider: Shopify International Ltd. 1-2 Victoria Buildings, Haddington Road,
Dublin 4, D04XN32 Ireland.
This website is hosted externally. The personal data
collected on this website is stored on the hoster's servers. This can be v. a.
IP addresses, contact requests, meta and communication data, contract data,
contact details, names, website access and other data generated via a website.
The external hosting is carried out for the purpose of
fulfilling the contract with our potential and existing customers (Art. 6 Para.
1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision
of our online offer by a professional provider (Art. 6 Para. 1 lit. f GDPR). If
a corresponding consent was requested, the processing takes place exclusively
on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para B. device
fingerprinting) within the meaning of the TTDSG. The consent can be revoked at
any time.
Our host(s) will only process your data to the extent
necessary to fulfill their performance obligations and follow our instructions
in relation to this data.
Cloudfare
Shopify uses Cloudfare. Cloudfare is an American
service provider that offers a content distribution network, various web
security services and DNS services. Among other things, the provider collects
data on:
·
The retrieved
website
·
The type of
browser used
·
The operating
system
·
The referrer URL
·
The IP address
·
The requested
provider
Wir haben keinen
Einfluss auf die Datenverarbeitung und den Einsatz von Cloudflare, da es in der
Verantwortung von Shopify liegt. Weitere Informationen zum Datenschutz von
Cloudflare finden Sie hier: Cloudfare
privacy
What rights do you have with regard to your personal
data?
You can at any time receive free information about the
origin, destination and purpose of the stored personal information. You also
have the right to request a correction, update or deletion of this information.
If you wish to exercise this right, please contact us at the address indicated
in our contact section. You can also file a complaint with the competent
supervisory authority.
Analysis tools and third-party tools
When you visit our website, your surfing behavior can
be statistically evaluated. This is mainly done with cookies and so-called
analysis programs. Your surfing behavior is usually analyzed anonymously;
surfing behavior cannot be traced back to you. You can object to this analysis
or prevent it by not using certain tools. You can find detailed information on
this in the following data protection declaration.
General information and mandatory information
Personal data protection
The operators of this website take the protection of
your personal data very seriously. We treat your personal data confidentially
and in accordance with the statutory data protection regulations and this data
protection declaration.
When you use this website, various personal data are
collected. Personal data are data with which you can be personally identified.
This data protection declaration explains which data we collect and what we use
it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over
the Internet (e.g. when communicating by e-mail) can have security gaps. A
complete protection of the data against access by third parties cannot be
guaranteed.
Right of appeal to the competent supervisory authority
In the event of violations of data protection law, the
person concerned has the right to lodge a complaint with the responsible
supervisory authority. The competent supervisory authority for data protection
issues is the state data protection officer of the federal state in which our
company is based. A list of data protection officers and their contact details
can be found at the following link: Bfdi Bund (german).
Right to data portability
You have the right to have data, that we process
automatically on the basis of your consent or in fulfillment of a contract,
handed over to you or to a third party in a common, machine-readable format. If
you request the direct transfer of the data to another person responsible, this
will only be done if it is technically feasible.
SSL or TLS encryption
For security reasons and to protect the transmission
of confidential content, this site uses an SSL or. TLS encryption. You can
recognize an encrypted connection by the fact that the address line of the
browser changes from “http: //” to “https: //” and by the lock symbol in your
browser line.
If the SSL or TLS encryption is activated, the data
that you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If there is an obligation to provide us with your
payment data (e.g. account number for direct debit authorization) after the
conclusion of a fee-based contract, this data is required for payment
processing -Link. You can recognize an encrypted connection by the fact that
the address line of the browser changes from "http: //" to
"https: //" and by the lock symbol in your browser line.
With encrypted communication, your payment data that
you transmit to us cannot be read by third parties.
Information, blocking, deletion
Within the framework of the applicable legal
provisions, you have the right to free information about your stored personal
data, their origin and recipient and the purpose of the data processing and, if
necessary, a right to correct, block or delete this data. You can contact us at
any time if you have any further questions on this topic.
Storage duration
Unless a specific storage period has been specified in
this data protection declaration, your personal data will remain with us until
the purpose for data processing no longer applies. If you assert a legitimate
request for deletion or revoke your consent to data processing, your data will
be deleted unless we are otherwise legally required to do so or have permissible reasons for storing your personal data
(e.g. tax or commercial law retention periods); in the latter case, the data
will be deleted once these reasons have ceased to exist.
Cookies
Some of the internet pages use so-called cookies.
Cookies are small encrypted text files that are stored on your end device or
computer and are often assigned to a single anonymous user. You can find
detailed information about cookies at EU info cookies
Server log files
The provider of the pages automatically collects and
stores information in so-called server log files, which your browser
automatically transmits to us. These are:
·
Browser type and
browser version
·
Operating system
used
·
Referrer URL
·
Host name of the
accessing computer
·
Time of the
server request
·
IP address
This data will not be merged with other data sources.
Contact form and registration on this website
If you send us inquiries using the contact form or
open a customer account or subscribe to our newsletter, your data will be saved
for the purpose of processing your request. This also applies if you create
reviews. You can revoke or change this data at any time. If you have any
questions, please contact us.
Data transfer to third parties when concluding a
contract
We only transmit personal data to third parties if
this is necessary in the context of contract processing, for example to the
company entrusted with the delivery of the goods or the credit institution
commissioned with the payment processing. A further transmission of the data
does not take place or only if you have expressly consented to the
transmission. Your data will not be passed on to third parties without your
express consent, e.g. for advertising purposes.
Social media
Facebook plugins (Like & Share button)
On our website you will find plugins of the social
network Facebook. Facebook is represented by the service provider Meta
Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2,
Ireland. Facebook plugins are identified with their Facebook logo or with the
'Like' button on our site. You can find an overview of Facebook plugins here:
Facebook
plugins
When you visit our website, the plug-in establishes a
direct connection between your browser and the Facebook server. As a result,
Facebook receives the information that you have visited our site with your IP
address. If you click the Facebook "Like" button while you are logged
into your Facebook account, you can link the content of our pages to your
Facebook profile. This enables Facebook to assign your visit to our website to
your user account. We would like to point out that, as the provider of the
pages, we have no knowledge of the content of the transmitted data or their use
by Facebook. You can find more information on this in Facebook's data
protection declaration at: Facebook policy
If you do not want Facebook to be able to assign your
visit to our website to your Facebook user account, please log out of your
Facebook user account.
Analysis tools and advertising
Google Analytics
We use Google Analytics 4. Google Analytics uses so-called
"cookies". These are text files that are stored on your computer and
that enable an analysis of your use of the website.
Legal basis
The legal basis for this data processing is your
consent in accordance with Art.6 Para.1 S.1 lit.a GDPR.
The website operator has a legitimate interest in
analyzing user behavior in order to optimize both its website and its
advertising.
If you have given your consent, Google Analytics 4, a
web analysis service provided by Google LLC, is used on this website. The
responsible body for users in the EU/EEA and Switzerland is Google Ireland
Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
("Google").
Scope of processing
Google Analytics uses cookies, which enable an
analysis of the use of our websites by you. The information collected by the
cookies about your use of this website is usually transmitted to a Google
server in the USA and stored there.
With Google Analytics 4, the anonymization of IP
addresses is activated by default. Due to IP anonymization, your IP address
will be shortened by Google within member states of the European Union or in
other contracting states of the Agreement on the European Economic Area. Only
in exceptional cases will the full IP address be sent to a Google server in the
USA and shortened there. According to Google, the IP address transmitted by
your browser as part of Google Analytics will not be merged with other Google
data.
During your visit to the website, your user behavior
is recorded in the form of "events". Events can be:
•
Page Views
•
Visiting the
website for the first time
•
Start of session
•
Your "click
path", interaction with the website
•
Scrolls
(whenever a user scrolls to the end of the page (90%))
•
Clicks on
external links
•
internal
searches
•
Interaction with
videos
•
File Downloads
•
Ads seen /
clicked on
In addition, the following is recorded:
•
Your approximate
location (region)
•
Your IP address
(in abbreviated form)
•
technical
information about your browser and the end devices you use (e.g. language
setting, screen resolution)
•
Your internet
service provider
•
the referrer URL
(from which website/which advertising medium you came to this website)
Purposes of using events
On behalf of the operator of this website, Google will
use this information to evaluate your use of the website and to compile reports
on website activity. The reports provided by Google Analytics are used to
analyze the performance of our website.
Recipients
The recipients of this data are/may be:
•
Google Ireland Limited,
Gordon House, Barrow Street, Dublin 4, Irland (as provider according to Art. 28
DSGVO)
•
Google LLC, 1600
Amphitheater Parkway Mountain View, CA 94043, USA
•
Alphabet Inc.,
1600 Amphitheater Parkway Mountain View, CA 94043, USA
It is not excluded that United States authorities may
have access to this data.
Google Tag Manager
We use the Google Tag Manager. The provider is Google
Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor
according to Art. 28 GDPR)
The Google Tag Manager is a tool that we can use to
integrate tracking or statistical tools and other technologies on our website.
The Google Tag Manager itself does not create any user profiles, does not save
any cookies and does not carry out any independent analyses. It is only used
for the administration and display of the tools integrated via it. However, the
Google Tag Manager records your IP address, which can also be transmitted to
Google's parent company in the United States.
Legal basis for the use of the Google Tag Manager Art.
6 Para. 1 lit f GDPR. The website operator has a legitimate interest in the
quick and easy integration and management of various tools on its website. If a
corresponding consent was requested, the processing takes place exclusively on
the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para B. device
fingerprinting) within the meaning of the TTDSG. The consent can be revoked at
any time.
Transfer of data from third countries
If data are processed outside the EU/EEA and there is
no data protection level corresponding to the European standard, we have
concluded EU standard contractual clauses with the service provider to create an appropriate level of data protection.
Google Ireland's parent company, Google LLC, is based in California, USA. A
transfer of data to the USA and access by US authorities to the data stored by
Google cannot be ruled out. From a data protection point of view, the USA is
currently considered a third country. You do not have the same rights there as
within the EU/EEA. You may not be entitled to any legal remedies against access
by authorities.
Revocation
You can revoke your consent at any time with effect
for the future by calling up the cookie settings using the fingerprint on the
left on our website and making your selection there using the
"Settings" function. individual". If you need help, please
contact us here: contact
The lawfulness of the processing carried out on the
basis of the consent until the revocation remains unaffected. You can also
prevent the storage of cookies from the outset by configuring your browser
software accordingly. However, if you set your browser to reject all cookies,
the functionality of this and other websites may be restricted. You can also
prevent Google from collecting the data generated by the cookie and relating to
your use of the site (including your IP address) and from processing this data
by Google if
a) you do not give your consent to the installation of
the cookie or
b) you download and install the browser add-on to
deactivate Google Analytics here
You can find more information about the terms of use
of Google Analytics and data protection at Google here and at here (german).
IP Anonymization
The IP anonymization function is activated by default
in Google Analytics 4. As a result, your IP address will be shortened by Google
within member states of the European Union or in other contracting states of
the Agreement on the European Economic Area before it is transmitted to the
USA. Only in exceptional cases will the full IP address be sent to a Google
server in the USA and shortened there. On behalf of the operator of this
website, Google will use this information to evaluate your use of the website,
to compile reports on website activity and to provide other services related to
website activity and internet usage to the website operator. The IP address
transmitted by your browser as part of Google Analytics will not be merged with
other Google data.
Google Fonts (local hosting)
This site uses so-called Google Fonts, which are
provided by Google, for the uniform display of fonts. The Google Fonts are
installed locally. There is no connection to Google servers.
For more
information about Google Fonts, see Google fonts and Google's privacy policy: Google policies
Browser plugin
You can prevent the storage of cookies by setting your
browser software accordingly; we would like to point out, however, that in this
case you may not be able to use all functions of this website to their full
extent. You can also prevent Google from collecting the data generated by the
cookie and relating to your use of the website (including your IP address) and
from processing this data by downloading the browser plug-in available under
the following link and install: Google opt
out
Objection against data collection
You can prevent Google Analytics from collecting your
data by setting up the corresponding function on your browser. An opt-out
cookie prevents the collection of your data on future visits to this website.
You can find more information on how Google Analytics handles user data in
Google's privacy policy: Google analytics
Order data processing
We have concluded a contract data processing agreement
with Google and fully implement the strict requirements of the German data
protection authorities when using Google Analytics.
Demographic characteristics in Google Analytics
This website uses the "demographic
characteristics" function of Google Analytics. This allows reports to be
created that contain statements about the age, gender and interests of the site
visitors. This data comes from interest-based advertising from Google and
visitor data from third-party providers. This data cannot be assigned to a
specific person. You can deactivate this function at any time via the ad settings
in your Google account or generally prohibit the collection of your data by
Google Analytics as described in the point "Objection to data
collection".
The summary of the recorded data in your Google
account is based solely on your consent, which you can give or revoke with
Google (Article 6 (1) (a) GDPR). In the case of data collection processes that
are not merged in your Google account (e.g. because you do not have a Google
account or have objected to the merger), the collection of data is based on
Article 6 (1) (f) GDPR. The legitimate interest results from the fact that the
website operator has an interest in the anonymous analysis of website visitors
for advertising purposes.
Further information and the data protection
regulations can be found in Google's data protection declaration at: Google
data protection policies
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on
our websites. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain
View, CA 94043, USA (“Google”).
reCAPTCHA is a check module whether the data entry on
our website (eg in the contact form) is done by a human being or an automated
program. reCAPTCHA thus analyzes the behavior of the visitor through various
characteristics. This analysis begins automatically as soon as the visitor
enters the site. To analyze behavior, reCAPTCHA analyzes various information
(e.g. IP addresses, time spent on the site or movements made by the user's
mouse). This data is transferred to Google. The language of the reCAPTCHA tool
is set in French. If you encounter problems with this tool, please contact us
here: contact
The reCAPTCHA module and the analyzes are done
completely in the background. Visitors to the website are not informed of this
analysis.
The storage of reCAPTCHA data takes place on the basis
of Article 6.1 f of the German data protection law. The owner of this website
has a justified interest in preventing its internet offers from automatic
spying and SPAM.
Further information on Google reCAPTCHA and the use of
user data can be found at: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/about
Facebook pixel
Our website uses the Facebook visitor action pixel to
measure the conversion rate. The provider is Meta Platforms Ireland Ltd. 4
Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
In this way, the behavior of site visitors can be
tracked after they have been redirected to the provider's website by clicking
on a Facebook ad. This allows the effectiveness of the Facebook ads to be
evaluated for statistical and market research purposes and future advertising
measures to be optimized.
The data collected is anonymous to us as the operator
of this website, we cannot draw any conclusions about the identity of the user.
However, the data is stored and processed by Facebook so that a connection to
the respective user profile is possible and Facebook can use the data for its
own advertising purposes in accordance with the Facebook guidelines. This enables Facebook to place advertisements on
Facebook pages and outside of Facebook. This use of the data cannot be
influenced by us as the site operator.
You will find further information on protecting your
privacy in Facebook's data protection information: Facebook data protection
You can also disable the Custom Audiences remarketing
feature in the Ads Settings section of Facebook
advertise settings. To do this,
you must be logged in to Facebook.
If you do not have a Facebook account, you can
deactivate usage-based advertising from Facebook on the website of the European
Interactive Digital Advertising Alliance: EU your online choices
Facebook Conversion API
On our website we use Facebook Conversion API, a
server tool for measuring conversion events.
Personal data
Usage Data (e.g. pages visited, content interests,
time of use), Communication Data (e.g. information of devices used, IP
addresses), Location Data (information on the geographical positioning of a
device or a person), the processing of information: email address, telephone
number, gender, date of birth, first and last name, address, identity of the
user.
Purpose of data processing
This is a data interface through which we transmit
data about your behavior on our website to Facebook for evaluation. This allows
us to show you advertisements that match your user behavior on our website.
In this way, the behavior of site visitors can be
tracked after they have been redirected to the provider's website by clicking
on a Facebook advertisement. This allows the effectiveness of Facebook
advertisements to be evaluated for statistical and market research purposes and
to optimize future advertising measures.
The data collected is anonymous for us as the operator
of this website, we cannot draw any conclusions about the identity of the user.
However, the data is stored and processed by Facebook so that a connection to
the respective user profile is possible and Facebook can use the data for its
own advertising purposes in accordance with Facebook guidelines. This allows
Facebook to place advertisements on Facebook pages and outside of Facebook.
This use of data cannot be influenced by us as the site operator.
Recipient
We will not share your information with third parties.
In the area of the Facebook Conversion API, however, we work together with
Facebook (now Meta), who create user statistics together with us. Data is also
processed in the USA. As a basis for this data processing, we use the standard
contractual clauses approved by the EU Commission.
Supplier
Meta Platforms Ireland Ltd. 4 Grand Canal Square,
Grand Canal Harbour, Dublin 2, Ireland
Purpose of data processing
Facebook Conversion API
Details/Information related to personal data
protection:
https://www.facebook.com/about/privacy
https://www.facebook.com/settings?tab=ads
Payment service
providers
Klarna
We use the
services of the online payment system Klarna of the Swedish company Klarna Bank
AB with headquarters at Sveavägen 46 11134 Stockholm, Sweden. If you opt for
this service, personal data will be sent to Klarna, stored and processed/
The purpose of
using this payment provider is to optimize the payment process on our website.
For this
purpose, the following data is stored on the Klarna Checkout page:
·
Surname
·
Address
·
Birth date
·
Bank details
(account number, credit card number etc)
·
IP address and
contract data
·
Browser type
·
Operating system
·
Date and Time
·
Language
settings
·
Payment
information such as credit card information or your bank account number
·
Product
information such as the type of item and the price of the product
If you pay via
Klarna, you pass on your personal data to Klarna.
How long Klarna
stores your personal data depends on the purposes for which Klarna uses the
personal data.
You can find
more information about data protection at Klarna here: Klarna privacy
Legal basis:
Article 6 (1) (C) GDPR and Article 6 (1) (f) GDPR
Shopify Payments
We use the
service of the online payment system Shopify Payments.
The purpose of
using this payment provider is to optimize the payment process on our website.
The provider is
Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canalo Dock,
Dublin, DO2H, Ireland.
In order to
process orders and payments, Shopify Payments collects customer personal data
such as :
·
Surname
·
Address
·
Bank account
number
·
Credit card
number
·
Bank code
If you pay via
Shopify Payments, you pass this data on to the payment provider Stripe.
Shopify Payments
retains your personal information for as long as they are providing the
Services to you or for the period while they reasonably expect to be providing
the Services.
You can find
more information about Stripe's data protection here: Stripe privacy
Legal basis:
Article 6 (1) (C) GDPR and Article 6 (1) (f) GDPR
PayPal
We use the
service of the online payment system PayPal. The
provider is PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal,
L-2449 Luxembourg
The purpose of
using this payment provider is to optimize the payment process on our website.
In order to
process orders and payments, PayPal collects personal customer data such as:
·
Payment Amount
·
User device
information
·
Technical Usage
Data
·
Geolocalization
of users
In addition, the
following data can be collected:
·
Surname
·
Address
·
Telephone number
·
Email
·
Bank account
number
If you pay via
PayPal, you pass this data on to the provider PayPal.
PayPal retains
your personal information for as long as is necessary or permitted within the
context of the purpose for which it was collected and in accordance with applicable
law.
You can find
more information about PayPal's data protection here: PayPal privacy
Legal basis:
Article 6 (1) (C) GDPR and Article 6 (1) (f) GDPR
Opt Out
Function
You can disable
the use of cookies by clicking on the fingerprint on the left side of our
website. By clicking the "Reject" button (Ablehnen/Refuser), we
respect your privacy and do not set any cookies that are not necessary for the
operation of this website.