Here we inform you about the processing of personal data when using our online presence. This online data protection declaration therefore applies to our website, among other things www.urbanbohocraft.com as well as for our social media profiles.
Personal data are all data that can be related to you personally, i.e. your name, address, email, IP address or user behavior.
With regard to the terms used, such as "processing", "responsible" or "data subject", reference is made to the definitions in Art. 4 GDPR referenced. There you will find the following in particular:
"Personal data" is all information that relates to an identified or identifiable natural person (the "data subject" or the "data subject"); A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person (Art. 4 No. 1 GDPR).
"Processing" is any process or series of processes carried out with or without the help of automated processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, the Use, disclosure through transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction (Art. 4 No. 2 GDPR).
"Responsible" (or "responsible body") is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data (Art. 4 No. 7 GDPR) .
"Processor" is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible (Art. 4 No. 8 DSGV).
In particular, the terms “processing” and “personal data” are very extensive, so that they can be understood to mean almost any handling of data.
- Who is the responsible body?
- Is there a data protection officer?
- Who is affected by the data processing?
- What data do we collect from you and for what purposes or on what legal basis do we process it?
- Who do we transfer your data to?
- Will your data be transferred to locations outside the EU?
- How long do we process your data?
- What are your rights
- When and how can you object to data processing?
- When and how can you withdraw your consent?
- Where can you complain?
- When and why is it necessary to provide your data?
- Does automated decision-making (e.g. profiling) take place?
- How can you contact us?
- How do we secure our website?
- How and why do we use Google Analytics?
- How and for what purpose are your data used in our web shop?
- How and for what do we use Google Tag Manager?
- What are cookies and how do we use them?
- How and why do we use Google Ads (formerly AdWords)?
- How and why do we use PayPal?
- How and for what do we use Sofortüberweisung?
- How and for what do we use credit card data?
- How and why do we use Facebook pixels?
- How and for what do we use Google Maps?
- Which social media profiles do we use?
01. Who is the responsible body?
We are responsible for processing your data:
02. Is there a data protection officer?
We are not legally obliged to appoint a data protection officer.
03. Who is affected by the data processing?
If you visit our online presence (e.g. our website or our social media profiles) as an interested party, customer, supplier, service provider or other visitor, your personal data will be processed in accordance with the statutory provisions or this declaration. All visitors to our online presence are summarized under the term "user".
04. What data do we collect from you and for what purposes or for what purposes Legal basis do we process this?
If you visit our online presence without registering or providing us with information in any other way, only the personal data that the browser you are using transmits to our server will be processed. To the best of our knowledge, the following data, among other things, are then processed, which are technically necessary to display our online presence and to be able to guarantee its stability and security:
If you also transmit personal data to us, e.g. as part of an inquiry by email or via our contact form, we may also process the following data, among other things:
We also process the following personal data for the purposes of providing contractual services, service and customer care as well as marketing / advertising:
We process your personal data when you visit our online presence for the following purposes:
Unless we specify a specific legal basis in this data protection declaration, the following applies to the processing of your personal data: The legal basis for obtaining consent results from Art. 6 Para. 1 lit. a, Art. 7 GDPR. The legal basis for data processing for the fulfillment of our services and the implementation of (pre-) contractual measures as well as for the purpose of answering any inquiries applies to Article 6 (1) (b) GDPR. The legal basis for data processing to fulfill legal obligations is Article 6 (1) (c) GDPR. If the vital interests of the data subject or another natural person make data processing necessary, the legal basis results from Art. 6 Paragraph 1 lit.d GDPR. The data processing to safeguard our legitimate interests takes place on the basis of Art. 6 Para. 1 lit.f GDPR. Our legitimate interest follows from the data collection purposes mentioned above.
If we disclose it to third parties in the course of processing your personal data, transmit them to them or otherwise grant them access to the data, this is done exclusively on the basis of legal permission, provided you have consented to this, we are legally obliged to do so or on the basis our legitimate interests. Legal permission exists in particular if the transfer of the data is necessary to fulfill contractual obligations (e.g. with payment or shipping service providers). A legitimate interest can exist if we use data for direct advertising or to prevent fraud or if you are one of our customers. There can also be a legitimate interest, e.g. when using web or email hosts, cloud providers or other service providers. Such service providers often act as so-called contract processors on the basis of a corresponding contract. You are also obliged to comply with data protection regulations and to guarantee this contractually. The legal basis for such order processing relationships is Art. 28 GDPR.
05. Who do we transfer your data to?
Unless otherwise stated in the data protection declaration, we regularly work with the following recipients in particular:
We carefully select the external service providers. In the case of order processing relationships (Art. 28 GDPR), these companies are contractually bound by our instructions and are regularly checked by us. In the case of joint responsibility (Art. 26 GDPR), there are corresponding contractual bases. Further information can be found in the following descriptions of the individual services. The legal basis for the transmission of your personal data is mentioned under point 04 above.
06. Will your data be transferred to offices outside the EU?
A transfer of your personal data to third countries (i.e. outside the EU or the EEA) or to an international organization is only intended as an exception in certain cases. Further information can be found in the following descriptions of the individual services.
If we process your personal data in a third country or have it processed by third parties, this only takes place if it is done to fulfill our (pre) contractual obligations or on the basis of your consent, a legal obligation or our legitimate interests. Your personal data will only be processed in a third country if the special requirements of Art. 44 ff. GDPR are met, unless legal or contractual permits exist in individual cases. This means that the data processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the European Union (e.g. for the USA through the so-called "EU-US-Privacy-Shield") or compliance with special, recognized ones contractual obligations (in particular the so-called "EU standard contractual clauses").
07. How long do we process your data?
The duration of the storage of your personal data is regularly based on existing statutory retention periods (e.g. according to commercial or tax law). Unless otherwise stated below, your personal data will be routinely deleted after a possibly relevant period has elapsed, provided that they are no longer required to fulfill or initiate a contract, we no longer have a legitimate interest in further storage and / or if you do not have any further storage Have consented to the storage. In Germany, there are special retention periods, for example in the following areas:
08. What are your rights?
With regard to the processing of your personal data, you have the following rights towards us:
The last 3 rights mentioned are explained in more detail below. If you have any questions about your rights, please do not hesitate to contact us. The contact details can be found above in the sections on the responsible body.
09. When and how can you object to data processing?
S.If your personal data is processed on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f GDPR, you have the right to object to the data processing at any time. This then has the consequence that we are processing your personal data are no longer allowed to continue in the future, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the data processing of the Serves to assert, exercise or defend legal claims.
However, the right to object only applies if there are reasons for this that arise from your particular situation or if your objection is directed against direct mail. In the latter case you have a general right of objection, which can be done without specifying a special situation is implemented by us.
If you would like to make use of your right of withdrawal, a message to our postal address or an email is sufficient (see above under point 01).
10. When and how can you withdraw your consent?
You can revoke your consent to us at any time. As a result, we are no longer allowed to continue processing your personal data based on this consent in the future. If you would like to make use of your right of withdrawal, a message to our postal address or an email is sufficient (see above under point 01).
11.0 Where can you complain?
With regard to the processing of your personal data by us, you have the right to complain to a data protection supervisory authority. A list of the state data protection supervisory authorities in Germany can be found at the following address:
12.0 When and why is it necessary to provide your data?
In the context of support or other inquiries, you give us your personal data (e.g. name, address or email address).
The provision of your personal data is partly required by law (e.g. by regulations of tax law). It may also be necessary to carry out (pre-) contractual measures. Failure to provide your personal data would mean that the contract with you would not be concluded or that your request could not be answered.
In order to execute contracts or pre-contractual measures or to communicate with us, the provision of the following data in particular is essential:
Unless otherwise stated in this data protection declaration, all other information is voluntary.
13.0 Does automated decision-making (e.g. profiling) take place?
An automated decision including profiling does not take place.
14.0 How can you contact us?
You can contact us either by post, telephone, contact form or email. You can find our contact details above under the information on the responsible body. If, for example, you contact us via the contact form or email, we will automatically save the personal data you have voluntarily transmitted to us for the purpose of processing your request or for contacting you. This data is not passed on to third parties.
15.0 How do we secure our website?
Taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons, we take suitable technical and organizational measures to ensure that the To ensure an appropriate level of protection at risk (Art. 32 GDPR). These measures include, in particular, securing the confidentiality, integrity and availability of data. In addition, we have set up business processes that ensure, in particular, the protection of the rights of data subjects, the deletion of data and the reaction to data breaches. In addition, we observe the principles of data protection law, including data protection through technology design and data protection-friendly default settings (privacy by design and privacy by default, Art. 25 GDPR).
16.0 How and for what purpose do we use Google Analytics?
We use the web analysis service Google Analytics (provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin, 4 Ireland) on our website. We use this tool to analyze the use of our website and to be able to continuously improve it.
The legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit.f GDPR.
Google Analytics uses so-called cookies, i.e. text files that are stored on your device and that enable your use of the website to be analyzed. The information generated by the cookie about your use of our website is usually transmitted to and stored by Google on servers in the United States. However, due to the activation of IP anonymization on our website using the extension "_anonymizeIp ()", your IP address will be shortened beforehand by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to the Google server in the USA and shortened there in exceptional cases.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser accordingly; however, we would like to point out that in this case you may not be able to use all the functions of our website in full. You can also prevent Google from collecting the data generated by the cookie and relating to your use of our website (including your IP address) and from processing this data by downloading the browser add-on available under the following link to install: tools.google.com/dlpage/gaoptout.
You can find more information about data usage by Google as well as setting and objection options on the Google website: "Data usage by Google when you use our partners' websites or apps" (www.google.com/intl/de/policies/privacy/partners), "Use of data for advertising purposes" (www.google.com/policies/technologies/ads), "Manage information that Google uses to show you advertisements" and "Determine which advertisements Google shows you" (www.google.com/ads/preferences).
17.0 How and for what purpose is your data used in our web shop?
If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order (e.g. name, address, email address or payment data). The information required for processing contracts is marked separately as a mandatory field, other information is voluntary. We process your personal data to process your order and to fulfill our corresponding contractual obligations. For this purpose, we can pass on your payment data to our house bank or your name and address to the shipping service provider. The legal basis for this is Article 6, Paragraph 1, Sentence 1, Letter b of the GDPR.
You can set up a customer account on a voluntary basis, through which we can save your data for future purchases. When you create a customer account, the data you provide will be saved and revocable. In your customer area you have the option of viewing your data, correcting or deleting it if necessary. When you register, log in again and use our online services, we save your IP address and the time of the respective action. This is done on the basis of our legitimate interests and in the interests of the user, in particular in protection against misuse or the like.As a matter of principle, the data is not passed on to third parties, unless it is necessary to pursue our legal claims as a legitimate interest or there is a legal obligation to do so . The data is deleted after the statutory retention requirements or other contractual rights or obligations (e.g. services from contracts with customers) have expired.
We can also process the data you provide in order to inform you about our products or to send you emails with technical information.
18.0 How and for what purpose do we use Google Tag Manager?
We use the Google Tag Manager (provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin, 4 Ireland) on our website. The legal basis for the use of Google Tag Manager is Art. 6 Para. 1 S. 1 lit.f GDPR.
With this service, website tags can be managed via an interface. The Google Tool Manager only implements tags. This means: no cookies are used and no personal data is recorded. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been carried out at the domain or cookie level, it will remain in effect for all tracking tags, insofar as they are implemented with the Google Tag Manager.
19.0 What are cookies and how do we use them?
We use so-called cookies on our website. These are small text files that are saved by your browser and stored on your device.
The so-called transient (or temporary) cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a specific identifier (the so-called session ID), which means that your device can be recognized when you return to our website. In this way, for example, the content of the virtual shopping cart of an online shop or the login status can be saved. The session cookies are deleted when you log out or close the browser.
The so-called persistent (or permanent) cookies are automatically deleted after a certain period of time; the duration of storage differs depending on the cookie. In this way, for example, user information for range measurement or for marketing purposes or a login status can be saved for a longer period of time.
A distinction must be made between so-called first-party cookies and third-party cookies for both temporary and permanent cookies. The former are set by the responsible body, the others by third-party providers.
We can use temporary or permanent cookies as well as first and third party cookies on our website, e.g. to be able to identify you for subsequent visits if you have an account with us (otherwise you would have to log in again for each visit). You may receive further information about this as part of our data protection declaration.
We use the following statistics cookies, among others:
20.0 How and for what do we use Google Ads (formerly AdWords)?
We use Google conversion tracking on our website (provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin, 4 Ireland), now part of Google Ads. If you clicked on an advertisement placed by Google on our website, Google Ads will place a so-called cookie on your device. These cookies are valid for 30 days and are not used for personal identification. If you visit certain sub-pages of our online presence and the cookie is still valid, we and Google can recognize that you have clicked on the ad and have been redirected to the relevant sub-page. Each Ads customer receives a different cookie. Cookies cannot therefore be tracked via the Internet pages of Ads customers.
The information obtained through conversion cookies is used to create conversion statistics for Ads customers who have opted for conversion tracking. These customers are informed of the total number of users who clicked on their ad and were redirected to a site with a conversion tracking tag. However, no information is transmitted that can be used to personally identify users. The legal basis for the use of Google Ads is Art. 6 Para. 1 S. 1 lit. a, f GDPR.
If you do not want to participate in tracking, you can refuse the required setting of a cookie, e.g. by means of a browser setting that generally deactivates the automatic setting of cookies or blocks cookies from the googleleadservices.com domain.
You must not delete the opt-out cookies as long as you do not want any data to be recorded. If you delete this or all cookies, you must set the opt-out cookie again.
21.0 How and for what do we use PayPal?
We have integrated components from a payment service provider on our website. It concerns the following provider: Paypal (Europe) S.à.r.l. & Cie. S.C.A., 22‐24 Boulevard Royal, 2449 Luxembourg.
Payments are processed via virtual bank accounts, the so-called PayPal accounts. In addition, payments can be processed via PayPal via credit cards if a user does not have a PayPal account. There are no classic account numbers with PayPal, the PayPal account is managed via an email address. With PayPal it is possible to initiate online payments to third parties or to receive payments. In addition, PayPal also offers other services, e.g. trustee function or buyer protection services.
If you choose PayPal as a payment option during the ordering process, your personal data will be automatically transmitted to PayPal; By making your selection, you consent to the transmission of the data required for payment processing. This regularly involves the following data: first name and surname, address, email address, IP address, possibly also telephone or mobile phone number or other data that may be required. In addition, personal data related to your order from us is required to process the purchase contract.
The data is transmitted to carry out payment processing and to prevent fraud. We transmit your personal data to PayPal as part of the fulfillment of the contract, the processing of pre-contractual inquiries and our legitimate interest. Your personal data exchanged between PayPal and us may be transmitted to credit agencies by PayPal in order to identify or identify you. To be able to carry out a credit check.
In addition, PayPal may pass on your personal data to other, affiliated companies, insofar as this is necessary to fulfill the contractual obligations or the data are to be processed on behalf of.
You have the option to revoke your consent to the handling of your personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must be processed for (contractual) payment processing.
22.0 How and for what do we use Sofortüberweisung?
We use the Sofortüberweisung service on our website (provider: SOFORT GmbH, Fußbergstraße 1, 82131 Gauting). This is a payment service that can be used to make cashless payments. By using instant transfer, we as the seller have the opportunity to receive a corresponding confirmation immediately after the payment has been made. This means that we can also provide our services promptly.
If you select Sofortüberweisung as the payment method for your order, you consent to the automated transmission of your personal data (e.g. name, address, email address, IP address and other data required for payment processing) to the provider. In particular, your PIN and TAN are transmitted to the provider during the payment process, whereupon your account balance and other technical details are checked and, if necessary, a transfer is made to our account. At the same time we receive a message about it.
The transmission of your data to the provider is used for payment processing and fraud prevention. Your personal data exchanged between us and the provider may be transmitted by the provider to credit reporting agencies for the purpose of checking your identity or creditworthiness. In addition, the provider may pass on your data to affiliated companies or subcontractors insofar as this is necessary to fulfill the contractual obligations or the data is to be processed on behalf of the customer.
You have the right to revoke your consent to the processing of your personal data at any time with effect for the future vis-à-vis the provider. If you exercise your right of withdrawal, this does not affect personal data that must be processed for (contractual) payment processing.
Further information about the provider and its data protection regulations can be found at the following address: https://www.klarna.com/sofort/.
23.0 How and for what purpose do we use credit card data?
In the context of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer you efficient and secure payment options and use credit institutions for this purpose.
24.0 how and for what purpose do we use Facebook pixels?
We use the so-called “Facebook pixel” on our website (provider: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or for EU citizens: Facebook Ireland Ltd., 4 Grand Canal Square , Grand Canal Harbor, Dublin 2, Ireland). This serves our legitimate interests for the purposes of analysis, optimization and the economic operation of our website.
The Facebook pixel enables the provider to define you as a visitor to our website as the target group for the display of advertisements (so-called "Facebook ads"). We therefore use the Facebook pixel to display the Facebook ads commissioned by us only to those Facebook users who have also shown an interest in our website or who have certain characteristics (such as interest in certain topics or products) . We transmit this information to Facebook (so-called "Custom Audiences"). By using the Facebook pixel, we want to ensure in particular that the Facebook ads commissioned by us correspond to your potential interest and are therefore not annoying. We can also understand the effectiveness of Facebook ads for statistical and market research purposes. Because we also recognize, for example, whether you were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The processing of the data by the provider takes place within the framework of the Facebook data usage guidelines, which can be found at the following address: www.facebook.com/policy.php. Further information on the Facebook pixel and its functions can be found in the Facebook help section at the following address: www.facebook.com/business/help/651294705016616.
You have the option to object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To do this, you can call up the website specially set up by Facebook and follow the instructions there on the settings for usage-based advertising: www.facebook.com/settings?tab=ads.
The settings you make here are platform-independent, i.e. they apply to all end devices.
The legal basis for the processing of your data is Article 6 Paragraph 1 Sentence 1 Letter f GDPR.
Facebook has submitted to the EU ‐ US Privacy Shield (www.privacyshield.gov/EU‐USFramework).
25.0 How and for what do we use Google Maps?
We use content from Google Maps on our website to display maps or to create route maps (provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin, 4, Ireland). According to the provider, its servers are located in different countries around the world, so that data transmission to third countries cannot be ruled out. The legal basis for the use of Google Maps is Article 6, Paragraph 1, Sentence 1, Letter f of the GDPR.
When you visit our website, Google receives the information that you have accessed the corresponding subpage of our online presence. In addition, certain data is transmitted, e.g. your IP address. This happens regardless of whether you have a Google user account or are logged in there. If you are logged into your Google user account, your data will be assigned directly to your account. If you do not want such an assignment, you have to log out of your Google user account. Google processes your data for the purposes of advertising, market research and / or the needs-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users about your activities on our website. You have the right to object to this type of data processing. If you want to exercise your right of objection, please contact Google directly.
Google also processes your personal data in the USA and has submitted to the EU ‐ US Privacy Shield (www.privacyshield.gov/EU‐US Framework).
26.0 Which social media profiles do we use?
We operate the profiles listed below in social networks in order to be able to contact the users active there and to inform them about our services. When calling up the respective networks, the respective terms and conditions as well as the data protection information of the respective operator apply. Unless otherwise stated in our data protection declaration, users' data will only be processed if they come into contact with us within the social networks, e.g. write posts on our profile pages or send us messages.
Our social media profile:
‐ Facebook (Data protection notice, Agreement on common responsibility)
- Instagram (Data protection notice , Privacy Shield certification)