Data protection declaration for STILL garments, represented by Elke Fiebig
Thank you for your interest in STILL garments. I take data protection and your data seriously. The servers on which www.stillgarments.com is operated are located in Germany. Your data will not be passed on to uninvolved third parties or even sold without your consent - there are exceptions, for example, with the necessary data transfer to shipping service providers.
You can use this website without providing any personal data. If a data subject wishes to use our company's services via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we always obtain the consent of the person concerned.
The processing of personal data (e.g. name, address, e-mail address or telephone number of a data subject) is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations that apply to us.
The following data protection declaration informs the public about the type, scope and purpose of the personal data we collect, use and process. This data protection declaration also informs data subjects about their rights.
We have implemented technical and organizational measures to ensure the most complete protection of personal data processed via our website. However, data transmissions over the Internet can generally contain security gaps. 100% protection cannot therefore be guaranteed. Therefore, every person concerned can of course also send us personal data alternatively, e.g. by telephone.
This data protection declaration is based on the definitions used by the European legislator for directives and regulations when the GDPR was adopted (Article 4 GDPR). This data protection declaration should be both easy to read and easy to understand for everyone. To ensure this, we would first like to explain the terminology used. The following definitions are used in this data protection declaration:
- „personal data“all information that relates to an identified or identifiable natural person (hereinafter "data subject"); A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person
- „data subject“any identified or identifiable natural person whose personal data is processed by the person responsible for processing
- „processing“any process or series of processes carried out with or without the help of automated processes in connection with personal data such as the collection, recording, organization, arrangement, storage, adaptation or modification, reading, querying, use, disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction
- „Restriction of processing“the marking of stored personal data with the aim of restricting their future processing
- „Profiling“ any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences, interests to analyze or predict the reliability, behavior, whereabouts or change of location of this natural person
- „Responsible person“the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data; If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states
- „Recipient“a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients; The processing of this data by the named authorities takes place in accordance with the applicable data protection regulations in accordance with the purposes of the processing
- „Third party“a natural or legal person, authority, agency or other body, apart from the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor
- „Consent“of the data subject: any voluntary, informed and unambiguous declaration of will in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that they agree to the processing of the personal data concerning them for the specific case.
a) name and contact details of those responsible for processing
These data protection notices apply to data processing by:
Responsible:STILL garments, represented by Elke Fiebig, E-Mail: firstname.lastname@example.org.
This website is hosted by an external service provider (hoster). The personal data recorded on this website is stored on the host's servers. These can mainly be IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit.b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para . 1 lit.f GDPR).
The hoster will only process data insofar as this is necessary to fulfill its performance obligations and follow instructions relating to this data.
We use the following hosters: Webgo GmbH, Heidenkampsweg 81, 20097 Hamburg, Germany.
Contract for data processing
In order to ensure data protection compliant processing, we have concluded an order processing contract with our hoster.
c) Storage period
Unless a more precise storage period is specified in this data protection declaration, personal data will be stored until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, the data will be deleted unless there are other legally permissible reasons for storing the personal data (e.g. tax or commercial retention periods); in this case, the deletion takes place after these reasons no longer apply.
d) Note on data transfer to the USA and other third countries
This website uses tools from companies based in the USA or other third countries that are not secure in terms of data protection law. If these tools are active, your personal data can be transferred to these third countries and processed there. I would like to point out that no data protection level comparable to that in the EU can be guaranteed in these countries.
For example, companies in the USA are obliged to release personal data to security authorities without those affected being able to take legal action against it. I can therefore not rule out that US authorities process, evaluate and permanently store your data on US servers for monitoring purposes. I have no influence on that.
e) Revocation of consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.
3. Collection and storage of personal data as well as the type and purpose of their use
a) When visiting the website
this website can be used without revealing your identity. When you visit our website, the browser used on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action and stored until it is automatically deleted:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the file called up
- Website from which access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer and the name of your access provider
The data mentioned are processed for the following purposes:
- Ensuring a smooth connection to the website
- Ensuring comfortable use of our website
- Evaluation of system security and stability
- as well as for further administrative purposes.
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit.f GDPR. Our legitimate interest follows from the data collection purposes listed above. In no case do I use the collected data for the purpose of drawing conclusions about your person.
b) When using our contact form
If you have any questions, you can contact us using a form provided on our website. It is necessary to provide a valid email address so that we know who sent the request and to be able to answer it. Further information can be provided voluntarily. It is up to you to decide whether you want to enter this data in the contact form.
The data processing for the purpose of establishing contact is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR on the basis of your voluntarily given consent.
c) When ordering via our website
You can either place orders as a guest via this website without registering, or register in our shop as a customer for future orders. Registration has the advantage that, in the event of a future order, you can log into the shop directly with your email address and password without having to re-enter your contact details.
Personal data is entered in an input mask and transmitted to us and stored. If you place an order via this website, we first collect the following data, both in the case of a guest order and in the case of a registration in the shop:
- first name, last name
- a valid email address
- telephone number
This data is collected in order
- to be able to identify you as our customer
- to process, fulfill and process the order
- for correspondence
- for invoicing
- to process any liability claims that may exist, as well as the assertion of any claims
- to ensure the technical administration of our website
- to manage our customer data
As part of the ordering process, consent to the processing of this data is obtained.
The data processing takes place on your order and / or registration and is necessary according to Art. 6 Para. 1 S. 1 lit. b GDPR for the purposes mentioned for the appropriate processing of the order and for the mutual fulfillment of obligations from the purchase contract.
The personal data collected by us for the processing of your order will be stored until the statutory retention period expires and then deleted, unless, according to Article 6 Paragraph 1 Sentence 1 lit. and documentation obligations (from HGB, StGB or AO) are obliged to store them for a longer period of time or you have consented to storage going beyond this in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR.
4. Transfer of data
A transfer of personal data to third parties takes place exclusively to the service partners involved in the execution of the contract, such as the logistics company commissioned with the delivery and the credit institute commissioned with payment matters. In cases where personal data is passed on to third parties, the scope of the data transmitted is limited to the necessary minimum.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal, we give the payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is included in the calculation of the score values. Further data protection information can be found in the PayPal data protection principles: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
A transfer of your personal data to third parties for purposes other than those mentioned does not take place.
We only pass on your personal data to third parties if:
- You have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit.
- the transfer according to Art. 6 Para. 1 S. 1 lit.f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data
- in the event that there is a legal obligation for disclosure in accordance with Art. 6 Paragraph 1 Clause 1 lit.
- this is legally permissible and required according to Art. 6 Para. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you.
As part of the ordering process, consent is obtained for the data to be passed on to third parties.
Information is stored in the cookie that results in connection with the specific device used. However, this does not mean that we thereby gain direct knowledge of your identity.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on the end device for a specific period of time. If you visit this page again to use our services, it will automatically be recognized that you have already visited us and which entries and settings you have made so that you do not have to re-enter them.
The data processed by cookies are required for the purposes mentioned to safeguard our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 lit.f GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, if you completely deactivate cookies, you may not be able to use all the functions of our website.
6. Links to Third Party Web Sites
The links published on our website are researched and compiled by us with the greatest possible care. However, we have no influence on the current and future design and content of the linked pages. We are not responsible for the content of the linked pages and expressly do not adopt the content of these pages as our own. The provider of the website referred to is solely liable for illegal, incorrect or incomplete content as well as for damage resulting from the use or non-use of the information. The liability of those who merely refer to the publication via a link is excluded. We are only responsible for third-party references if we have positive knowledge of them, i.e. also of any illegal or criminal content, and it is technically possible and reasonable for us to prevent their use.
If you would like to register for my newsletter, which I send via Mailchimp, I need an email address, a name to address (but a single letter is sufficient for this, for example) as well as your information about which topics you would like to be informed about. This data is stored, as is your consent to data storage, which is necessary for registration. In addition, I do not pass this information on to third parties.
You can unsubscribe from the newsletter at any time, all you need to do is send an email via the reply function or click on the "Unsubscribe" button.
After unsubscribing from the newsletter, your email address may be stored in a blacklist by us / Mailchimp in order to prevent future mailings. These data are only used for this purpose and are not merged with other data. This storage is not limited in time. You can object if your interests outweigh my legitimate interests.
Mailchimp is based in the USA, The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
What this means in detail can be found under point 2.d) A contract for order processing has been concluded with Mailchimp.
I reserve the right to delete email addresses from the newsletter list at my own discretion if there is a legitimate interest (within the scope of Art. 6 Para. 1 lit. f GDPR).
8. Analysis and tracking tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 Para. 1 S. 1 lit. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use tracking measures to statistically record the use of our website and to evaluate it for you in order to optimize our offer. These interests are to be regarded as legitimate within the meaning of the aforementioned regulation.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.
9. Social media plugins and other tools
We use social plugins from social networks (e.g. Facebook, Instagram, Pinterest) on our website on the basis of Art. 6 Para. 1 S. 1 lit.f GDPR to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for the data protection-compliant operation is to be guaranteed by the respective provider. We integrate these plugins using the so-called two-click method in order to protect visitors to our website in the best possible way.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your related rights and setting options to protect your privacy can be found in the data protection information, in particular the Facebook data guideline, which you can view under the following link: https: // www.facebook.com/about/privacy/
Functions of the Instagram service are integrated on this website. If you are logged in with an Instagram account, you can link the contents of this website to your Instagram profile by clicking the Instagram button. This enables Instagram to assign the visit to this website to the user account. I have no knowledge of the content of the transmitted data and have no influence on the use by Instagram.
If personal data is collected on this website with this tool and forwarded to Facebook or Instagram, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR ). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing by Facebook or Instagram after the forwarding is not part of the joint responsibility. The joint obligations incumbent on us were set out in an agreement on joint processing: https://www.facebook.com/legal/controller_addendum.
According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the implementation of the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert rights of data subjects (e.g. requests for information) with regard to the data processed on Facebook or Instagram directly on Facebook.
Further information can be found in Instagram's data protection declaration:
This website is linked to Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. If you click on the Pinterest button on an image, your browser establishes a direct connection to the Pinterest servers. Log data is sent to the Pinterest server in the USA. This log data may contain the IP address, the address of the websites visited, which also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies.
The storage and analysis of the data takes place on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be withdrawn at any time.
This website uses tools from the Vimeo video portal to link video content. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit a page with a Vimeo video, a connection to the Vimeo servers will be established. The Vimeo server (in the USA) is informed which page you have visited. Vimeo also receives the IP address. Even if you are not logged into Vimeo.
If you are logged in with an account at Vimeo, Vimeo can assign your behavior on the website to the account. If you want to prevent this, you have to log out of Vimeo.
Vimeo is used in the interest of an appealing presentation of my online offers. The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests".
Vimeo's data protection declaration and other information on how it handles user data can be found here: https://vimeo.com/privacy.
10. Rights of data subjects
You have the right to:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal to request the origin of your data, if they were not collected from me, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details;
- in accordance with Art. 16 GDPR to immediately request the correction of incorrect or incomplete personal data stored by us;
- to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
- In accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the correctness of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert or exercise it or you need to defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible;
- to revoke your consent given to us at any time in accordance with Art. 7 Para. 3 GDPR. As a result, we are no longer allowed to continue the data processing based on this consent in the future and
- to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
11. Right to Object
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit.f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for doing so which arise from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to exercise your right of revocation or objection, an email to: contact ( at) stillgarments.com
12. Data security
We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect data against accidental or deliberate manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
13. Date and changes to this data protection declaration
This data protection declaration is currently valid and is dated March 2021.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to change this data protection declaration. The current data protection declaration can be called up and printed out at any time on our website under the following link:
Source: Muster-Datenschutzerklärung erstellt durch Rechtsanwalt Andreas Gerstel