‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Purpose of processing data
- Operation of our online presence together with ist content and features
- Measures to safeguard our online presence
- Measurement of usage (reach) and marketing
- Communication with visitors, users or applicants
Types of processed data
- so-called meta data (e.g. information about used devices or IP addresses)
- content data (submitted texts, photos or video)
- contact data (e.g. telephone numbers or email addresses)
- usage data (e.g. visited website pages including lenght and time of visit)
- inventory data (e.g. addresses and names)
Legal basis of processing personal data
the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6 paragraph 1 point a, connected with Article 7 GDPR);
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 paragraph 1 point b GDPR);
processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6 paragraph 1 point c GDPR);
processing is necessary in order to protect the vital interests of the data subject or of another natural person (Article 6 paragraph 1 point d GDPR);
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Article 6 paragraph e GDPR);
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (Article 6 paragraph 1 point f GDPR), Our legitimate interests, if not stated separately, are to operate our online service and our business activities securely, economically and efficiently, the provision of attractive offers and an interesting online service and our connected business interests.
Categories of persons concerned
Following categories of persons are concerned: visitors of our online presences and users of its features (e.g. registration of a user account, submission of a form), hereinafter also called “visitor” or “user.
Controller is Andreas-Thomas Frenko, Albertinenstraße 29, 13086 Berlin, Germany, Phone +4930/609889781, email: email@example.com – please also see imprint under https://www.stylebetsy.com/imprint
Provision of Personal Data
According to Article 13 paragraph 2 point c GDPR we state that provisioning of personal data to us is not a statutory requirement. It might be necessary, though, to provide certain personal data to enter into a contract with us, e.g. the email address to conduct a register a user account. In such cases the person affected - if he will enter into an contract with us – has to provide such personal data. Legal basis of this is Article 6 paragraph 1 point b GDPR.
Which personal data has to be provided in such cases, will be stated by us when we ask for that data, and you can always ask the controller. Possible consequences of not providing personal data can be that you can not enter into a contract with us or use functions of our online presences. You can always ask the controller whether this is the case.
Length of Storing Personal Data
Rights of Affected Persons
a) Right to Disclosure of Information / Confirmation
According to Article 15 GDPR, every affected person has the right to obtain confirmation from the controller, if concerning personal data has been processed. This right also comprises information about that data, additional information as well as a copy of that data – for all of this see Article 15 GDPR.
b) Right to Rectification (Article 16 GDPR)
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
c) Right to Restriction of Processing
According to Article 18 GDPR, data subjects have the right to obtain from the controller restriction of processing.
d) Right to Erasure
According to Article 17 GDPR, data subjects have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.
e) Right to Withdrawal
According to Article 7 paragraph 3 GDPR, data subjects have the right to withdraw his or her consent at any time.
f) Right to lodge a complaint
Data subjects have the right to lodge a complaint with a supervisory authority, see Article 77 GDPR
g) Right to data portability
According to Article 20 GDPR, data subjects have the right to receive the personal data concerning him or her, which he or she has provided to a controller, and have the right to transmit those data to another controller from the controller to which the personal data have been provided.
h) Right of Objection
Data subjects have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 paragraph 1 GDPR, including profiling based on those provisions.
Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 paragraph 1 GDP, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
For the general right do object please see Article 21 GDPR.
i) Automated individual decision-making, including profiling
According to Article 22 GDPR, data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Processors and Third Parties
We disclose personal data to processors or third parties, allow them any other access to such data or transfer data there, when this is legally permitted, the affected person has consented, a legal obligation requires this or we have a legitimate interest for it. Processing of personal data by third parties after their possible assignment by us will only happen on the grounds of a written authorisation in accord with Article 28 GDPR.
Data Transfer to Third Countries
Third countries are countries outside of the European Union (EU) or the European Economic Area (EEA). When we process personal data in such countries or assign this to processors or third parties residing there, or when we disclose or transfer data there, we do this only to fulfill contractual obligations or when this is necessary to enter into a contract, or when the affected person has consented, because of a statutory duty or our legitimate interests.
We permit processing of personal data in a third country only when the requirements of Article 44 and the following GDPR exist, unless this is permitted on grounds of statutory or contractual regulations. Otherwise, we permit processing in such countries only when safeguards by means of an officially approved observation of a sufficient data protection standard exist (for the U.S.A., for example, through the so-called “Privacy Shield”) or under inclusion of officially approved special obligations (standard data protection clauses adopted by the Commission).
To save our web content and operate our website, we use a so-called web hoster. This is a service provider, which offers such hosting services. Through this, personal data that our website contains or collects, as well as our communication with affected persons can be transferred to and saved by that hoster.
Legal basis for using a hoster is our legitimate interest according to Article 6 paragraph 1 point f GDPR to operate our website professionally and securely. According to Article 28 GDPR we concluded a data processing contract with the hoster.
Server Logs / Access Data
The webspace provider (web hoster) we use to host this website automatically gathers data in relation to your visits on our website and stores it in so- called server logfiles, which contain: names of visited pages, time of your visit, used operating system and device type as well as browser type and version, the „referrer url“ (website from which you came to us), your IP address / hostname of the accessing computer, online provider you are using when you access our website, transmitted data volume and your location. This data will not be assigned to particular persons and we don’t combine this data with other data, but we reserve to check server log data later if we see actual indications of unlawful usage. Legal basis of this is Article 6 paragraph 1 point f GDPR and our legitimate interest is to analyze and optimize the usage of our website and to prevent abuse.
Our website partly uses so called "cookies". These are little text files, which will be created automatically during your visit and stored on your accessing device, by what a relationship to your device can be established. With cookes we can operate our services more user-friendly and comfortably and enable particular useful website functions.
Additionall cookie are used for so called affiliate programs. On our website we include links to external products / services (on other websites) from such affiliates. If you click on that kind of link, a cookie will be stored on your computer, which allows the affiliate program’s operator to assign the origin of the click respectively a possibly resulting purchase to us.
So called "Session Cookies" will be deleted after your visit, whereas others will remain on your computer even after that, to allow us or our partners to recognise your browser. You can delete cookies, which were generated because of your visit on our website at any moment in your browser settings. Furthermore, there you can adjust the extent of allowed cookie usage by setting it according to your individual data privacy needs. Deactivation of cookies may result in a restricted or inconvenient website browsing experience or produce missing functions. You can manage your cookie settings for online ad usage on this US operated website: http://www.aboutads.info/choices/or on the website http://www.youronlinechoices.com/de/ (which is operated in the European Union).
Legal basis for our usage of cookies is our legitimate interest (Article 6 paragraph 1 point f GDPR), to operate our website comfortably and economically, and to allow attractive features.
This website uses the web analytics service "Google Analytics" from Google (Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). For this so called „cookies“ (little text files) are stored on the devices of visitors of our website, what allows analyzing the website usage and number, behaviour and activities of visitors. For instance, it will be recorded, from which other websites visitors are coming, which pages of our website they use and when, or what device they use during their visit. Thus created data and information will be transmitted to a google server in the USA and subsequently saved there. If IP anonymization is activated on this website, IP addresses of visitors will be shortened and anonymized by Google within the member states of the European Union or in other states of the European Economic Area, beforehand.
Only as an exception the complete IP address will be transmitted to google servers located in the USA and then be shortened there. On this website IP anonymization is activated (in order to anonymize IP addresses – "ip masking" – we have added "anonymizeIp" to the Google Analytics code). We mandated Google to use this information to analyze the usage of our webite by its users, to produce reports for us about the activities on the website respectively its usage und possibly offer other services for us, in relation to the website usage.
We use Google Analytics in its "Universal Analytics" version. Thereby analysis of usage takes place based on a pseudonymous user id, to track usage across different devices (laptop, tablet, mobile phone etc.) in a pseudonymous profile (so-called “cross device tracking”).
Google has certification under the Privacy Shield agreement, thus offering a guarantee to observe the european data privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
By Google Analytics collected data will be deleted after 14 month or else anonymized
We use Google Analytics because of our legitimate interest (Article 6 paragraph 1 point f GDPR) to analyize access to and usage on our website, what allows us to optimize our services and operate them more economically. We have concluded a data processing contract with Google in compliance with Article 28 GDPR.
We process personal data in the context of incoming applications, e.g. through an application form on our website, by email or postally. Legal base for this, according to Article 6 paragraph 1 point f GDPR, is our legitimate interest to process this data for the application procedure, with what the applicant agrees with by submitting his or her application. Furhermore, we process data of applicants to fulfill our pre-contractual or contractual obligations in the context of the application procedure, within the meaning of Article 6 paragraph 1 point b GDPR.
Such data will be deleted three month after your receipt of a possible rejection, unless we need that data within a lawsuit. In Germany, additionally § 26 BDSG will be applicable.
If you, for an application, freely submit special types of personal data, within the meaning of the categories of Article 9 paragraph 1 GDPR (i.e. membership in unions, ethnic origin), additionally the legal basis for processing such data is Article 9 paragraph 2 point b GDPR. If we ask applicants to submit special types of personal data within the meaning of Article 9 paragraph 1 GDPR, we base processing of that data additionally on Article 9 paragraph 2 point a GDPR, for what the explicit consent of the concerned person is required.
Should employment come about after an application, the data will be used internally to handle the employment relationship and deleted after its ending. We will delete affected data immediately, if an applicant withdraws the application. Should we possibly reimburse rravel expenses related to a job interview, we will keep the concerned invoices in compliance with tax laws.
On our website and social media presences, we provide multiple ways to contact us, e.g. by email, direct message or via contact form. If you contact us in one of these ways, we process the personal data of the enquiring person. This is based on Article 6 paragraph 1 point f GDPR (our legitimate interest is to enable and answer such enquiries to operate our business). If the reason of the enquiry is the potential entering into a contract or if the communication happens to fulfill a contract, the legal basis for that is Article 6 paragraph 1 point b GDPR. We process enquiry data only for these purposes, don’t pass it on without consent and delete it after the statutory retention period.
We offer subscription of email newsletters on our online services. If you enter your email address into a subscription form and click on the submit button to subscribe to such an email newsletter, we will – to ensure that indeed you subscribed yourself – send you an email, containing a confirmation link. You will be added to the mailing list only if you click on that link,
To later send the newsletters, we have to store your email address. This extends also for your IP address and the time of your newsletter subscription (we need this information to prevent potential abuse of our systems, potential abuse of your email address by third parties, who might have subscribed to the newsletter without your knowledge and to have proof of your subscription).
To send newsletters which are as useful as possible, we possibly adjust their content by tracking the user behaviour of subscribers (e.g. by saving, if and when a subscriber has opened a received newsletter, if and when a subscriber possibly clicked on a contained link) and assign it to individual subscribers to optimize and individualize newsletters.
We use your email address only for the stated purpose (sending the newsletters) and don’t pass it on to third parties. In each newsletter we include information on how to unsubscribe. If you unsubscribe, your email address will be deleted from the mailing list. So by doing this, you can withdraw your consent to receive newsletters anytime. Alternatively you can contact the controller for this.
We send the email newsletters by using personal data based on the consent of the subscribers (Article 6 paragraph 1 point a GDPR). Our elicitation of user behaviour is based on our legitimate interest according to Article 6 paragraph 1 point 4 GDPR to send newsletters which are more useful for individual subscribers. The storage of IP addresses of subscribers and the time of their subscription is based on our legitimate interest according to Article 6 paragraph 1 point f GDPR to ensure a legal newsletter subscription, to prevent and detect possible abuse and to allow us providing proof about subscriptions.
By subscribing to our newsletters you consent to the stated processing and the mailings (confrmation mail and newsletter itself).
Visitors can submit personal data through various forms on our website, which are intended for making offers, features or content for our website possible. By filling and submitting of such forms the person consents that we process their provided personal data for the stated purpose. Legal basis for this is Article 6 paragraph 1 point a GDPR.
Visitors can optionally register and create a user account. Personal data, given during the registration process respectively for the creation of the user account, will be used only to enable the corresponding functions. After registration, an email will be sent to the registrant. This mail contains a confirmation link that has to be clicked to complete the registration. When this happens, we send another email confirming the successful registration.
We occasionally inform registered users via email about changes or additional features, as well as rarely and only when needed about issues that are related to the registration or the user account, e.g. technical announcements. We openly state during the registration process, which data we collect and show required data fields if they aren’t filled. Additionally, we gather the registrant’s IP address and time of registration to prevent abuse and monitor the proper functioning of our systems.
When a registered user submits posts or comments on others posts, the submitted data (e.g. texts, pictures) will be stored to enable the corresponding functions. Additionally, the IP address and time of such activities will be saved.
Registered users can change or delete data they submitted by then after logging into their accounts. When a user deletes his or her user account, its corresponding data will not be visible on our website anymore, but still be saved internally, until we can be sure that we don’t have to defend ourselves against related charges (normally this is the case after three years, counting from the 1st of January, following the date of account deletion).
Besides, we reserve to bring the length of data retention into line with commercial law or tax law, according to Article 6 paragraph 1 point c GDPR. The users have sole responsibility to backup data of their user account prior to deleting it and we have the right to delete that data beyond recall after account deletion. We do not pass data of user accounts on, except where this is necessary to defend ourselves against charges or enforce own charges or when this is statutory according to Article 6 paragraph 1 point c GDPR.
Legal basis for processing personal data within the context of user registrations is Article 6 paragraph 1 point f GDPR. At that, our legitimate interest is to offer an attractive online service by offering to create user accounts with additional functions, and to prevent associated potential abuse or unauthorized usage, what is also in the users interest.
Accordance with european data privacy standards is guaranteed, as Mailgun is certified to the Privacy Shield agreement, see: https://www.privacyshield.gov/participant?id=a2zt0000000PCbmAAG&status=Active
Mailgun can use recipient’s data in pseudonymous form, meaning without direct reference to a user, to optimize its own service, e.g. for technical improvement of transmission or for statistical data. To allow Mailgun sending mails, Mailgun learns the email addresses of our users, but does not send them own emails and does not pass the emails on to third parties. Legal basis for our usage of Mailgun is our legitimate interest (Article 6 paragraph 1 point f GDPR) to have our emails delivered by a professional service provider and our data processing contract, that we concluded with Mailgun (Article 28 paragraph 3 sentence 1 GDPR).
Legal basis for using YouTube on our website is our legitimate interest (Article 6 paragraph 1 point f GDPR) to enrich our online service with attractive content (videos from the globally known video service YouTube).
Twitter is certified to the Privacy Shield agreement and thus guarantees to observe european data privacy standards (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
This website uses plugins of the social network "Facebook", which is operated by Facebook, 1 Hacker Way, Menlo Park, CA 94025 (or for Europe: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland). You can recognize these plugins by the facebook logos (white „F“-sign on blue background, the words „Like“ or a „Thumbs Up“-Symbol, for instance). Partially they are tagged with the remark „Facebook Social Plugin“. You can find an overview about the plugins here: https://developers.facebook.com/docs/plugins/. When users are accessing our website, such plugins establish a connection between their browsers and the servers of Facebook. As a consequence, Facebook learns that their IP address has visited our website. As a result and also when you use a plugin function (for instance, when you click „Like“), Facebook can assign your visit to your Facebook account, save your usage of the plugins and combine such information with your Facebook account. This is possible when you are simultaneously logged in to Facebook during your visit on our website. Visitors who don’t want to allow this can log out of Facebook and delete their cookies before visiting our website. We don’t know to what extent Facebook gathers, processes and uses data, collected by your plugin usage respectively your visit on our website. Possibly Facebook can also save the IP address you use during your visit, in case you aren’t a member of Facebook. Facebook informs about data privacy here: https://www.facebook.com/about/privacy. We suggest persons who maintain their own Facebook account to adjust their privacy protection within their account settings.
Facebook is certified to the Privacy Shield agreement and thus guarantees to observe european privacy standards (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
Our legitimate interest to use Facebook on our online services, according to Article 6 paragraph 1 point f GDPR, is to operate our online presence more economical and offer our visitors and users attractive and familiar functions.