Pricacy Policy

Goal of this privacy policy is to inform you on the grounds of General Data Protection Regulation (GDPR) about the purpose, nature and legal basis of processing your personal data by visiting and using our website or our social media presences.

Used terms

Explanation of terms, used in this privacy policy:

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

For explanation of other in this privacy policy used terms we point to the definitions in Article 4 GDPR.

Purpose of processing data

  • Operation of our online presence together with ist content and features
  • Measures to safeguard our online presence
  • Measurement of usage (reach) and marketing
  • Communication with visitors, users or applicants

Types of processed data

  • so-called meta data (e.g. information about used devices or IP addresses)
  • content data (submitted texts, photos or video)
  • contact data (e.g. telephone numbers or email addresses)
  • usage data (e.g. visited website pages including lenght and time of visit)
  • inventory data (e.g. addresses and names)

Legal basis of processing personal data

We mention the applicable legal basis of the respective processing of personal data in various passages of this privacy policy. Otherwise, we process personal data only when:

the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6 paragraph 1 point a, connected with Article 7 GDPR);

processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 paragraph 1 point b GDPR);

processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6 paragraph 1 point c GDPR);

processing is necessary in order to protect the vital interests of the data subject or of another natural person (Article 6 paragraph 1 point d GDPR);

processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Article 6 paragraph e GDPR);

processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (Article 6 paragraph 1 point f GDPR), Our legitimate interests, if not stated separately, are to operate our online service and our business activities securely, economically and efficiently, the provision of attractive offers and an interesting online service and our connected business interests.

Categories of persons concerned

Following categories of persons are concerned: visitors of our online presences and users of its features (e.g. registration of a user account, submission of a form), hereinafter also called “visitor” or “user.

Controller

Controller is Andreas T. Frenko, Beusselstr. 18, 10553 Berlin, Germany, Phone +49 30 / 609889781, Fax +49 30 / 609 889 789, email: info@stylebetsy.com – please also see imprint under https://www.stylebetsy.com/imprint

Provision of Personal Data

According to Article 13 paragraph 2 point c GDPR we state that provisioning of personal data to us is not a statutory requirement. It might be necessary, though, to provide certain personal data to enter into a contract with us, e.g. the email address to conduct a register a user account. In such cases the person affected - if he will enter into an contract with us – has to provide such personal data. Legal basis of this is Article 6 paragraph 1 point b GDPR.

Which personal data has to be provided in such cases, will be stated by us when we ask for that data, and you can always ask the controller. Possible consequences of not providing personal data can be that you can not enter into a contract with us or use functions of our online presences. You can always ask the controller whether this is the case.

Length of Storing Personal Data

In this privacy policy we state the respective length of storing personal data in various passages. If this is not the case for a particular position, the criteria for the length of storing that data is our obligation to preserve business records. After that the data will be deleted, unless it is necessary for entering into a contract, fulfillment of a contract, or to defend charges or for enforcement of charges

Rights of Affected Persons

a) Right to Disclosure of Information / Confirmation

According to Article 15 GDPR, every affected person has the right to obtain confirmation from the controller, if concerning personal data has been processed. This right also comprises information about that data, additional information as well as a copy of that data – for all of this see Article 15 GDPR.

b) Right to Rectification (Article 16 GDPR)

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

c) Right to Restriction of Processing

According to Article 18 GDPR, data subjects have the right to obtain from the controller restriction of processing.

d) Right to Erasure

According to Article 17 GDPR, data subjects have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.

e) Right to Withdrawal

According to Article 7 paragraph 3 GDPR, data subjects have the right to withdraw his or her consent at any time.

f) Right to lodge a complaint

Data subjects have the right to lodge a complaint with a supervisory authority, see Article 77 GDPR

g) Right to data portability

According to Article 20 GDPR, data subjects have the right to receive the personal data concerning him or her, which he or she has provided to a controller, and have the right to transmit those data to another controller from the controller to which the personal data have been provided.

h) Right of Objection

Data subjects have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 paragraph 1 GDPR, including profiling based on those provisions.

Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 paragraph 1 GDP, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

For the general right do object please see Article 21 GDPR.

i) Automated individual decision-making, including profiling

According to Article 22 GDPR, data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Processors and Third Parties

We disclose personal data to processors or third parties, allow them any other access to such data or transfer data there, when this is legally permitted, the affected person has consented, a legal obligation requires this or we have a legitimate interest for it. Processing of personal data by third parties after their possible assignment by us will only happen on the grounds of a written authorisation in accord with Article 28 GDPR.

Data Transfer to Third Countries

Third countries are countries outside of the European Union (EU) or the European Economic Area (EEA). When we process personal data in such countries or assign this to processors or third parties residing there, or when we disclose or transfer data there, we do this only to fulfill contractual obligations or when this is necessary to enter into a contract, or when the affected person has consented, because of a statutory duty or our legitimate interests.

We permit processing of personal data in a third country only when the requirements of Article 44 and the following GDPR exist, unless this is permitted on grounds of statutory or contractual regulations. Otherwise, we permit processing in such countries only when safeguards by means of an officially approved observation of a sufficient data protection standard exist (for the U.S.A., for example, through the so-called “Privacy Shield”) or under inclusion of officially approved special obligations (standard data protection clauses adopted by the Commission).

Web Hosting

To save our web content and operate our website, we use a so-called web hoster. This is a service provider, which offers such hosting services. Through this, personal data that our website contains or collects, as well as our communication with affected persons can be transferred to and saved by that hoster.

Legal basis for using a hoster is our legitimate interest according to Article 6 paragraph 1 point f GDPR to operate our website professionally and securely. According to Article 28 GDPR we concluded a data processing contract with the hoster.

Server Logs / Access Data

The webspace provider (web hoster) we use to host this website automatically gathers data in relation to your visits on our website and stores it in so- called server logfiles, which contain: names of visited pages, time of your visit, used operating system and device type as well as browser type and version, the „referrer url“ (website from which you came to us), your IP address / hostname of the accessing computer, online provider you are using when you access our website, transmitted data volume and your location. This data will not be assigned to particular persons and we don’t combine this data with other data, but we reserve to check server log data later if we see actual indications of unlawful usage. Legal basis of this is Article 6 paragraph 1 point f GDPR and our legitimate interest is to analyze and optimize the usage of our website and to prevent abuse.

Cookies

Our website partly uses so called "cookies". These are little text files, which will be created automatically during your visit and stored on your accessing device, by what a relationship to your device can be established. With cookes we can operate our services more user-friendly and comfortably and enable particular useful website functions.

Additionall cookie are used for so called affiliate programs. On our website we include links to external products / services (on other websites) from such affiliates. If you click on that kind of link, a cookie will be stored on your computer, which allows the affiliate program’s operator to assign the origin of the click respectively a possibly resulting purchase to us.

So called "Session Cookies" will be deleted after your visit, whereas others will remain on your computer even after that, to allow us or our partners to recognise your browser. You can delete cookies, which were generated because of your visit on our website at any moment in your browser settings. Furthermore, there you can adjust the extent of allowed cookie usage by setting it according to your individual data privacy needs. Deactivation of cookies may result in a restricted or inconvenient website browsing experience or produce missing functions. You can manage your cookie settings for online ad usage on this US operated website: http://www.aboutads.info/choices/or on the website http://www.youronlinechoices.com/de/ (which is operated in the European Union).

Legal basis for our usage of cookies is our legitimate interest (Article 6 paragraph 1 point f GDPR), to operate our website comfortably and economically, and to allow attractive features.

Google Analytics

This website uses the web analytics service "Google Analytics" from Google (Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). For this so called „cookies“ (little text files) are stored on the devices of visitors of our website, what allows analyzing the website usage and number, behaviour and activities of visitors. For instance, it will be recorded, from which other websites visitors are coming, which pages of our website they use and when, or what device they use during their visit. Thus created data and information will be transmitted to a google server in the USA and subsequently saved there. If IP anonymization is activated on this website, IP addresses of visitors will be shortened and anonymized by Google within the member states of the European Union or in other states of the European Economic Area, beforehand.

Only as an exception the complete IP address will be transmitted to google servers located in the USA and then be shortened there. On this website IP anonymization is activated (in order to anonymize IP addresses – "ip masking" – we have added "anonymizeIp" to the Google Analytics code). We mandated Google to use this information to analyze the usage of our webite by its users, to produce reports for us about the activities on the website respectively its usage und possibly offer other services for us, in relation to the website usage.

Your IP address which will be transmitted by your browser, will not be connected with other data of Google. Users of our website can block cookie storage by adjusting their browser settings accordingly. We advise our users that in this case not all functions of our website may work fully, though. Additionally, users can prevent the collection and processing of data which is generated by the usage of the cookies in relation to the website usage (including your IP address) by Google through downloading and installing the plugin offered here: https://tools.google.com/dlpage/gaoptout?hl=en. Alternatively or for browsers on mobile devices (i.e. smartphones) you can click here to deactivate Google Analytics, what will prevent future recognition by "Google Analytics". Thus a so-called "opt out cookie" would be stored on your device. If you delete your cookies on the device later, you would have to click that link again to re-establish that protection. You can find more about data privacy and terms of use of Google here: https://policies.google.com/?hl=en/ as well as – especially for "Google Analytics" – here: https://www.google.com/analytics/terms/us.html. Additionally we may use „Google Analytics“ to analyze data of „Google AdWords“ as well as the data derived from the Double Click cookie for statistical purposes. If you don’t like that, you can disable it here: https://www.google.com/settings/ads/onweb/?hl=en. You can block the Double Click cookie by installing this plugin: https://www.google.com/settings/u/0/ads/plugin?hl=en.

We use Google Analytics in its "Universal Analytics" version. Thereby analysis of usage takes place based on a pseudonymous user id, to track usage across different devices (laptop, tablet, mobile phone etc.) in a pseudonymous profile (so-called “cross device tracking”).

Google has certification under the Privacy Shield agreement, thus offering a guarantee to observe the european data privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

By Google Analytics collected data will be deleted after 14 month or else anonymized

We use Google Analytics because of our legitimate interest (Article 6 paragraph 1 point f GDPR) to analyize access to and usage on our website, what allows us to optimize our services and operate them more economically. We have concluded a data processing contract with Google in compliance with Article 28 GDPR.

Applications

We process personal data in the context of incoming applications, e.g. through an application form on our website, by email or postally. Legal base for this, according to Article 6 paragraph 1 point f GDPR, is our legitimate interest to process this data for the application procedure, with what the applicant agrees with by submitting his or her application. Furhermore, we process data of applicants to fulfill our pre-contractual or contractual obligations in the context of the application procedure, within the meaning of Article 6 paragraph 1 point b GDPR.

Such data will be deleted three month after your receipt of a possible rejection, unless we need that data within a lawsuit. In Germany, additionally § 26 BDSG will be applicable.

If you, for an application, freely submit special types of personal data, within the meaning of the categories of Article 9 paragraph 1 GDPR (i.e. membership in unions, ethnic origin), additionally the legal basis for processing such data is Article 9 paragraph 2 point b GDPR. If we ask applicants to submit special types of personal data within the meaning of Article 9 paragraph 1 GDPR, we base processing of that data additionally on Article 9 paragraph 2 point a GDPR, for what the explicit consent of the concerned person is required.

Should employment come about after an application, the data will be used internally to handle the employment relationship and deleted after its ending. We will delete affected data immediately, if an applicant withdraws the application. Should we possibly reimburse rravel expenses related to a job interview, we will keep the concerned invoices in compliance with tax laws.

Contacting us

On our website and social media presences, we provide multiple ways to contact us, e.g. by email, direct message or via contact form. If you contact us in one of these ways, we process the personal data of the enquiring person. This is based on Article 6 paragraph 1 point f GDPR (our legitimate interest is to enable and answer such enquiries to operate our business). If the reason of the enquiry is the potential entering into a contract or if the communication happens to fulfill a contract, the legal basis for that is Article 6 paragraph 1 point b GDPR. We process enquiry data only for these purposes, don’t pass it on without consent and delete it after the statutory retention period.

Email Newsletters

We offer subscription of email newsletters on our online services. If you enter your email address into a subscription form and click on the submit button to subscribe to such an email newsletter, we will – to ensure that indeed you subscribed yourself – send you an email, containing a confirmation link. You will be added to the mailing list only if you click on that link,

To later send the newsletters, we have to store your email address. This extends also for your IP address and the time of your newsletter subscription (we need this information to prevent potential abuse of our systems, potential abuse of your email address by third parties, who might have subscribed to the newsletter without your knowledge and to have proof of your subscription).

To send newsletters which are as useful as possible, we possibly adjust their content by tracking the user behaviour of subscribers (e.g. by saving, if and when a subscriber has opened a received newsletter, if and when a subscriber possibly clicked on a contained link) and assign it to individual subscribers to optimize and individualize newsletters.

We use your email address only for the stated purpose (sending the newsletters) and don’t pass it on to third parties. In each newsletter we include information on how to unsubscribe. If you unsubscribe, your email address will be deleted from the mailing list. So by doing this, you can withdraw your consent to receive newsletters anytime. Alternatively you can contact the controller for this.

We send the email newsletters by using personal data based on the consent of the subscribers (Article 6 paragraph 1 point a GDPR). Our elicitation of user behaviour is based on our legitimate interest according to Article 6 paragraph 1 point 4 GDPR to send newsletters which are more useful for individual subscribers. The storage of IP addresses of subscribers and the time of their subscription is based on our legitimate interest according to Article 6 paragraph 1 point f GDPR to ensure a legal newsletter subscription, to prevent and detect possible abuse and to allow us providing proof about subscriptions.

By subscribing to our newsletters you consent to the stated processing and the mailings (confrmation mail and newsletter itself).

Forms

Visitors can submit personal data through various forms on our website, which are intended for making offers, features or content for our website possible. By filling and submitting of such forms the person consents that we process their provided personal data for the stated purpose. Legal basis for this is Article 6 paragraph 1 point a GDPR.

Registration

Visitors can optionally register and create a user account. Personal data, given during the registration process respectively for the creation of the user account, will be used only to enable the corresponding functions. After registration, an email will be sent to the registrant. This mail contains a confirmation link that has to be clicked to complete the registration. When this happens, we send another email confirming the successful registration.

We occasionally inform registered users via email about changes or additional features, as well as rarely and only when needed about issues that are related to the registration or the user account, e.g. technical announcements. We openly state during the registration process, which data we collect and show required data fields if they aren’t filled. Additionally, we gather the registrant’s IP address and time of registration to prevent abuse and monitor the proper functioning of our systems.

When a registered user submits posts or comments on others posts, the submitted data (e.g. texts, pictures) will be stored to enable the corresponding functions. Additionally, the IP address and time of such activities will be saved.

Registered users can change or delete data they submitted by then after logging into their accounts. When a user deletes his or her user account, its corresponding data will not be visible on our website anymore, but still be saved internally, until we can be sure that we don’t have to defend ourselves against related charges (normally this is the case after three years, counting from the 1st of January, following the date of account deletion).

Besides, we reserve to bring the length of data retention into line with commercial law or tax law, according to Article 6 paragraph 1 point c GDPR. The users have sole responsibility to backup data of their user account prior to deleting it and we have the right to delete that data beyond recall after account deletion. We do not pass data of user accounts on, except where this is necessary to defend ourselves against charges or enforce own charges or when this is statutory according to Article 6 paragraph 1 point c GDPR.

Legal basis for processing personal data within the context of user registrations is Article 6 paragraph 1 point f GDPR. At that, our legitimate interest is to offer an attractive online service by offering to create user accounts with additional functions, and to prevent associated potential abuse or unauthorized usage, what is also in the users interest.

Mailgun

We send our mails during the user registration process, as well as our emails we send if you subscribed to, by using the mail transport service “Mailgun”. Mailgun is operated by Mailgun Technologies, Inc., 535 Mission St., San Francisco, CA 94105, USA. Their privacy policy can be read here: https://www.mailgun.com/privacy-policy

Accordance with european data privacy standards is guaranteed, as Mailgun is certified to the Privacy Shield agreement, see: https://www.privacyshield.gov/participant?id=a2zt0000000PCbmAAG&status=Active

Mailgun can use recipient’s data in pseudonymous form, meaning without direct reference to a user, to optimize its own service, e.g. for technical improvement of transmission or for statistical data. To allow Mailgun sending mails, Mailgun learns the email addresses of our users, but does not send them own emails and does not pass the emails on to third parties. Legal basis for our usage of Mailgun is our legitimate interest (Article 6 paragraph 1 point f GDPR) to have our emails delivered by a professional service provider and our data processing contract, that we concluded with Mailgun (Article 28 paragraph 3 sentence 1 GDPR).

YouTube

Our website contains plugins of the service „YouTube“. YouTube (youtube.com) is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. By visiting one of our sites where such a YouTube plugin or YouTube video is embedded, a connection to YouTube will be established. As a result of this YouTube may be able to learn which of our pages you have visited. If you are simultaneously logged in to YouTube during your visit on our website, YouTube could associate your browsing behaviour with your YouTube account. If you don’t want this, you can log out of YouTube before visiting our website. YouTube informs about its user data collection and usage in its privacy policy https://policies.google.com/privacy?hl=en

Legal basis for using YouTube on our website is our legitimate interest (Article 6 paragraph 1 point f GDPR) to enrich our online service with attractive content (videos from the globally known video service YouTube).

Pinterest

On our website we use buttons / plugins of the service Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA. When a site of ours contains such a plugin, a direct connection between your browser and the servers of Pinterest will be established. Hereby Pinterest can learn about your IP address, the kind of browser you use as well as its settings, and also which sites of ours you have visited. Additionally Pinterest can record the time of your visit and set cookies on your computer. You can see the privacy policy of Pinterest for more information on that here: https://about.pinterest.com/en/privacy-policy.

Instagram

Our website partially includes functions of the service „Instagram“. These are operated by Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA). Hereby your IP address can be transmitted to Instagram. When you are simultanously logged in to your Instagram account during your visit on our website, Instagram can possibly draw conclusions, which of our sites you visited. We don’t know what date could be transmitted to and possibly be used by Instagram. You can find more information by visiting the privacy policy of Instagram: http://instagram.com/about/legal/privacy/

Twitter

On our website we use functions and buttons / widgets / plugins of the service "Twitter", which is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. You can recognize them by the annotation „Twitter“ or by the Twitter symbol (stylized blue bird). Hereby you can follow owners of Twitter accounts or share links or postings on this website to Twitter. When we include such functions (buttons or plugins of Twitter) on a site that you visit, a connection between your browser and Twitter will be established and Twitter learns your IP address. Thus Twitter gets to know your visit on our website. We don’t know to what extent Twitter saves and uses data, gathered this way. You can visit the privacy policy of Twitter here: https://twitter.com/privacy. You may also adjust your individual data privacy in the settings of your own Twitter account.

Twitter is certified to the Privacy Shield agreement and thus guarantees to observe european data privacy standards (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).

Facebook

This website uses plugins of the social network "Facebook", which is operated by Facebook, 1 Hacker Way, Menlo Park, CA 94025 (or for Europe: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland). You can recognize these plugins by the facebook logos (white „F“-sign on blue background, the words „Like“ or a „Thumbs Up“-Symbol, for instance). Partially they are tagged with the remark „Facebook Social Plugin“. You can find an overview about the plugins here: https://developers.facebook.com/docs/plugins/. When users are accessing our website, such plugins establish a connection between their browsers and the servers of Facebook. As a consequence, Facebook learns that their IP address has visited our website. As a result and also when you use a plugin function (for instance, when you click „Like“), Facebook can assign your visit to your Facebook account, save your usage of the plugins and combine such information with your Facebook account. This is possible when you are simultaneously logged in to Facebook during your visit on our website. Visitors who don’t want to allow this can log out of Facebook and delete their cookies before visiting our website. We don’t know to what extent Facebook gathers, processes and uses data, collected by your plugin usage respectively your visit on our website. Possibly Facebook can also save the IP address you use during your visit, in case you aren’t a member of Facebook. Facebook informs about data privacy here: https://www.facebook.com/about/privacy. We suggest persons who maintain their own Facebook account to adjust their privacy protection within their account settings.

Facebook is certified to the Privacy Shield agreement and thus guarantees to observe european privacy standards (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Our legitimate interest to use Facebook on our online services, according to Article 6 paragraph 1 point f GDPR, is to operate our online presence more economical and offer our visitors and users attractive and familiar functions.