Privacy Policy
1) Information about the collection of personal data and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we will inform you about how your personal data is handled when you use our website. Personal data is all data with which you can be personally identified.
1.2The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is BonBon Lingerie Sales OÜ, Pärnu mnt 21, 10141, Tallinn, Estonia, Tel.: +372 56 855 585, Email: info@bonbonlingerie.com. Der The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data decides.
1.3 This website uses for security reasons and to protect the transmission of personal data and other confidential content (e.g.b Orders or inquiries to the person responsible) an SSL or. TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.
2) Data collection when you visit our website
If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called “Server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
-
Our website visited
-
Date and time at the time of access
-
Amount of data sent in bytes
-
Source/reference from which you came to the page
-
Browser used
-
Operating system used
-
IP address used (if applicable).: in anonymized form)
The processing takes place in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
3) Hosting
Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2. Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), for the purpose of hosting and displaying the online shop based on processing on our behalf. All data collected on our website is processed on Shopify’s servers. As part of Shopify's aforementioned services, data can also be sent to Shopify Inc. as part of further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc. be transmitted. In the event that data is transmitted to Shopify Inc. In Canada, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc. in the USA are for the US-European
Data protection agreement “Privacy Shield” certified, which ensures compliance with the data protection level applicable in the EU.
For further information about Shopify's data protection, please visit the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned above by Shopify only takes place within the scope stated below.
4) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called cookies). session cookies). Other cookies remain on your device and make it possible to recognize your browser on your next visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can find out how long each cookie is stored in the overview of the cookie settings in your web browser.
Cookies are sometimes used to simplify the ordering process by saving settings (e.g.b Remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed through individual cookies we use, processing takes place in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the event of consent being given or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Please note that if you do not accept cookies, the functionality of our website may be restricted.
5) Contact
As part of contacting us (e.g.b personal data is collected via contact form or email). Which data is collected in the case of a contact form can be seen from the respective contact form. This data is used exclusively for the purpose of answering your request or stored and used for contact and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR Your data will be deleted after your request has been processed. This is the case if it can be seen from the circumstances that the matter in question has been conclusively clarified and if there are no legal retention obligations to the contrary.
6) Data processing when opening a customer account and for contract processing
According to Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide it to us to execute a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. You can delete your customer account at any time by sending a message to the above.G address of the person responsible. We store and use the data you provide to process the contract. After the contract has been fully processed or your customer account has been deleted, your data will be blocked in consideration of tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or reserve the right to further use of data on our part as permitted by law became.
7) Use of your data for direct advertising
Subscribe to our email newsletter
If you register for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. To send the newsletter we use the so-called Double opt-in procedure. This means that we will only send you an email newsletter if you have expressly confirmed to us that you agree to receive the newsletter. We will then send you a confirmation email asking you to confirm that you want to receive the newsletter in the future by clicking on a corresponding link.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR When you register for the newsletter, we save your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data we collect when you register for the newsletter will be used exclusively for advertising purposes via the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the person responsible mentioned at the beginning. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.
8) Data processing for order processing
8.1 To process your order, we work with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
The personal data we collect will be passed on to the transport company commissioned with the delivery as part of the contract processing, to the extent that this is necessary to deliver the goods. We pass on your payment data to the commissioned credit institution as part of payment processing, provided this is necessary for payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for passing on the data is Art. 6 para. 1 lit. b GDPR
8.2 Transfer of personal data to shipping service providers
- Deutsche Post
If the goods are delivered by Deutsche Post (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will provide your email address in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of agreeing a delivery date or to Deutsche Post for delivery notification, provided you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b DSGVO only pass on the name of the recipient and the delivery address to Deutsche Post. The data will only be passed on to the extent that this is necessary for the delivery of the goods. In this case, the delivery date must be coordinated in advance with Deutsche Post or delivery notification is not possible.
Consent can be revoked at any time with future effect from the person responsible above or from Deutsche Post.
- DHL
If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will provide your email address in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of agreeing a delivery date or to DHL for delivery notification, provided you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b DSGVO only pass on the name of the recipient and the delivery address to DHL. The data will only be passed on to the extent that this is necessary for the delivery of the goods. In this case, the delivery date must be coordinated in advance with DHL or delivery notification is not possible.
Consent can be revoked at any time with future effect from the person responsible named above or from the transport service provider DHL.
- Hermes
If the goods are delivered by the transport service provider Hermes (Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg), we will provide your email address before delivery of the goods in accordance with Art. 6 para. 1 lit. a GDPR for the purpose of agreeing a delivery date or to Hermes for delivery notification, provided you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b DSGVO only pass on the name of the recipient and the delivery address to Hermes. The data will only be passed on to the extent that this is necessary for the delivery of the goods. In this case, the delivery date must be coordinated with Hermes or It is not possible to transmit status information about shipment delivery.
Consent can be revoked at any time with future effect from the person responsible above or from the transport service provider Hermes.
8.3 Use of payment service providers (payment services)
- Klarna
If you select a Klarna payment service, payment processing takes place via Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable payment to be processed, your personal data (first and last name, street, house number, postal code, city, gender, email address, telephone number and IP address) as well as data relating to the order are used (e.g. b Invoice amount, item, delivery type) will be passed on to Klarna for the purpose of identity and creditworthiness checks, provided that you agree to this in accordance with Art. 6 para. 1 lit. a DSGVO have expressly consented as part of the ordering process. You can see which credit agencies your data can be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of a payment default to make a balanced decision about the establishment, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the person responsible for data processing or to Klarna. However, Klarna may remain You are still entitled to process your personal data if this is necessary for contractual payment processing.
Your personal information will be used in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations for those affected based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for those affected based in Austria treated.
- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, we pass on your payment data to PayPal (Europe) S as part of the payment processing.arl et Cie, S.CA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment details may be processed in accordance with Art. 6 para. 1 lit. f GDPR is passed on to credit agencies on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Further data protection information, including information about the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may remain You are still entitled to process your personal data if this is necessary for contractual payment processing.
- IMMEDIATELY
If you select the payment method “SOFORT”, payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SOFORT”), to whom we will send the information you provided during the ordering process, along with the information about your order according to Art. 6 para. 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will be passed on exclusively for the purpose of processing payments with the payment service provider SOFORT and only to the extent that it is necessary for this purpose. You can find further information about SOFORT's data protection regulations at the following internet address: https://www.klarna.com/sofort/datenschutz.
9) Rights of the person concerned
9.1 The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) towards the person responsible with regard to the processing of your personal data, about which we inform you below:
- Right to information in accordance with Art. 15 GDPR: In particular, you have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected from you by us, the existence of an automated process Decision-making including profiling and, if necessary, meaningful information about the logic involved and the scope and intended effects of such processing affecting you, as well as your right to information about the guarantees in accordance with Art. 46 GDPR applies when your data is forwarded to third countries;
- Right to rectification in accordance with Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and/or completion of incomplete data stored by us;
- Right to deletion in accordance with Art. 17 GDPR: You have the right to have your personal data deleted if the requirements of Art. 17 para. 1 GDPR to request. However, this right does not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request that the processing of your personal data be restricted as long as the accuracy of your data that you dispute is verified, if you refuse to have your data deleted due to unlawful data processing and instead request that the processing of your data be restricted, if You need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons relating to your particular situation, as long as it is not yet clear whether our legitimate reasons outweigh them;
- Right to information in accordance with Art. 19 GDPR: If you have asserted the right to rectification, deletion or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing unless this proves to be impossible or involves disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible, to the extent that this is technically feasible;
- Right to revoke consent given in accordance with Art. 7 para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation;
- Right to complain in accordance with Art. 77 GDPR: If you are of the opinion that the processing of personal data concerning you violates the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence or your place of work or the location of the alleged violation.
9.2 Right to object If we process your personal data based on our overriding legitimate interest as part of a balancing of interests, you have the right at any time to object to this processing with future effect for reasons arising from your particular situation.
If you exercise your right to object, we will stop processing the data concerned. However, further processing is reserved if we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
If your personal data is processed by us in order to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. You can exercise your objection as described above.
If you exercise your right to object, we will stop processing the data concerned for direct advertising purposes.
10) Duration of storage of personal data
The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing and - if relevant - additionally based on the respective statutory retention period (e.g.b commercial and tax law retention periods).
When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, this data will be stored until the person concerned revokes their consent.
Are there statutory retention periods for data that is stored in the context of legal transactions or obligations similar to legal transactions on the basis of Art. 6 para. 1 lit. b DSGVO are processed, these data will be routinely deleted after the retention periods have expired, unless they are no longer required to fulfill or initiate the contract and/or we have no legitimate interest in further storage.
When processing personal data on the basis of Art. 6 para. 1 lit. f DSGVO, this data will be stored until the person concerned exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Art. 6 para. 1 lit. f DSGVO, this data will be stored until the person concerned exercises their right to object in accordance with Art. 21 para. 2 GDPR.
Unless otherwise follows from the other information in this declaration about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed are.