data protection

privacy policy
Unless otherwise stated below, the provision of your personal data is neither legally nor
contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide the data.
Failure to provide this data has no consequences. This only applies if no other information is provided in the subsequent processing operations.
is made.
"Personal data" means any information relating to an identified or identifiable natural person.
server log files
You can visit our websites without providing any personal information.
Every time you access our website, usage data is sent to us or our web host / IT service provider through your Internet browser
and stored in protocol data (so-called server log files). This stored data includes, for example, the name of the
page accessed, date and time of access, IP address, amount of data transferred and the requesting provider.
The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in the
To ensure the smooth operation of our website and to improve our offering.
Your data will be transferred to Canada, among other places. For data transfers to Canada, there is an adequacy decision by the EU Commission
before.

responsible person
Please contact us if you wish. The person responsible for data processing is: Ivonne Rzymek , Mittelstraße 30, 31319 Sehnde , telephone: +49(0) 172 / 2551159 , email address: info@boutique-in-heaven.de)
customer's initiative contact via email
If you initiate business contact with us by email, we collect your personal data (name, email address,
message text) only to the extent provided by you. The data processing serves to process and answer
your contact request.
If the contact serves to carry out pre-contractual measures (e.g. advice in case of interest in purchase, preparation of an offer)
or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1
lit. b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR from
our overriding legitimate interest in processing and answering your request. In this case, you have the right
for reasons arising from your particular situation, at any time to this processing based on Art. 6 para. 1 lit. f GDPR
to object to the processing of personal data concerning you.
We only use your email address to process your request. Your data will then be processed in accordance with legal
Retention periods will be deleted unless you have consented to further processing and use.
Collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, email address, message text) only in the
The scope made available to you. The data processing serves the purpose of establishing contact.
If the contact serves to carry out pre-contractual measures (e.g. advice in case of interest in purchase, preparation of an offer)
or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1
lit. b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR from
our overriding legitimate interest in processing and answering your request. In this case, you have the right
for reasons arising from your particular situation, at any time to this processing based on Art. 6 para. 1 lit. f GDPR
to object to the processing of personal data concerning you.
We only use your email address to process your request. Your data will then be processed in accordance with legal
Retention periods will be deleted unless you have consented to further processing and use.

WhatsApp Business
If you contact us via WhatsApp for business purposes, we use the WhatsApp Business version of WhatsApp Ireland
Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “WhatsApp”). If you are staying outside the
European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA)
provided.
The data processing serves to process and answer your contact request. For this purpose we collect and process your
Mobile phone number stored with WhatsApp, if provided Your name and other data in the
Scope. We use a mobile device for the service, in whose address book only data of users are stored who
have contacted us via WhatsApp. Any transfer of personal data to WhatsApp without your consent
WhatsApp has given its consent, this will not happen.
Your data will be transmitted by WhatsApp to servers of Meta Platforms Inc. in the USA. For the USA, an adequacy decision
of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. has registered under the TADPF
certified and thus obliged to comply with European data protection principles. If contacting the implementation
pre-contractual measures (e.g. advice in case of purchase interest, preparation of an offer) or an agreement already concluded between you and us
concluded contract, this data processing is carried out on the basis of Art. 6 Paragraph 1 Letter b of GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR from
our overriding legitimate interest in providing quick and easy contact and in
Answering your request. In this case, you have the right, for reasons related to your particular situation,
at any time to this processing of personal data concerning you based on Art. 6 para. 1 lit. f GDPR
contradict.
We only use your personal data to process your request. Your data will then be processed in accordance with
statutory retention periods, unless you have consented to further processing and use.
For more information on terms of use and data protection when using WhatsApp, please visit
https://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy.


customer account orders
customer account
When you open a customer account, we collect your personal data to the extent specified therein.
Data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing
is based on Art. 6 Paragraph 1 Letter a of GDPR with your consent. You can revoke your consent at any time by notifying us
without affecting the legality of the processing carried out on the basis of the consent until the revocation. Your
Customer account will then be deleted.
Collection, processing and transfer of personal data when placing orders
When placing an order, we only collect and process your personal data to the extent necessary to fulfil and process your
order and to process your enquiries. The provision of data is necessary for the conclusion of the contract.
Failure to provide this information will result in no contract being concluded. Processing is carried out on the basis of Art. 6 para. 1 lit.
b GDPR and is necessary for the performance of a contract with you.
Your data will be passed on, for example, to the shipping companies and dropshipping providers you have selected,
Payment service providers, service providers for order processing and IT service providers. In all cases, we strictly observe the legal
specifications. The scope of data transmission is limited to a minimum.
Your data will be transferred to Canada, among other places. For data transfers to Canada, there is an adequacy decision by the EU Commission
before.


inventory management
use of an external inventory management system
We use a merchandise management system to process contracts as part of order processing. For this purpose, your data will be
personal data collected during the order
Pickware GmbH, Goebelstr. 21, 64293 Darmstadt
transmitted.


payment service providers
Use of the payment service provider Stripe
We use the payment service Stripe from Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal
Dock, Dublin, Ireland). The data processing serves the purpose of being able to offer you payment via the payment service. By selecting
and use of Stripe, the data required for payment processing will be transmitted to Stripe in order to conclude the contract with you with the
selected payment method. This processing is carried out on the basis of Art. 6 Paragraph 1 Letter b of GDPR.


Stripe reserves the right to obtain a credit report based on mathematical-statistical procedures using
To do this, Stripe transmits the personal data required for a credit check to a credit agency
and uses the information received on the statistical probability of default for a balanced
Decision on the establishment, implementation or termination of the contractual relationship. The credit report can
Probability values ​​(score values) based on scientifically recognized mathematical-statistical procedures
and the calculation includes, among other things, address data. Your legitimate interests will be protected in accordance with the
legal provisions are taken into account. The data processing serves the purpose of credit assessment for the initiation of a contract.
Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in protecting against
Default in payment if Stripe makes advance payments.
You have the right to object to processing at any time for reasons arising from your particular situation based on Art. 6 para. 1 lit. f
GDPR based processing of personal data concerning you by notifying Stripe. The
Provision of the data is necessary for the conclusion of the contract with the payment method you have requested. Failure to provide the data will result in
The consequence is that the contract cannot be concluded using the payment method you have chosen.
All Stripe transactions are subject to the Stripe Privacy Policy, which can be found at https://stripe.com/de/privacy
cookies
Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on the
computer system of a user. When a user visits a website, a cookie can be stored on the operating system of the
user's browser. This cookie contains a characteristic string that uniquely identifies the browser
when you visit the website again.
Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting
By making appropriate technical settings in your Internet browser, you can be notified before cookies are set and
decide individually about acceptance and prevent the storage of cookies and transmission of the data contained therein.
Stored cookies can be deleted at any time. However, we would like to point out that in this case you may not be able to access all
can fully use the functions of this website.
The links below will tell you how to manage cookies in the most important browsers (including
deactivate):
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-
2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablassen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Technically necessary cookies
Unless otherwise stated in the privacy policy below, we only use these technically necessary
Cookies to make our service more user-friendly, effective and secure. Cookies also enable
our systems to recognize your browser even after you change pages and to offer you services. Some functions of our
The website cannot be offered without the use of cookies. These require that the browser is
is recognized when changing sides.
The use of cookies or similar technologies is based on Section 25 Paragraph 2 TTDSG. The processing of your
personal data is processed on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in the
Ensuring optimal functionality of the website as well as a user-friendly and effective design of our offering.
You have the right to object to the processing of your personal data at any time for reasons related to your particular situation.
to object to the processing of personal data concerning you.
Use of GDPR Legal Cookie
We use the consent management tool GDPR Legal Cookie from beeclever GmbH (Universitätsstraße 3, 56070
Koblenz a. Rh.; “beeclever”). The tool enables you to consent to data processing via the website, in particular the
setting of cookies, as well as to exercise your right to withdraw consent for consents already given.
The data processing serves the purpose of obtaining and documenting the necessary consents for data processing and thus
to comply with legal obligations. Cookies can be used for this purpose. The following information can be collected, among others:
and transmitted to beeclever: anonymized IP address, date and time of consent, URL from which consent
sent, anonymous, random, encrypted key, consent status. This data will not be passed on to other third parties.
not.


The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 (1) lit. c GDPR.
Further information on terms of use and data protection at beeclever can be found at: https://gdpr-legal-cookie.com/pages/termsconditions
and at https://gdpr-legal-cookie.com/pages/datenschutzerklarung.
Use of GDPR cookie management
We use the GDPR/DSGVO cookie management of iSense LLC (855 W Maude Ave, Mountain View, CA
94043, USA; "iSenseLabs").
The service allows you to give consent to data processing via the website, in particular the setting of cookies
and to exercise your right to withdraw your consent. The data processing serves the purpose of
to obtain and document the necessary consents for data processing and thus to comply with legal obligations.
Cookies are used to store your consent status.
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, which
Trans-Atlantic Data Privacy Framework (TADPF). iSenseLabs is not TADPF certified.
The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 (1) lit. c GDPR.
For more information about data protection at iSenseLabs Next, please visit: https://isenselabs.com/pages/privacypolicy


Analysis Communication
Using Shopify Statistics
We use the statistics and analysis functions of Shopify International Limited (2nd Floor Victoria Buildings, 1-2
Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") as part of an order processing. Shopify is a service provider affiliated with Shopify Inc. (151
O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada) affiliated company
The data processing serves the purpose of analyzing this website and its visitors. For this purpose, data on marketing and
Optimization purposes and provided in reports, analyses and statistics. The following are among others
Device information collected and processed: Information about the web browser, IP address, time zone and some of the cookies that
installed on your device. When you navigate the website, information about the web pages you visit or
products, the referrer URL (website from which you accessed our website), as well as information on how to use the
website. Technologies such as cookies, web beacons, tags and pixels (electronic files for
Collecting information about how you navigate the website).
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 Paragraph 1 Clause 1 TTDSG in conjunction with
Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1
lit. a GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until
processing carried out after the revocation is affected.
You can find more information about data protection at Shopify at https://www.shopify.com/de/legal/datenschutz, information about
Order processing agreement at https://www.shopify.com/de/legal/dpa as well as information on the cookies used
at https://www.shopify.com/de/legal/cookies.
Using Shopify Inbox.


We use the live chat system Shopify Inbox from Shopify International Limited (2nd Floor Victoria Buildings, 1-2
Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”) as part of order processing.
The data processing serves the purpose of direct and efficient communication between you and us as the provider.
Data is stored and processed for the operation of the system and for the purposes of optimizing the service.
To operate the live chat system, cookies may be used to enable browser recognition.
The following information may be collected and processed: IP address and information provided by you when using the chat system
personal data provided.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there.
There is an adequacy decision by the EU Commission for Canada. There is an adequacy decision by the EU Commission for the USA
the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer
is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 Paragraph 1 Clause 1 TTDSG in conjunction with
Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1
lit. a GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until
processing carried out after the revocation is affected.
For more information about data protection at Shopify, see
at https://www.shopify.com/de/legal/datenschutz and https://www.shopify.com/de/legal/dpa.


Plug-ins and Others
Use of Google reCAPTCHA
We use the reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website;
"Google"). The query serves the purpose of distinguishing the input by a human or by automated, machine
Processing. Your input will be transmitted to Google and used there. In addition, the IP address and
If necessary, other data required by Google for the reCAPTCHA service will be transferred to Google. This data is stored by Google
processed within the European Union and may also be transferred to Google LLC servers in the USA. For the USA,
There is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has
certified by the TADPF and thus obliged to comply with European data protection principles.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 Paragraph 1 Clause 1 TTDSG in conjunction with
Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1
lit. a GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until
processing carried out after the revocation is affected.
Further information about Google reCAPTCHA and the associated privacy policy can be found
at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy.


Use of Cloudflare
We use the content delivery network Cloudflare CDN from Cloudflare Inc. (101 Townsend St, San Francisco,
CA 94107, USA; “Cloudflare”). This is a nationwide network of servers in various data centers with which
our web server connects to and through which certain content from our website is delivered.
The data processing serves the purpose of optimizing the loading times of our website and thus making our offer more user-friendly.
design.
The following information may be collected: IP address, system configuration information, information about
the traffic to and from customer websites (so-called server log files).
Your data may be transferred to the USA. For the USA, an adequacy decision of the EU Commission exists,
the Trans-Atlantic Data Privacy Framework (TADPF). Cloudflare has certified itself according to the TADPF and is therefore committed to European
comply with data protection principles.
The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR from our predominantly
legitimate interest in the needs-based and targeted design of the website. You have the right to object to the processing of your personal data for reasons
arising from your particular situation, you can object to this processing based on Art. 6 (1) lit. f GDPR at any time.
to object to the processing of personal data concerning you.
For more information on data protection when using Cloudflare, please visit https://www.cloudflare.com/dede/
privacypolicy/.


use of YouTube
We use the function for embedding YouTube videos from Google Ireland Limited (Gordon House, Barrow
Street, Dublin 4, Ireland; “YouTube”). YouTube is a service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
“Google”) affiliated company.
The function displays videos stored on YouTube in an iFrame on the website. The option “Advanced
This means that YouTube does not store any information about visitors to the website. Only when you
watch a video, information about it is transmitted to YouTube and stored there. Your data may be stored in
the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy
Framework (TADPF). YouTube has certified itself according to the TADPF and is therefore committed to European data protection principles
to comply with.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 Paragraph 1 Clause 1 TTDSG in conjunction with
Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1
lit. a GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until
processing carried out after the revocation is affected.
For more information about the collection and use of data by YouTube and Google, your rights in this regard and
For options to protect your privacy, please see YouTube’s privacy policy at https://www.youtube.com/t/privacy.
Rights of data subjects and storage period
duration of storage
After the contract has been fully processed, the data will be stored initially for the duration of the warranty period, then taking into account
statutory, in particular tax and commercial law retention periods and then deleted after expiry of the period, provided
You have not consented to further processing and use.
rights of the data subject
If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: Right to information,
rectification, erasure, restriction of processing, data portability.


In addition, according to Art. 21 para. 1 GDPR, you have the right to object to processing based on Art. 6 para. 1 f GDPR
based, as well as against processing for direct marketing purposes.
right to lodge a complaint with the supervisory authority
According to Art. 77 GDPR, you have the right to complain to the supervisory authority if you believe that the
processing of your personal data is not lawful.
You can lodge a complaint with the supervisory authority responsible for us, which you can reach at the following contact details
to reach:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Tel.: +49 211 384240
Fax: +49 211 38424999
E-Mail: poststelle@ldi.nrw.de
right of objection
Are the personal data processing operations listed here based on our legitimate interest in accordance with Art. 6 Para.
1 lit. f GDPR, you have the right, for reasons arising from your particular situation, to object to this processing at any time with
effect for the future.
After objection has been made, the processing of the data concerned will be terminated, unless we can demonstrate compelling legitimate grounds
demonstrate grounds for the processing which override your interests, rights and freedoms, or where the processing of the
assertion, exercise or defense of legal claims.
last updated: July 13, 2023