Introduction
Welcome to our website https://nicgeraldine.art! The use of our website is generally possible without providing personal data. Personal data in accordance with Art. 4 No. 1 GDPR is only collected if we have a legal right for this (e.g. an enquiry from you, an existing contract, legitimate interest) or if you have given your consent. Your personal data is processed for the purpose of providing the service you have requested.
We further undertake to treat the information always provided by you with the utmost care and responsibility in accordance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679). This also applies to our cooperation with third parties. For this purpose, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of your browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Our privacy policy is regularly updated and adapted to new legal requirements or case law. We therefore recommend that you read this privacy policy again at regular intervals.
In the following, we describe how, for what purpose and on what legal basis we process and store certain data that we collect from you.
Information pursuant to Art. 13 GDPR
Name and contact details of the controller, Art. 4 No. 7 GDPR:
Nicole Arnoldi
Marienhofstraße 1
D-55130 Mainz
Phone: +49 1 70 – 2 41 04 40
Email: hey@nicgeraldine.art
Name and address of the data protection officer
There is no need for a data protection officer due to the size of the company.
Data collection and use – non-personal
1. log file
When you visit our website https://nicgeraldine.art, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted
– IP address of the requesting computer,
– date and time of access,
– name and URL of the retrieved file,
– website from which the access is made (referrer URL),
– browser used and, if applicable, the operating system of your computer and the name of your access provider.
The aforementioned data is processed by us for the following purposes
– Ensuring a smooth connection to the website,
– Ensuring a comfortable use of our website,
– Analysing system security and stability as well as for
– Improving our offer.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR; our legitimate interest follows from the purposes for data collection listed above. It is not possible for us to assign this data to a specific person.
2. Cookies
A “cookie” is a small text file that is created and stored on your computer when you visit our website. Cookies are used to make our website more user-friendly, effective and secure. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies); other cookies remain on your end device and enable us to recognise your browser the next time you visit (persistent cookies).
Nevertheless, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them, to exclude the acceptance of cookies for certain cases or in general. By the following links you can find out how to delete cookies in the most common browsers and change the cookie settings:
• Google Chrome: zur Webseite
• Mozilla Firefox: zu Webseite
• Apple Safari: zur Webseite
• Microsoft Internet Explorer: zur Webseite
• Microsoft Edge Webseite
If cookies are deactivated, the functionality of this website may be restricted.
Data collection and use – personal data
As already mentioned, you can visit our website without providing any personal data. We only collect your personal data if you voluntarily provide it to us when you place an order, contact us (e.g. via contact form or e-mail) or open a customer account. The data we collect from you can be seen from the respective input forms.
Your data is therefore processed based on Art. 6 para. 1 sentence 1 lit. f GDPR and Section 25 para. 1 TDDDG with your consent. We use the data you provide to fulfil the contract and process your enquiries. After completion of the contract or deletion of your customer account, your data will be blocked for further use and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this as permitted by law, about which we will inform you below.
You can revoke your consent at any time by sending us a message without affecting the legality of the processing carried out because of your consent until revocation. Revocation can be made either by sending a message to the contact option described above or via a function provided for this purpose in the customer account.
The use of your data in detail:
– Customer account
When you open a customer account, we collect your personal data to the extent specified there. The purpose of data processing is to improve your shopping experience and simplify order processing. Processing is carried out based on Art. 6 (1) lit. a GDPR with your consent. Cancellation of your customer account is possible at any time and can be done either by sending a message to the contact option described above or via a link provided for this purpose in the customer account. Your customer account will then be deleted.
– Contacting us
If you contact us – e.g. via contact form or email – your personal data will be processed exclusively for the purpose of processing and responding to your enquiry and only to the extent necessary for this purpose.
The legal basis for the processing of this data is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR if your enquiry leads to a contract with us. Your data will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed).
To revoke your consent or request the deletion of your data, simply send an informal message to the contact option described above. The legality of the data processing operations carried out up to the revocation as well as mandatory legal provisions – in particular retention periods – remain unaffected by this.
– Comment function
As part of the comment function on this website, in addition to your comment, details of when the comment was created and the name you have chosen will be published on the website and stored by us. Furthermore, your IP address and your e-mail address will also be logged and stored. The IP address is stored for security reasons and if the person concerned posts illegal content or violates the rights of third parties by posting a comment. We need your e-mail address to contact you if a third party objects to your published comment as unlawful. We therefore reserve the right to delete comments. The processing and storage of your data takes place because of Art. 6 para. 1 lit. b and f GDPR.
Transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
– you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
– disclosure in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
– in the event that disclosure in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, and
– this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
Transmission of data after conclusion of contracts
If it is necessary in the context of contract processing, we transmit personal data to third parties who are entrusted with the delivery or with payment processing. This data processing is necessary for the fulfilment of a contract or pre-contractual measures according to Art. 6 para. 1 lit. b) GDPR.
Shipping service provider
If you have given us your consent, we will pass on your personal data (e-mail, telephone number) to the shipping service provider so that they can keep you informed about the progress of your consignment. This information helps us to avoid incorrect deliveries and unnecessary delivery attempts.
Payment service provider
Depending on which payment service provider you select in the order process, we will pass on the payment data collected for this purpose to the payment service provider commissioned with the payment or to the selected payment service to process payments. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
PayPal
PayPal components are integrated on our website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject selects ‘PayPal’ as the payment option during the ordering process in our online shop, the data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, surname, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. The personal data required to process the purchase contract also includes personal data that is required in connection with the respective purchase.
The purpose of transmitting the data is to process payments and prevent fraud. The controller will transmit personal data to PayPal if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the controller may be transmitted by PayPal to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness.
PayPal may pass on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal.
The data subject has the option to withdraw consent to the handling of personal data from PayPal at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
The applicable data protection provisions of PayPal may be retrieved under https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Credit card payment
If you select a payment method where you pay in advance, for example by credit card, your payment data provided during the order process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data will only be passed on for the purpose of payment processing with the provider and only to the extent that it is necessary for this purpose.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be authorised to process your personal data if this is necessary for contractual payment processing.
Use of social plugins
Social plugins (‘plugins’) from social networks are used on our website. These services are offered by companies such as Facebook Inc, Google Inc and Instagram LLC (‘providers’).
When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the respective provider’s servers. The content of the plugin is transmitted directly to your browser and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider in the USA and stored there. If you are logged in to one of the services, the providers can directly associate your visit to our website with your respective profile. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published on your respective accounts in the social networks and displayed there to your contacts.
If you do not want the following social networks to assign the data collected via our website directly to your profile in the respective service, you must log out of the respective service before visiting our website. You can also completely prevent the plugins from loading with add-ons for your browser, e.g. with the script blocker ‘NoScript’ (https://noscript.net/
The social network plugins we use in detail:
– Instagram
Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA (‘Instagram’). If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. Among other things, Instagram collects this data from users:
– Email address
– Telephone number
– Contact information from the address book and call log (if access is permitted)
-IP address
– Device used
– Operating system
Instagram uses this data on the one hand to offer users a personalised experience. It also passes the data on to advertising partners, search engines (in the case of publicly accessible data) and third-party service providers.
We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram. Further information on this can be found in Instagram’s privacy policy: https://help.instagram.com/155833707900388/
– Pinterest
Our website is linked to Pinterest, the company Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103, USA. For the European region, the Irish company Pinterest Europe Ltd (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all aspects relating to data protection.
Pinterest is a social network that specialises in graphic representations and photographs. Users can use Pinterest to discuss various hobbies and interests and view the respective profiles with images either openly or in defined groups. Nicolearnloldi.design is also represented on Pinterest with its content. Your personal data may also be used for advertising purposes so that we can show advertising messages to precisely those people who are interested in our services or products.
If you have consented to your data being processed and stored by integrated social media elements, this consent is therefore the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based according to our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Further information on data processing by Pinterest can be found at the following link https://help.pinterest.com/de/article/you
Your right to information, rectification and restriction of processing and contact option
According to the EU General Data Protection Regulation, you have the following rights under Art. 13 para. 2 b) GDPR:
1. right to information
You can request information free of charge about the scope, origin and recipients of the stored data as well as the purpose and duration of storage. (Art. 15 GDPR)
2. right to rectification
You can request that incorrect or incomplete data be corrected or completed at any time. (Art. 16 GDPR)
3. right to restriction of processing and erasure
If the legal requirements are met, you can request the erasure or restriction of processing. (Art. 17, 18 GDPR)
4. Right to data portability
If you have consented to the data processing or a contract for data processing exists and the data processing is carried out using automated procedures, you may have a right to data portability. (Art. 20 GDPR)
5. right to object
You can revoke your consent to the processing of your personal data at any time with effect for the future (Art. 21 GDPR).
If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object if there are grounds relating to your personal situation.
After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defence of legal claims.
This does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.
If you have any questions, comments or enquiries regarding the processing of your personal data by us, please use the contact options listed above or our contact form.
Duration of storage
Once the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then in accordance with statutory retention periods, under tax and commercial law, and then deleted after expiry of the period, unless you have consented to further processing and use.