Data protection

1) Information about the collection of personal data and contact details of the person responsible

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we will inform you about how your personal data is handled when you use our website. Personal data is all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Florian Gansmeier, Achwaldstraße 4d, 80999 Munich, Germany, Tel.: +49 173 37 19 740, Email: hello@myflowerlife.de. The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses SSL or. TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.

2) Data collection when you visit our website

If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

• Our visited website
• Date and time at the time of access
• Amount of data sent in bytes
• Source/reference from which you came to the page
• Browser used
• Operating system used
• IP address used (if necessary: ​​in anonymized form)

Processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) Hosting

Hosted by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”) for the purpose of hosting and displaying the online shop on a basis Processing on our behalf. All data collected on our website is processed on Shopify’s servers. As part of Shopify's aforementioned services, data may also be processed further on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc . or Shopify (USA) Inc. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned above by Shopify only takes place within the scope stated below.

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable you to recognize your browser the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values ​​on an individual basis. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can find out how long each cookie is stored in the overview of the cookie settings in your web browser.

In some cases, cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed through individual cookies we use, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract, in accordance with Art. 6 Para. 1 lit in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) Contact us

When you contact us (e.g. via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 (1) (b) GDPR. Your data will be deleted after your request has been processed. This is the case if it can be seen from the circumstances that the matter in question has been conclusively clarified and if there are no legal retention obligations to the contrary.

6) Data processing when opening a customer account and for contract processing

In accordance with Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide it to us to execute a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Your customer account can be deleted at any time and can be done by sending a message to the above address of the person responsible. We store and use the data you provide to process the contract. After the contract has been fully processed or your customer account has been deleted, your data will be blocked in consideration of tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or reserve the right to further use of your data as permitted by law on our part became.

7) Comment function

As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commenter name you chose are saved and published on this website. Furthermore, your IP address is logged and stored. The IP address is stored for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content through a comment made. We need your email address in order to contact you if a third party should complain that your published content is illegal. The legal basis for storing your data is Article 6 Paragraph 1 Letters b and f GDPR. We reserve the right to delete comments if they are criticized by third parties as being unlawful.

8) Use of customer data for direct advertising

8.1 Registration for our email newsletter

If you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an email newsletter if you have expressly confirmed to us that you agree to receive the newsletter. We will then send you a confirmation email in which you will be asked to confirm that you want to receive the newsletter in the future by clicking on a corresponding link.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. When you register for the newsletter, we save your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data we collect when you register for the newsletter will be used exclusively for advertising purposes via the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the person responsible mentioned at the beginning. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.

8.2 Sending the email newsletter to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers by email for goods or services similar to those you have already purchased from our range. In accordance with Section 7 Paragraph 3 UWG, we do not need to obtain your separate consent for this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Article 6 (1) (f) GDPR. If you have initially objected to the use of your email address for this purpose, we will not send emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with future effect by notifying the person responsible named at the beginning. For this you will only incur transmission costs according to the basic tariffs. Once your objection has been received, the use of your email address for advertising purposes will be stopped immediately.

8.3 Newsletter dispatch via Klaviyo

Our email newsletters are sent via the technical service provider “Klaviyo”, 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/), to whom we pass on the data you provided when registering for the newsletter . This transfer is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR and serves our legitimate interest in using an advertising-effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a Klaviyo server in the USA and stored there.

Klaviyo uses this information to send newsletters on our behalf. Klaviyo does not use the data of our newsletter recipients to write to them ourselves or to pass them on to third parties.
To protect your data in the USA, we have a data processing agreement with Klaviyo (“Data Processing Agreement”), in which Klaviyo undertakes to protect our users’ data, to process it on our behalf in accordance with its data protection regulations and in particular not to third parties to pass on.

You can view Klaviyo's privacy policy here: https://www.klaviyo.com/privacy

9) Data processing for order processing

9.1 To process your order, we work with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

The personal data we collect will be passed on to the transport company commissioned with the delivery as part of the contract processing, to the extent that this is necessary to deliver the goods. We pass on your payment data to the commissioned credit institution as part of payment processing, provided this is necessary for payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for passing on the data is Article 6 Paragraph 1 Letter b GDPR.

9.2 Use of payment service providers (payment services)

-Amazon Pay
If you select the payment method "Amazon Pay", payment is processed via the payment service provider Amazon Payments Europe sca, 38 avenue JF Kennedy, L-1855 Luxembourg (hereinafter: "Amazon Payments"), to whom we will pass on the information you provided during the ordering process along with the Pass on information about your order in accordance with Article 6 Paragraph 1 Letter b GDPR. Your data will be passed on exclusively for the purpose of processing payments with the payment service provider Amazon Payments and only to the extent that it is necessary for this purpose. You can find further information about Amazon Payments' data protection regulations at the following internet address: https://pay.amazon.com/de/help/201751600
-Apple Pay
If you choose the “Apple Pay” payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed using the “Apple Pay” function of your device running iOS, watchOS or macOS by debiting a payment card stored with “Apple Pay”. Apple Pay uses security features built into your device's hardware and software to protect your transactions. In order to approve a payment, you must enter a code previously specified by you and verify it using the “Face ID” or “Touch ID” function of your device.
For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. Encryption ensures that only the website through which the purchase was made can access the payment details. After the payment is made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment success.
If personal data is processed during the transfers described, the processing takes place exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
Apple retains anonymized transaction information, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can be used to identify you. You can turn off the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- Google Pay
If you choose the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment will be processed via the “Google Pay” application on your device with at least Android 4.4 (“KitKat”) operated mobile device with an NFC function by charging a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). In order to approve a payment via Google Pay in the amount of more than €25, you must first unlock your mobile device using the verification measure that has been set up (e.g. facial recognition, password, fingerprint or pattern).
For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the originating website, which is used to verify a payment made. This transaction number does not contain any information about the real payment details of your payment methods stored with Google Pay, but is created and transmitted as a one-time valid numerical token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment process. The transaction is carried out exclusively between the user and the source website by debiting the payment method stored with Google Pay.
If personal data is processed during the transfers described, the processing takes place exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
Google reserves the right to collect, store and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photographs that you included with the transaction, the name and email address of the seller and buyer, respectively. the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, the verification of process data and the optimization and functionality of the Google Pay service.
Google also reserves the right to combine the processed process data with other information that is collected and stored by Google when you use other Google services.
The Google Pay terms of use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection with Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna
If you select a Klarna payment service, payment is processed via Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable payment to be processed, your personal data (first and last name, street, house number, zip code, city, gender, email address, telephone number and IP address) as well as data relating to the order are used (e.g. invoice amount, item, delivery type) will be passed on to Klarna for the purpose of identity and creditworthiness checks, provided that you have expressly consented to this in accordance with Article 6 Paragraph 1 Letter a of the GDPR as part of the ordering process. You can see which credit agencies your data can be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report can contain probability values ​​(so-called score values). To the extent that score values ​​are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of a payment default to make a balanced decision about the establishment, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the person responsible for data processing or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.
Your personal information will be used in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations for those affected based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for those affected based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
treated.
-Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, we pass on your payment data to PayPal (Europe) Sarl et Cie, SCA, 22- as part of the payment processing. 24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”), further. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values ​​(so-called score values). To the extent that score values ​​are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data. Further data protection information, including information about the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment is processed via the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will receive the information you provided during the ordering process, along with the information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Article 6 Paragraph 1 Letter b GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information about Shopify Payments’ data protection can be found at the following internet address: https://www.shopify.com/legal/privacy.
Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
- IMMEDIATELY
If you select the payment method “SOFORT”, payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SOFORT”), to whom we will send the information you provided during the ordering process, along with the information about your order in accordance with Art. 6 Paragraph 1 Letter b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will be passed on exclusively for the purpose of processing payments with the payment service provider SOFORT and only to the extent that it is necessary for this purpose. You can find further information about SOFORT's data protection regulations at the following internet address: https://www.klarna.com/sofort/datenschutz.

10) Contact us for review reminders

Review reminder by Trusted Shops
If you have given us your express consent to this during or after your order in accordance with Art. 6 Para. 1 lit. a GDPR, we will transmit your email address to the rating platform Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www .trustedshops.de) so that they can send you a review reminder by email.
You can revoke your consent at any time by sending a message to the person responsible for data processing or to the rating platform.

11) Use of rating and seal of approval graphics

Trusted Shops Trustbadge

The Trusted Shops trust badge is integrated into this website to display our Trusted Shops seal of quality and to offer Trusted Shops membership to buyers after an order.

This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer, Art. 6 Para. 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

When you access the trust badge, the web server automatically saves a so-called server log file, which contains, for example, your IP address, date and time of retrieval, amount of data transferred and the requesting provider (access data) and documents the retrieval. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your site visit.

Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.

12) Use of social media: Social plugins

Instagram plugin as a Shariff solution

Our website uses so-called social plugins (“plugins”) from the online service Instagram, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”).

In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plugins, but rather simply using an HTML link. This type of integration ensures that no connection is established to Instagram's servers when you access a page on our website that contains such buttons. When you click on the button, a new browser window opens and calls up the Instagram page, where you can interact with the plugins there (if necessary after entering your login data).

The purpose and scope of data collection and the further processing and use of the data by Instagram as well as your related rights and setting options to protect your privacy can be found in Instagram's data protection information: https://help.instagram.com/155833707900388/

13) Online Marketing

Facebook Pixel for creating custom audiences with extended data matching (without cookie consent tool)
Within our online offering, the so-called “Facebook Pixel” from the social network Facebook is used in the extended data comparison mode, which is operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”).
Based on their express consent, if a user clicks on an ad placed by us on Facebook, an addition is added to the URL of our linked page by Facebook Pixel. After being redirected, this URL parameter is then written into the user's browser via a cookie, which our linked page sets itself. In addition, this cookie records specific customer data such as the email address, which we collect on our website linked to the Facebook ad during processes such as purchasing, account logins or registrations (extended data comparison). The cookie is then read by Facebook Pixel and enables the data, including specific customer data, to be forwarded to Facebook.
With the help of the Facebook pixel with extended data comparison, Facebook is able to precisely determine the visitors to our online offering as a target group for the display of advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel with extended data comparison in order to show the Facebook ads we place only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products). determined based on the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel with extended data comparison, we would also like to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. This allows us to further evaluate the effectiveness of Facebook advertisements for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion”). Compared to the standard version of Facebook Pixel, the extended data matching function helps us to better measure the effectiveness of our advertising campaigns by recording more attributed conversions.
All transmitted data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage guidelines (https://www.facebook.com/about/privacy/). The data can enable Facebook and its partners to place advertisements on and outside of Facebook.
These processing operations only take place if express consent is given in accordance with Article 6 (1) (a) GDPR.
Consent to the use of the Facebook Pixel may only be given by users who are older than 16 years old. If you are younger, we ask that you ask your guardians for permission.
The information generated by Facebook is usually transmitted to a Facebook server and stored there; this may also be transmitted to the Facebook Inc. servers in the USA. You can revoke your consent at any time by deactivating Facebook pixel tracking. For this purpose, you can set an opt-out cookie, which deactivates Facebook pixel tracking, by clicking on the link below:
Disable Facebook Pixel
This opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you must click on the link above again.

14) Tools and miscellaneous

14.1 DATEV
To handle the accounting, we use the cloud-based accounting software from DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg (“DATEV”).
DATEV processes incoming and outgoing invoices as well as our company's bank transactions in order to automatically record invoices, match them to the transactions and create financial accounting from them in a semi-automated process.
If personal data is also processed, the processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR on the basis of our legitimate interest in the efficient organization and documentation of our business processes.
Further information about DATEV, the automated processing of data and the data protection regulations can be found at https://www.datev.de/web/de/m/ueber-datev/datenschutz/

14.2 Shopsync for Shopify

This website uses the Shopify app “Shopsync” from ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
With the help of ShopSync, the newsletter service “Mailchimp” is synchronized with our Shopify account in such a way that, on the one hand, updates to Mailchimp email lists (e.g. an opt-out of a newsletter recipient) are also automatically stored on Shopify and, on the other hand New contact data generated through contract conclusions on Shopify are automatically transferred to Mailchimp's email lists.

In the former case, data processing takes place in accordance with Article 6 Paragraph 1 Letter f of the GDPR on the basis of our legitimate interest in the effective and cross-system maintenance of the profiles of advertising recipients and the efficient consideration of legally significant status changes.

In the second case, exclusively on the basis of the user's express consent in accordance with Article 6 Para. 1 lit (purchase amount, time and date of purchase) transferred to Mailchimp by ShopSync.

Data transferred in this way will not be saved or retained by ShopSync after synchronization. All information synced between Shopify and Mailchimp is transferred using Secure Socket Layer (SSL) technology, and all transferred information remains encrypted during the sync process.

The synchronization process requires the transfer of information over a secure connection to servers hosted by Amazon Web Services in the United States.

Further data protection information about ShopSync can be found here: https://shopsync.io/privacy-policy

15) Rights of the person concerned

15.1 The applicable data protection law grants you comprehensive data subject rights (rights of information and rights of intervention) vis-à-vis the person responsible regarding the processing of your personal data, which we will inform you about below:

• Right to information in accordance with Art. 15 GDPR: In particular, you have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned Storage period or the criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected from you by us, that Existence of automated decision-making including profiling and, if necessary, meaningful information about the logic involved and the scope and intended effects of such processing affecting you, as well as your right to be informed about what guarantees exist in accordance with Art. 46 GDPR when your data is forwarded to third countries;
• Right to rectification in accordance with Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and/or completion of incomplete data stored by us;
• Right to deletion in accordance with Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 Paragraph 1 GDPR are met. However, this right does not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data you dispute is checked, if you refuse to delete your data due to unlawful data processing and instead Request restriction of the processing of your data if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons relating to your particular situation as long as it is not yet clear whether our legitimate interests are reasons predominate;
• Right to information in accordance with Art. 19 GDPR: If you have asserted the right to rectification, deletion or restriction of processing against the person responsible, the person responsible is obliged to inform all recipients to whom the personal data concerning you have been disclosed this rectification or deletion of the data or Restriction of processing unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
• Right to data portability in accordance with Art. 20 GDPR: You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible, to the extent that this is technically feasible;
• Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation;
• Right to complain in accordance with Art. 77 GDPR: If you are of the opinion that the processing of personal data concerning you violates the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement.

15.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCE OF INTERESTS BASED ON OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU USE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN PROVE COMPLEX REASONS FOR THE PROCESSING THAT ARE worthy of protection, which OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE YOUR OPT-OUT AS DESCRIBED ABOVE.

IF YOU USE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT ADVERTISING PURPOSES.

16) Duration of storage of personal data

The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing and - if relevant - additionally based on the respective legal retention period (e.g. commercial and tax law retention periods).

When processing personal data on the basis of express consent in accordance with Article 6 (1) (a) GDPR, this data will be stored until the person concerned revokes their consent.

If there are statutory retention periods for data that are processed within the framework of legal or transaction-like obligations on the basis of Article 6 Para. 1 lit and/or we have no legitimate interest in further storage.

When processing personal data on the basis of Article 6 Paragraph 1 Letter f of the GDPR, this data will be stored until the data subject exercises his or her right to object in accordance with Article 21 Paragraph 1 of the GDPR, unless we can provide compelling legitimate reasons provide evidence for the processing that outweighs the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct advertising on the basis of Article 6 Paragraph 1 Letter f of the GDPR, this data will be stored until the data subject exercises his or her right to object in accordance with Article 21 Paragraph 2 of the GDPR.

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.