This privacy policy explains the type, scope and purpose of the processing of personal data in connection with the use of our online presence and the websites, functions and content associated with it. With regard to the terms used, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Responsible within the meaning of Art. 4 (7) GDPR
Torben Ratzlaff
Glindweg 27
22303 Hamburg
contact@shapesanddreams.net
We would like to point out that data transmission on the internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.
External hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the host’s servers. This can be v. a. IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para 1 lit. f GDPR).
Our hoster will only process your data to the extent that this is necessary to fulfill its performance obligations and will follow our instructions in relation to this data.
We use the following hoster:
Host Europe GmbH
c/o WeWork
Friesenplatz 4
50672 Köln
contract for order processing
In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.
Which personal data we collect
and why we collect it
Website Statistics
We use the WordPress plugin “WP Statistics” to analyze the use of the website. We do this on the basis of our legitimate interest in gaining a better understanding of the accessibility of the website and its content in order to be able to expand and improve our offer in a targeted manner.
For this purpose, your IP address is stored anonymously (it is not possible to draw conclusions about you or your internet connection). The data collected in this way will not be passed on to third parties, but only stored on our server.
Cookies
Our website uses so-called “cookies”. Cookies are small text files and do not cause any damage to your end device. They are stored on your end device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies can also be stored on your end device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertising.
Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you want (functional cookies, e.g. for the shopping cart function), are stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is given. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies was requested, the relevant cookies are stored exclusively on the basis of this consent (Article 6 (1) (a) GDPR); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies, as well as allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed.
You can inspect all our cookies and their purposes as well as change your cookie permissions here.
Cookie consent with Borlabs Cookie
Our website uses Borlabs Cookie’s cookie consent technology to obtain your consent to the storage of certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, which stores the consent you have given or the withdrawal of this consent. This data is not passed on to the provider of Borlabs Cookie.
The collected data is stored until you ask us to delete it or delete the Borlabs cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/which-data-stores-borlabs-cookie/.
Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 (1) (c) GDPR.
Server log files
The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- operating system
- used Referrer URL
- Host name of the accessing computer
- Time of server request
- IP address
This data is not merged with other data sources.
This data is collected on the basis of Article 6 (1) (f) GDPR. The website provider has a legitimate interest in the technically error-free presentation and optimization of his website – the server log files must be recorded for this purpose.
Personal data via email
If you use the e-mail addresses provided on this website to contact us, we will store the information that you provide to us (e.g. your e-mail address, the name under which you contact us, a telephone number if applicable, if you provide them) that is neccessary to answer your enquiry. This data will not be disclosed to third parties. After the communication has ended, you can request that we erase all personal data.
Embedded content from other websites
Pages on this site may contain embedded content (Youtube videos). Embedded content from other websites behaves in partial exactly as if the visitor had visited the other website.
Youtube videos on this website are embeded using the www.youtube-nocookie.com format, which prevents the setting of cookies from www.youtube.com.
YouTube videos can still anonymously track other data when viewed, especially if you are logged into YouTube.
Further information on the handling of user data can be found in YouTube’s data protection declaration at: https://policies.google.com/privacy.
Email newsletter
We occasionally send out newsletters to provide information about our products and new developments.
Registration for the newsletter via this page and its dispatch are handled by the service provider “Mailchimp”. “Mailchimp” saves the e-mail address you gave us on our behalf, to which we send our newsletter. “Mailchimp” acts in accordance with the European General Data Protection Regulation (further information).
After your registration you will receive an e-mail to the given e-mail address. You will only be registered for the newsletter once you have confirmed this (double opt-in). You can unsubscribe from the newsletter at any time by clicking on the relevant link in the footer of one of our newsletter emails.
Your registration will be confirmed on the “Mailchimp” page. Cookies can be stored and other data collected. Please note the privacy policy and cookie statement of “Mailchimp”.
eCommerce and Payment Services
Processing of data (customer and contract data)
We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship (inventory data). This is based on Article 6 Paragraph 1 Letter b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.
Data transmission upon conclusion of contract for online shops, dealers and Deliverers
We only transmit personal data to third parties if this is necessary in the context of contract processing, for example to the company entrusted with the delivery of the goods or the bank responsible for processing the payment. Any further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 Paragraph 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.
Data transmission upon conclusion of contract for services and digital content
We only transmit personal data to third parties if this is necessary within the framework of contract processing, for example to the bank responsible for processing payments.
Any further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 Paragraph 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.
payment services
We integrate payment services from third party companies on our website. If you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contract and data protection provisions of the respective provider apply to these transactions. The payment service providers are used on the basis of Art. 6 Para. 1 lit. b GDPR (contract processing) and in the interest of a payment process that is as smooth, convenient and secure as possible (Art. 6 Para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Article 6 (1) (a) GDPR is the legal basis for data processing; Consent can be revoked at any time for the future.
We use the following payment services / payment service providers on this website:
PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Details can be found in PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
How long we store your data
Website Statistics
Your anonymized data will be stored for up to one year for long-term usage analysis and then automatically deleted. It is also deleted as soon as it is no longer relevant for the usage analysis.
Cookies
The indicidual cookies are stored fore different time frames according to the role they have to fullfill. A complete overview of all used cookies and their storage time can be found here.
Server log files
Server log files are stored and accessible for 14 days.
Personal data via email
Personal data sent via email is only stored as long as neccessary for answering your enquiry.
If your enquiry leads to contracts or financial transactions the corresponding data is stored in respect to our legal liabilities towards tax offices and other goverment agencies.
Email newsletter
Your data for our newsletter (your e-mail address) will be stored for as long as it is necessary for the occasional sending of the newsletter. Your data will be automatically deleted as soon as you unsubscribe from the newsletter by clicking on the corresponding link in the footer of one of our newsletter emails, or we no longer send out the newsletter.
eCommerce and Payment Services
The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data provided to third-parties like payment providers, deliverers and others may be stored by those for different amounts of time depending on the service and different statutory retention periods.
What rights you have towards your data
You can request the surrender of your personal data from us, including all data you have given to us.
In addition, you can request the deletion of all personal data that we have stored about you.
This does not include the data that we have to keep due to administrative, legal or security-related needs.
Please note that it is logically not possible to assign anonymised data and we are therefore unable to provide any information about them.
How we protect your data
We take all resonable action to protect your personal data.
Technical protection
Your personal data is protected by up to date firewalls and security programs as well as strong passwords.
Organizational protection
Your personal data is handled with great care and is only seen by those necessary.