fbpx

Privacy Policy

Table of Contents

  1. Subject Matter of this Privacy Policy
  2. Controller and Service Provider
  3. Collection and use of your data
  4. Use of Cookies
  5. Payment Services
    1. Stripe Payment Service
    2. PayPal Payment Service
    3. Klarna Payment Service
    4. Alipay Payment Service
  6. Use of Google Analytics
  7. Use of Google Ads and Remarketing Use of Google Fonts
  8. Additional service providers and data transfer to third parties
  9. Your Rights
  10. Data Security

Notification on the right to object

  1. Subject-Matter of this Privacy Policy

We appreciate your interest in our website and our offers on it. The protection of your personal data (hereinafter referred to as “data”) is of great concern to us. Accordingly, in this document, we would like to provide you with comprehensive information pursuant to the General Data Protection Regulation (“GDPR”) about which Data is collected when you visit our website and use our services available there, how this Data is processed or used by us, and which accompanying technical and organizational safeguards we have adopted in this respect.

  • Controller and Service Provider

The controller within the meaning of the EU General Data Protection Regulation (GDPR), and at the same time the service provider within the meaning of the German Telemedia Act (TMG), is Emilia Pfohl und Nan Li GbR, Karl-Kunger-Str. 19, 12435 Berlin, Deutschland (hereinafter referred to as „NAMILIA“ or „us“), see also our Imprint.

  • Collection and use of your data

The extent and nature of the collection and use of your data differ depending on whether you visit our website for the sole purpose of retrieving information or whether you use offers on our website that require the disclosure of further information about you, for example: when ordering products in our webshop or using the contact form:

a. Informational use

It is not necessary to enter personal data in order to use our website for mere information purposes.

In this case, we only collect and use your data to the extent it is automatically transmitted by your web browser, such as:

  • Date and time of retrieval of one of our websites
  • Your browser type
  • The browser settings
  • The operating system used
  • The page you visited last
  • The transferred amount of data and the access status (file transfer, file not found, etc.) as well as
  • Your IP address

We process this data during an informative visit exclusively in non-personal form. This is done in order to enable the use of the websites you have accessed and to check whether our web pages are displayed to you correctly.

We use the above-mentioned data only for the duration of your visit and don’t store any logs with personal data.

The processing takes place on the legal basis of Article 6 (1) f) GDPR (legitimate interests) and in our interest to be able to display our website reliably and as trouble-free as possible.

b. Use of our webshop

If you would like to order in our webshop, it is necessary for the conclusion of a contract that you enter your personal data, which we need for the processing of your order. Optional information like your phone number is marked as such. We use the data provided by you in order to process your order. For this purpose, we transfer your payment data to one of our payment service providers (see below).

The legal basis for this data processing is Article 6 (1) b) GDPR (contract initiation and performance).

We are obliged by commercial and tax law to store your order data for the duration of ten years.

c. Contacting us

If you wish to contact us via the email addresses provided on our website, we will collect the following data from you:

  • Your name
  • Your email address
  • The subject and your message

We use this information to respond to your request via email.

If your inquiry relates to an existing contractual relationship or if you are interested in concluding a contract, the data processing is carried out on the legal basis of Article 6 (1) b) GDPR (contract initiation and performance). Otherwise, the data processing will take place on the legal basis of Article 6 (1) f) GDPR (legitimate interests) and in our interest in order to be able to answer your enquiry with the information relevant to you.

We store the data collected via email and the communication to answer to your message for 3 month.

d. Newsletter

By subscribing to our newsletter, we will periodically email you information on special offers and new releases of our products as well as information on upcoming events.

To register for our newsletter, we only require your email address to which the newsletter should be sent.

On the basis of your consent, we also record your usage behaviour with regard to our newsletter (e.g. opening and reading emails) and evaluate this for statistical purposes.

For the purpose of providing our newsletter service, we use the mailing service provider MailChimp (The Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA; “MailChimp”), which processes the data collected in the newsletter strictly in accordance with our specifications.

MailChimp has a so-called EU-U.S. Privacy Shield certification. The EU-U.S. Privacy Shield Agreement is a data protection agreement designed to ensure an adequate level of data protection for data transfers to certified U.S. companies. The EU Commission has determined the adequacy of the guaranteed data protection level according to the EU-U.S. Privacy Shield Agreement by decision of 12.07.2016 (Az. C(2016) 4176).

You can view the EU Commission’s decision here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of the certification of MailChimp according to the EU-U.S. Privacy Shield Agreement can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG.

Additionally we have concluded the EU Commission’s Standard Contractual Clauses (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) with MailChimp to provide additional safeguards on data protection for the international data transfer. The Data Processing Addendum concluded with MailChimp is available here: https://mailchimp.com/legal/data-processing-addendum/.

Processing is based on the legal basis of Article 6 (1) a) GDPR in connection with your consent to receive the newsletter. You can revoke your consent at any time with effect for the future.

We save and use your email address when you sign up for the newsletter until you unsubscribe from the newsletter. If the e-mail address given by you is not available for a long time, we will delete your data without explicit deregistration.

Registration confirmation and verification of your email address

For security reasons, we use the so-called double opt-in procedure for the registration to our email newsletter: After you register to our newsletter, you will receive an activation email to your specified email address. Only when you have confirmed your registration by clicking on the link provided you will finish the registration to our email newsletter. This is to ensure that only you as the owner of the specified email address are able to subscribe to the newsletter. If you did not confirm your registration after receiving the activation email, your subscription to the newsletter will be automatically deleted for security reasons and it will be necessary to register again.

Unsubscribe from our newsletter

If you no longer wish to receive email newsletters from us, you can unsubscribe from our newsletter at any time by either clicking on the unsubscribe link at the end of each newsletter email or by sending us a message to shop@namilia.com.

  • Use of cookies

We use cookie technology on our website. Cookies are small text files which are generated by your browser when visiting our website, and which are stored on your computer, tablet or smartphone to later retrieve the information stored within.


On our websites we use the following cookies:

[cookiesaccepted] Function: This cookie is used to store your acceptance of our cookie notice. It contains “1” if you have accepted cookies. The cookie is saved for the duration of one month. The cookie is a so called First-Party cookie, which is controlled and can only be accessed by our website.

[mailchimp_landing_site]

This cookie is part of the MailChimp service (see section 3.d.) and used to measure which page was visited first on our website. The cookie contains information on the initially visited page and is saved for 4 weeks. The cookie is a so called First-Party cookie, which is controlled and can only be accessed by our website.

[newsletterattention]

This cookie is part of the MailChimp service (see section 3.d.) and is used to control displaying an invitation to subscribe to our newsletter. It usually contains the number “1” and is saved for the duration of one month. The cookie is a so called First-Party cookie, which is controlled and can only be accessed by our website.

[wmc_current_currency]

This is cookie is part of our webshop system WooCommerce and is used to store your preferred currency. It contains the selected currency (e.g. “EUR”) and is saved for 24 hours. The cookie is a so called First-Party cookie, which is controlled and can only be accessed by our website.

[wmc_ip_info]

This is cookie is part of our webshop system WooCommerce and is used to identify the user location. It contains an alphanumerical value and is saved for 24 hours. The cookie is a so called First-Party cookie, which is controlled and can only be accessed by our website.

[grid_count_left] [grid_count_right] [grid_width]

These cookies are used to store the chosen display of our website during one session. They contain the size for each part of our website and are only stored until the end of the browser session. These cookies are so called First-Party cookies, which are controlled and can only be accessed by our website.

[woocommerce_cart_hash]

This is cookie is part of our webshop system WooCommerce and is used for the ordering process. It helps to determine when shopping cart contents/ data changes and is saved until the end of your browser session. The cookie is a so called First-Party cookie, which is controlled and can only be accessed by our website.

[woocommerce_items_in_cart]

This is cookie is part of our webshop system WooCommerce and is used for the ordering process. It contains the amount of items you currently have in your shopping cart and also helps to determine when shopping cart contents/ data changes. The cookie is saved until the end of your browser session. The cookie is a so called First-Party cookie, which is controlled and can only be accessed by our website.

[wp_woocommerce_session_XXX]

This is cookie is part of our webshop system WooCommerce and is used for the ordering process. It contains a unique code for each customer and is saved for 48 hours. The cookie is a so called First-Party cookie, which is controlled and can only be accessed by our website.

[__stripe_mid] Function: This cookie is part of the payment service Stripe which is used in our webshop. The cookie is saved for the duration of one year. The cookie is a so called First-Party cookie, which is controlled and can only be accessed by our website.

[__stripe_sid] Function: This cookie is part of the payment service Stripe which is used in our webshop. The cookie is saved for the duration of 30 minutes. The cookie is a so called First-Party cookie, which is controlled and can only be accessed by our website.

Use of cookies for Google Analytics (see below in detail):

[_gat] Function: This cookie is part of Google Analytics and is used for statistical analysis of user behavior on our websites. With the help of this cookie the query rate of the website usage is controlled. It typically contains a number and is stored for 10 minutes. The cookie is a so-called first-party cookie which is controlled and can only be accessed by our website.

[_ga] Function: This cookie is part of Google Analytics and is used for statistical analysis of user behavior on our websites. It contains an individual Google Analytics identification number and is stored for 2 years. The cookie is a so-called first-party cookie which is controlled and can only be accessed by our website.

[_gid] Function: This cookie is part of Google Analytics and is used for statistical analysis of user behavior on our websites. It contains an individual Google Analytics identification number and is stored for 24 hours. The cookie is a so-called first-party cookie which is controlled and can only be accessed by our website.

Additional cookies can be placed by third parties using their plugins. Information about these cookies is provided at the respective subsection of this Privacy Policy as well as within the linked Privacy Policies of each third party.

Deactivation of Cookies

Whether cookies can be stored and retrieved is up to you: you can control this via your browser settings. For example, you can wholly deactivate the storing of cookies in your browser, restrict it on certain websites or configure your browser in such a way that it notifies you automatically as soon as a cookie is to be placed, and requests your response thereto. For technical reasons, it is necessary that you allow the aforementioned session cookies in order to enjoy the full functionality of our website.

  • Payment Services

5.1 Stripe Payment Service

In our webshop we use the payment service Stripe.

In accordance with the Stripe Global Privacy Policy (as of 28.04.2020), the Stripe payment service is provided to you by Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) if you are a resident in the European Economic Area, United Kingdom or Switzerland. If you are a resident of another country, the Stripe payments service will instead be provided to you by Stripe Inc. (510 Townsend Street, San Francisco, CA 94103, USA). In the following “Stripe” means the respective Stripe company responsible for your location (Stripe Payments Europe, Ltd. or Stripe Inc.).

When you visit our webshop, Stripe receives the information that you have visited the corresponding page on our website. In addition, the data referred to in section 3 a) will be transmitted to Stripe.

Stripe uses cookies and similar technologies (HTML storage) on our website.

Stripe Inc. has a so-called EU-U.S. Privacy Shield certification. The EU-U.S. Privacy Shield Agreement is a data protection agreement designed to ensure an adequate level of data protection for data transfers to certified U.S. companies. The EU Commission has determined the adequacy of the guaranteed data protection level according to the EU-U.S. Privacy Shield Agreement by decision of 12.07.2016 (Az. C(2016) 4176).

You can view the EU Commission’s decision here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of the certification of Stripe according to the EU-U.S. Privacy Shield Agreement can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000TQOUAA4.

Further information on the purpose and scope of data collection and processing by Stripe can be found in Stripe’s privacy policy: https://stripe.com/de/privacy.

Your data will be processed on the legal basis of Article 6 (1) f) GDPR (legitimate interests) and in our interest to be able to process payments through Stripe’s payment service.

  • Paypal Payment Service

In our webshop we use the payment service PayPal of PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, “PayPal”).

When you visit our webshop, Paypal receives the information that you have visited the corresponding page on our website. In addition, the data referred to in section 3 a) will be transmitted to PayPal.

PayPal uses cookies and similar technologies (HTML storage) on our website.

Further information on the purpose and scope of data collection and processing by PayPal can be found in Paypal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Your data will be processed on the legal basis of Article 6 (1) f) GDPR (legitimate interests) and in our interest to be able to process payments through PayPal’s payment service.

  • Klarna Payment Service

In our webshop we use the payment service Klarna of Klarna Bank AB (Sveavägen 46, 111 34 Stockholm, Sweden, “Klarna”).

When you visit our webshop, Klarna receives the information that you have visited the corresponding page on our website. In addition, the data referred to in section 3 a) will be transmitted to Klarna.

Klarna uses cookies and similar technologies (HTML storage) on our website.

Further information on the purpose and scope of data collection and processing by Klarna can be found in Klarna’s privacy policy: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

Your data will be processed on the legal basis of Article 6 (1) f) GDPR (legitimate interests) and in our interest to be able to process payments through Klarna’s payment service.

  • Alipay Payment Service

In our webshop we use the payment service Alipay of Alipay (Europe) Limited S.A. (11-13 Boulevard de la Foire, L-1528 Luxembourg, “Alipay”).

When you visit our webshop, Alipay receives the information that you have visited the corresponding page on our website. In addition, the data referred to in section 3 a) will be transmitted to Alipay.

Alipay uses cookies and similar technologies (HTML storage) on our website.

Further information on the purpose and scope of data collection and processing by Alipay can be found in Alipay’s privacy policy: https://render.alipay.com/p/f/agreementpages/alipayeuprivacypolicy.html.

Your data will be processed on the legal basis of Article 6 (1) f) GDPR (legitimate interests) and in our interest to be able to process payments through Alipay’s payment service.

  • Use of Google Analytics

With your consent we use Google Analytics on this webseite, a web analytics service provided by Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.

IP-anonymization is activated on this website, so your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there.

Google will use this information on behalf of the operator of this website as a processor according to Art. 28 GDPR for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.

The IP-address, that your Browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser: https://tools.google.com/dlpage/gaoptout

As an alternative to the browser addon or for browsers on mobile devices, you can prevent being tracked by Google Analytics on this website by using an opt-out cookie. In order to do so you have to click this link. The opt-out cookie will be stored on your device, please note that you will have to click this link again, if you delete your cookies.

Further information is available within the privacy policy of Google which you can find here: https://www.google.com/policies/privacy/partners/?hl=en.

In connection with the use of Google Analytics, we use the Google Tag Manager service on our website.

The Google Tag Manager service is used to manage so-called “tags” that we have embedded on our website. Tags are small pieces of code that can be used to measure traffic and visitor behavior, measure the impact of online advertising and social channels, use remarketing and targeting, and test and optimize websites. No data is stored on your device.

We use these tags in the context of website analysis with Google Analytics, i.e. in order to be able to analyze and optimize your use of our website even more precisely.

We use these tags to be able to analyze and optimize your use of our website even more precisely. Additionally, we use them to better target our marketing measures (see below Google Ads).

Google’s privacy policy can be found here: https://www.google.com/policies/privacy/partners/.

Google LLC has a so-called EU-U.S. Privacy Shield certification. The EU-U.S. Privacy Shield Agreement is a data protection agreement designed to ensure an adequate level of data protection for data transferred to certified U.S. companies. The EU Commission has determined the adequacy of the guaranteed data protection level according to the EU-U.S. Privacy Shield Agreement by decision of 12.07.2016 (Az. C(2016) 4176).

You can view the EU Commission’s decision here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of Google’s certification according to the EU-U.S. Privacy Shield Agreement can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

Processing is based on the legal basis of Article 6 (1) a) GDPR in connection with your consent to the use of Google Analytics. You can revoke your consent at any time with effect for the future.

Your data collected within the scope of Google Analytics will be deleted after 14 months.

  • Use of Google Ads and Remarketing

For advertising purposes, we use Google Remarketing as a function of the Google Ads advertising network. This enables us to show visitors of our website targeted interest-relevant ads about our website and our offers on Google and other websites of the advertising network.

In accordance with the Google Terms of Use (as of 31.03.2020), the Google Ads service is provided to you by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) if you are a resident in the European Economic Area or Switzerland. If you are a resident of another country, the Google Ads service will instead be provided to you by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

For this purpose, we use cookies (see above) on our web pages to store the information that you have visited our website. These cookies enable the relevant Google service provider responsible for your location (Google LLC or Google Ireland Limited) to recognize you as a visitor of our website on other web pages of the advertising network.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

In addition, you can object at any time to advertising by Google Ads based on your usage behaviour by changing your settings for personalised advertising under the link https://adssettings.google.com.

You can find Google’s data protection policy here: https://www.google.com/policies/privacy/partners/.

Google LLC has a so-called EU-U.S. Privacy Shield certification. The EU-U.S. Privacy Shield Agreement is a data protection agreement designed to ensure an adequate level of data protection for data transfers to certified U.S. companies. The EU Commission has determined the adequacy of the guaranteed data protection level according to the EU-U.S. Privacy Shield Agreement by decision of 12.07.2016 (Az. C(2016) 4176).

You can view the EU Commission’s decision here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of the certification of Google LLC according to the EU-U.S. Privacy Shield Agreement can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

Processing is based on the legal basis of Article 6 (1) a) GDPR in connection with your consent to the use of Google Ads. You can revoke your consent at any time with effect for the future.

  • Use of Google Fonts

We use Google Fonts on our website.

In accordance with the Google Terms of Use (as of 31.03.2020), the Google Fonts service is provided to you by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) if you are a resident in the European Economic Area or Switzerland. If you are a resident of another country, the Google Fonts service will instead be provided to you by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Therefore, when you visit our website, the relevant Google service provider responsible for your location (Google LLC or Google Ireland Limited) receives the information that you have called up the relevant page on our website. In addition, the data referred to in section 3 a) is transmitted.

Google LLC has a so-called EU-U.S. Privacy Shield certification. The EU-U.S. Privacy Shield Agreement is a data protection agreement designed to ensure an adequate level of data protection for data transfers to certified U.S. companies. The EU Commission has determined the adequacy of the guaranteed data protection level according to the EU-U.S. Privacy Shield Agreement by decision of 12.07.2016 (Az. C(2016) 4176).

You can view the EU Commission’s decision here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of the certification of Google LLC according to the EU-U.S. Privacy Shield Agreement can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

Your data will be processed on the legal basis of Art. 6 (1) lit. f) GDPR (legitimate interests) and in our interest to be able to use the fonts offered by Google Fonts on our website.

  • Additional service providers and data transfer to third parties

Your data will be transferred to technical service providers supporting us (e.g. website hosting and support) for the provision of this website and for the aforementioned purposes.

These service providers are bound to our instructions and are regularly checked by us.

Otherwise, your data will only be passed on to other third parties if this data protection declaration expressly refers to this or if we are legally obliged to do so.

  1. Your Rights

You have the right to request confirmation from us as to whether personal data relating to you is being processed; If this is the case, you have a right of access this personal data and the information listed in Article 15 GDPR.

You have the right to rectification of incorrect personal dataconcerning you and, if necessary, the completion of incomplete personal data (Art. 16 GDPR).

You have the right to erasure (“right to be forgotten”) of personal data relating to you, provided that one of the reasons detailed in Art. 17 GDPR is applicable, e.g. if the data is no longer needed for the purposes pursued.

You have the right to restriction of processing if one of the conditions listed in Art. 18 GDPR is fulfilled, e.g. if you object to the processing, for the duration of the review by us.

You have the right to object at any time to the processing of your personal data for the purposes of direct marketing. You also have the right to object at any time to processing carried out on the legal basis of Art. 6 Par. 1 S. 1 e) or f) GDPR for reasons arising from your particular situation (Art. 21 GDPR). See below for details.

You have the right to withdraw your consent given to us at any time with effect for the future.

You have the right to receive the data concerning you that you have provided to us in a structured, common and machine-readable format. You may also transmit this data to other sources or have it transmitted by us (right to data portability).

Please contact us to exercise your rights: shop@namilia.com.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR (Article 77 GDPR).

In Berlin, the competent supervisory authority is: Berliner Beauftragte für Datenschutz und Informationsfreiheit , Friedrichstr. 219, 10969 Berlin, https://www.datenschutz-berlin.de.

  1. Data Security

We use technical and organizational security measures to protect any personal data collected, in particular against accidental or willful manipulation, loss, destruction or against attacks by unauthorized third parties. Our security measures are continuously improved in accordance with technological progress.

When using our website, your personal data is encrypted using SSL/TLS technology to prevent access by unauthorized third parties.

May 2020

NAMILIA

Emilia Pfohl und Nan Li GbR

Notification on the right to object

You have the right to object at any time to any processing of personal data relating to you for direct marketing purposes. You also have the right to object at any time to processing carried out on the legal basis of Art. 6 Par. 1 S. 1 e) or f) GDPR for reasons arising from your particular situation (Art. 21 GDPR).

We will then no longer process your personal data unless we can prove compelling reasons for processing which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. For purposes of direct marketing the data will not be further processed in any case.