Data protection information according to the GDPR
1. Name and address of the person responsible for processing
The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:
Bonnie Stylez Online shop
In addition, to optimize user-friendliness, we also use temporary cookies that are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically be recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
The data processed by cookies are in accordance with Art. 6 para. 1 p. 1 lit. f GDPR required.
It is possible to object to the setting of cookies at any time by changing the settings in the internet browser. Laws Cookies can be deleted
This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Internet Explorer: windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Please note that if cookies are deactivated, not all functions of our website may be able to be used to their full extent.
3. When visiting the website
When accessing the website, data and information are collected by an automated system. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:
(1) Information about the browser type and version used
(2) The user's operating system
(3) User's Internet Service Provider
(4) The user's IP address
(5) Date and time of access
(6) Websites from which the user's system reaches our website (referrer)
(7) Websites that are accessed by the user's system via our website
The data mentioned will be processed by us for the following purposes:
• Ensuring a smooth connection of the website,
• Ensuring comfortable use of our website,
• Evaluation of system safety and stability and
• for further administrative purposes.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. In no case do we use the collected data to draw conclusions about your person.
If you are by Art. 6 para. 1 lit. a GDPR, we use your e-mail address to send you our newsletter regularly. If the newsletter of our company is subscribed, the data in the respective input mask will be transmitted to the controller
When registering for the newsletter, the user's IP address as well as the date and time of registration are saved. This serves to prevent misuse of the services or the email address of the data subject. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass it on.
The data is used exclusively for sending the newsletter. The subscription to the newsletter can be canceled by the data subject at any time. You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can send your request to unsubscribe at any time by email to firstname.lastname@example.org.
Likewise, consent to the storage of personal data can be revoked at any time.
5. Ways to contact us
A contact is possible via the provided email address. If the data subject makes contact with the controller via one of these channels, the personal data transmitted by the data subject is automatically stored. The data processing for the purpose of contacting us takes place according to Art. 6 para. 1 sentence 1 lit. a GDPR based on your voluntary consent.
The storage serves solely for the purposes of processing or contacting the data subject. A transfer of data to third parties does not take place.
6. Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only as long as it is necessary to achieve the purpose of storage. In addition, storage may take place where this is provided by the European or national legislator in Union regulations, laws or other provisions to which the processing is subject
As soon as the storage purpose is dispensed with or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.
7. Rights of the data subject
If your personal data is processed, you are the data subject i.S.d. GDPR and you have the following rights to the controller:
7.1 Right to information
You may require the controller to confirm whether personal data concerning you are processed by us
If such processing occurs, you can request information from the person responsible about the following information:
a. the purposes for which the personal data is processed;
b. the category of personal data being processed;
c. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
d. the planned period of storage of personal data concerning you or, if specific information is not possible, criteria for determining the storage period;
e. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
f. the existence of a right to lodge a complaint with a supervisory authority;
g. any available information on the origin of the data if the personal data is not collected by the data subject;
h. the existence of automated decision-making including profiling according to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and the intended effects of such a processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
7.2 Right to rectification
You have a right to rectification and/or completion to the controller if the processed personal data concerning you are incorrect or incomplete. The controller shall make the correction without delay.
7.3 Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
a. if you contest the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data;
b. the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
c. the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
d. if you object to the processing pursuant to Art. 21 par. 1 GDPR and does not yet determine whether the legitimate reasons of the controller override your reasons.
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
Was the restriction of processing according to the o.g. Requirements are restricted, you will be informed by the person responsible before the restriction is lifted.
7.4 Right to deletion
7.4.1. You may request the controller to eradicate the personal data concerning you immediately, and the controller is obliged to delete this data without delay, provided that one of the following reasons applies:
a. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
b. You revoke your consent on which the processing was based in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for the processing
c. You object to the processing in accordance with Article 21 Paragraph 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 Paragraph 2 of the GDPR
d. Your personal data has been processed unlawfully
e. The deletion of personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject
f. The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
7.4.2.Hat the controller makes the personal data relating to you public and is pursuant to Art. 17 para. 1 GDPR, taking into account the available technology and the implementation costs, it shall take appropriate measures, including a technical nature, in order to inform controllers who process the personal data that you, as a data subject, has requested from them the deletion of all links to these personal data or copies or replications of this personal data
7.4.3. The right to erasure does not exist if the processing is necessary
a. to exercise the right to freedom of expression and information;
b. to fulfill a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
c. for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 GDPR;
d. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to. Art. 89 para. 1 GDPR, insofar as this is described in para. 1 is likely to make it impossible or seriously impair the achievement of the objectives of this processing; or
e. to assert, exercise or defend legal claims.
7.5 Right to information
If you have asserted the right to rectification, erasure or restriction of processing with respect to the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients.
7.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that
a. the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to. Art. 6 para. 1 lit. b GDPR is based and
b. Processing is carried out using automated methods.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, to the extent that this is technically feasible. The freedoms and rights of other people must not be impaired by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task that is in public interest or in the exercise of public authority that has been transferred to the controller.
7.7 Right to object
You have the right, for reasons arising from your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR to object; this also applies to profiling based on these provisions
The person responsible will no longer process your personal data unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
In connection with the use of information society services - regardless of Directive 2002/58/EC - you have the opportunity to exercise your right to object using automated procedures that use technical specifications.
7.8 Right to revoke the data protection consent declaration
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.
7.9 Automated decision in individual cases including profiling
They have the right not to be subject to a decision based solely on automated processing, including profiling, which it develops in relation to legal effect, or which it significantly affects in a similar way. This does not apply if the decision
a. is necessary for the conclusion or fulfilment of a contract between you and the controller,
b. is permitted by Union or Member State law to which the controller is subject and such law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or
c. with your express consent.
However, these decisions may not be taken in special categories of personal data according to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in a. and c., the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express its own position and contest the decision.
7.10 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR violates
The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.
8. Transfer of data to third parties
The data will not be passed on to third parties
We will only share your personal information with third parties if:
• You have given your express consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR,
• the disclosure in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
• in the event that there is a legal obligation for the transfer in accordance with Article 6 Paragraph 1 Sentence 1 Letter c GDPR, as well as
• this is legally permissible and is necessary for the processing of contractual relationships with you in accordance with Article 6 Paragraph 1 Sentence 1 Letter b of the GDPR.
9. Legal basis for processing
If we obtain the consent of the data subject for processing personal data, Article 6 paragraph 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Article 6 paragraph 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 paragraph 1 lit. c GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 paragraph 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 paragraph 1 lit. f GDPR serves as the legal basis for the processing. The legitimate interest of our company lies in carrying out our business activities.
10. Analysis tools
The tracking measures listed below and used by us are carried out on the basis of Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. With the tracking measures we use, we want to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you. These interests are to be viewed as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
10.1 Google Analytics
On our website we use Google Analytics, a web analysis service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called “cookies”, text files that are stored on your device and enable analysis of the use of the websites you visit. Google Analytics may also use so-called web beacons (invisible graphics). These web beacons can be used to evaluate information such as visitor traffic on websites. The information generated by cookies and web beacons about the use of our website (including the user's IP address) is transmitted to a Google server, possibly in the USA or other third countries, and stored there. This information may be passed on by Google to Google's contractual partners.
Information about Google's existing Privacy Shield certification and other relevant data on data processing by Google when using Google services can be found in this data protection declaration under section "6) Information about Google services".
The following types of data are processed by Google:
• Online identifiers (including cookie identifiers)
• IP Address
• Device identifiers
In addition, you can find further detailed information about the information processed at https://www.google.com/intl/de/policies/privacy/#infocollect under “Data we receive as a result of your use of our services” and under https://privacy.google.com/businesses/adsservices/.
We only use Google Analytics with activated IP anonymization (“anonymize IP”). As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Furthermore, we have concluded an order processing contract with Google for the use of Google Analytics (Article 28 GDPR). Google processes the data on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide us with other services relating to website activity and internet usage. Google may, if necessary, transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.
By integrating Google Analytics, we pursue the purpose of analyzing user behavior on our website and being able to react to it. This allows us to continually improve our offering.
The legal basis for the processing of personal data described here is Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest for this lies in the great benefit that the functions described above have for our offering. The statistical evaluation of user behavior enables us to react and optimize our offering in line with our interests.
As part of order processing, Google is entitled to order subcontractors. A list of these subcontractors can be found below https://privacy.google.com/businesses/subprocessors/ find.
10.2 Google Adsense
This website uses Google AdSense, a service for integrating advertisements from Google Inc. ("Google"). Google AdSense uses so-called. "Cookies", text files that are stored on your computer and allow an analysis of the use of the website. Google AdSense also uses so-called web beacons (invisible graphics). This web beacons allows information such as visitor traffic to be evaluated on these pages.
The information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to and stored by Google in the USA. This information can be forwarded by Google to contractors of Google. However, Google will not merge your IP address with other data stored by you.
You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case, you may not be able to fully use all the functions of this website. By using this website, you agree to the processing of the data collected about you by Google in the manner described above and for the purpose specified above.
11. Data security
We use the common SSL (Secure Socket Layer) method within the website visit in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted encoded, you can see the closed representation of the bowl or lock icon in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continually improved according to technological development.
12. Use of payment service providers (payment service providers)
For payment via PayPal, credit card via PayPal, PayPal Express, direct debit via PayPal or – if offered – "purchase on account" or "rate payment" via PayPal, we will give your payment details to PayPal (Europe) in the course of payment processing S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may remain entitled to process your personal data if this is necessary for contractual payment processing.
If you have selected PayPal Express as payment method, we will provide the following personal data to PayPal (Europe) S.á for further processing of the payment.r.l. & Cie, S.C.A.:
- Total amount of the order
- Reference on the PayPal account.
If you have stored your PayPal account in our online shop, you also have access to your PayPal account email address. PayPal will then send the following data about your order back to us so that the order can be processed:
- Encrypted PayPal account number
- E-mail address
- First and last name
- Delivery address
Further information about PayPal's data protection can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.
12.2 Immediate transfer
On our website we offer u.a. payment Klarna Bank AB (publ) Sveavägen 46, 111 34 Stockholm, Sweden (‘Klarna Bank AB (publ)’).
In collaboration with Klarna, we offer you instant transfer, purchase on account and the Klarna installment purchase financing service as payment options. When paying with Klarna, you never have to provide your account details and you only pay once you have received the goods.
With the Klarna invoice and Klarna installment purchase payment methods, delivery to a delivery address that differs from the billing address is not possible. We ask for your understanding in this regard.
When buying on account with Klarna you always get the goods first and you always have a payment period of 14 days. For more information and Klarnas complete GTC for purchase of invoice, please see: Link to Klarna (New window)
Klarna installment purchase
With the Klarna installment purchase financing service, you also receive the goods first. All your purchases will then be collected on one invoice at the end of the next month. You can then pay this invoice in flexible installments, but you can also pay the total amount at any time. Further information about the Klarna installment purchase financing service can be found here (link to Klarna (new window)). You can download the complete terms and conditions for Klarna installment purchase here (Klarna terms and conditions (PDF)).
Instant bank transfer
Using the “immediate transfer” procedure, we receive a payment confirmation from Klarna Bank AB (publ) in real time and can begin fulfilling our obligations immediately.
If you have opted for the “Sustainable Transfer” payment method, send the PIN and a valid TAN to Klarna Bank AB (publ), which can log into your online banking account. Klarna Bank AB (publ) automatically checks your account balance after log-in and carries out the transfer to us with the help of the TAN you transmit. It will then send us a transaction confirmation immediately. After logging in, your sales, the credit framework of the dispo loan and the presence of other accounts and their holdings are also automatically checked.
In addition to the PIN and the TAN, the payment data entered by you and data about your person are also transmitted to Klarna Bank AB (publ). The data concerning your person is first and last name, address, telephone number(s), email address, IP address and, if necessary, other data necessary for payment processing. The transmission of this data is necessary to identify your identity without doubt and to prevent fraud.
Your data is transmitted to Klarna Bank AB (publ) based on Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 lit. b GDPR (processing for fulfilling a contract). You have the possibility to revoke your consent to data processing at any time. Revocation does not affect the effectiveness of data processing operations in the past.
Klarna checks and evaluates the consumer's data and, if there are legitimate reasons, exchanges data with other companies and credit reporting agencies (credit check). If the consumer's creditworthiness is not guaranteed, Klarna AB can refuse the customer Klarna's payment methods and must point out alternative payment options. Your personal information will be treated in accordance with data protection law and will not be passed on to third parties for advertising purposes. For more information about Klarna visit www.klarna.com
13. Social media
We put on our website on the basis of the kind. 6 para. 1 p. 1 lit. f GDPR, use social plug-ins of the social networks to make our company known about this. The following commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for the data protection-compliant operation shall be ensured by their respective providers. The integration of these plug-ins by us takes place, among other things, by means of the so-called two-click method in order to protect visitors of our website in the best possible way. Or we set a simple link to the corresponding website.
Our website uses social media plugins from Facebook to make their use more personal. For this we use the “LIKE” or “SHARE” button. This is an offer from Facebook.
If you access a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted from Facebook directly to your browser and integrated into the website.
By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example by clicking the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.
Facebook can use this information for the purposes of advertising, market research and needs-based design of the Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. B. to evaluate your use of our website with regard to the advertisements shown to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook.
If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.
Purpose and scope of data collection and further processing and use of data by Facebook as well as your relevant rights and settings to protect your privacy Please provide the data protection information (https://www.facebook.com/about/privacy/) by Facebook.
Our website uses functions of Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you access our pages with Twitter plug-ins, a connection is established between your browser and the Twitter servers. Data is already transmitted to Twitter. If you have a Twitter account, this data can be linked. If you do not wish to assign this data to your Twitter account, please log out to Twitter before visiting our page. Interactions, in particular clicking on a “Re-Tweet” button, are also passed on to Twitter. Learn more athttps://twitter.com/privacy.
Functions of the Instagram service are integrated on our website. These features are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to assign the visit of our pages to your user account. We would like to point out that, as the provider of the pages, we do not receive any knowledge of the content of the transmitted data and their use by Instagram.
14. Live Chat Smartsupp
The live chat tool “Smartsupp” is used on our website. This live chat software enables visitors to our website to receive answers to any questions quickly and easily. The user of the live chat is not obliged to provide any information about the person or company. All information provided is on a voluntary basis. The user's IP address is anonymized in accordance with legal regulations. The chat history is saved and evaluated anonymously. In order to enable the user to have real-time chat on the website, “cookies”, d.h. Text files stored on the user's computer. The user can find more details from the data protection instructions of “Smartsupp”:smartsupp.com/privacy
15. Duration of storage of personal data
Personal data is stored for the duration of the respective statutory retention period. After the deadline has expired, the data will be routinely deleted unless there is a need to initiate or fulfill a contract.