Data Protection Declaration
In the data protection declaration below for the website mimicri.de we would like to inform you about which personal data we collect, for which purposes we process your personal data and, if appropriate, disclose them to third parties, as well as your rights in this connection.
Table of contents
1. General Information
2. Data processing operations
2.1 Provision of the website
2.3 Data processing when using our online-shop
2.4 Instagram plug-in
2.5 Email contact, telephone contact, contact via social-media-platform
3. Your data protection rights
4. Disclosure to third parties
1. General Information
The competent authority within the meaning of the GDPR, other national data protection laws of the Member States as well as any other data protection regulations for the website mimicri.de and designated body for data protection is:
2. Data processing operations
2.1 Provision of the website
2.1.1 Description and scope of data processing
If the website is used for informational purposes only, thus if you do not transmit information to us otherwise, we only collect personal data your internet browser transmits to our server when visiting our website:
• IP address (possibly in anonymised, shortened form)
• Date and time of the request
• Time zone difference with Greenwich Mean Time (GMT)
• Subject of the request (specific details)
• Status of access/http status code
• Respective data volume transmitted
• Website from which the request is sent
• Browser type or App used
• Operating system and its interface
• Language and browser software version
The data are also saved in our system’s log files. Saving these data combined with other personal data does not take place. The data of the server log files are stored separately from other personal data supplied.
2.1.2 Purpose and legal basis for data processing
When you visit our website, we collect the data mentioned under 2.1.1, as they are technically necessary to display our website and to guarantee the system’s stability and safety. Storing data in log files ensures the website’s functionality. Moreover, the data serve to optimise the website and ensure the safety of our information technology systems. Hence our legitimate interest in data processing as per Art. 6 (1) lit. f) GDPR.
2.1.3 Storage duration
The data will be deleted as soon as no longer necessary to achieve the purpose of their collection. If data are collected to display the website, this occurs when the respective session has ended, i.e. when you are leaving our website.
2.1.4 Opposition and removal possibility
The collection of data to for the website’s display and the storage of data is absolutely necessary for the operation of the website. Therefore, the user cannot use the website without such data processing.
2.2.1 Description, scope, purpose and duration of data processing
Cookies are small text files that are stored in your computer’s Internet browser and enable us to identify your browser on your next visit. Cookies may not run programmes or transmit viruses to your computer.
We use both so-called session cookies used for the duration of an online visit and those used long-term, remaining stored on your computer until you delete them or are deleted automatically only after a certain period of time. Long-term cookies are used in particular to provide you, the customer, with permanently recurring settings in the online shop. To the extent other cookies (analysis cookies) are stored, they are dealt with separately in this data protection declaration.
We use the following cookies whose scope and functionality are explained in more detail below:
• Session cookies
They are usually deleted automatically when you turn off the Internet browser, respectively a session has expired. These cookies store a so-called session ID by which various requests of your Internet browser can be assigned to the shared session. Thereby, your computer may be recognised when you return to our website. Usually, session cookies are deleted when you log off or close the Internet browser. The following data may be stored and transmitted in session cookies:
• language settings
• any log-in information
• visitor ID
• timestamp with start and end of the current session
We use the following session cookies:
(Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA)
_icl_current_language – language settings
cookie_notice_accepted – recognises confirmation of the cookie-banner at the outset
• Long-term cookies
Long-term cookies are deleted automatically after a specific period of time which may differ depending on the cookie. You may determine yourself whether to delete or deactivate cookies in the security settings of your Internet browser at any time. Data are collected and stored on an as-needed basis and to optimise our Internet pages.
We use the following long-term cookies:
(Snipcart Inc. 2018, Québec City, Canada)
snipcart_jwt – duration 7 days – identifies a user on the website for snipcart and defines
user’s rights agreed with snipcart (e.g. ordering as guest only)
snipcart_order_token – duration 7 days – contains the acquisition for a later conclusion
2.2.2 Legal basis and purpose for data processing
The legal basis for processing personal data using cookies is Art. 6 (1) lit. f) GDPR.
2.2.3 Opposition and removal possibility
Please note that you can set your Internet browser to be informed about the setting of cookies and decide on a case-by-case basis to accept or exclude the acceptance of cookies in specific cases or in general. Please note that the functionality of our website may be restricted if cookies are not accepted.
2.2.4 Use of analytic tools
Use of Google Analytics
_ga – duration 2 years – for unique identification of the user
_gid – duration 24 hours – for unique identification of the user
The information generated by cookies on the use of this website is usually transmitted to a Google server in the United States and stored there. However, because the IP anonymization function on these websites is activated, your IP address is shortened first by Google within the EU Member States or in other states party to the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the US and shortened there. Google will use this information on our behalf to assess how often you visit the website, to compile reports on website activities and render further services to us in connection with the use of the website and the Internet. The purpose of data processing is to assess the website’s use and compiling reports on the website’s activities. We use the reports generated by Google solely to optimise our website and for market research purposes, and data processing is based on our legitimate interest to run the website.
You may prevent the storage of cookies by an appropriate setting of your browser software; please note however that you may not fully exploit all functions of this website in this case. Furthermore, you may prevent the collection of data generated by the cookie and regarding your use of the website (including your IP address) by Google as well as the processing of these data by Google by downloading and installing the browser plugin available in the following link: Browser Add On to deactivating Google Analytics. This browser add-on is available for Internet Explorer, Google Chrome, Mozilla Firefox, Apple Safari and Opera.
By using this website, you agree that Google may process the data collected about you in the way described and for the purpose aforementioned. You may look up which cookies Google Analytics may store on your computer, how long they are stored and which purpose they serve under deve-lopers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage. Further information on Google’s use of the data can be found under google.com/intl/de/policies/privacy/partners/.
2.3 Data processing when using our online shops
2.3.1 Description, scope and duration of data processing
When you place an order in our online shop, we collect the following data: first name and surname, email address, mobile phone number, billing and shipping address, and payment method chosen.
These data are needed to process binding orders placed by you; otherwise you may not order in our online shop. Only the provision of your mobile phone number is voluntary. It serves to contact you promptly in case of queries and allow the shipping service to notify you of the delivery, if necessary. Herewith you agree with the storage of your mobile phone number for this purpose.
Your data will only be saved as long as needed. We need to store them for longer if required by retention and documentation obligations.
We only disclose personal data to third parties if necessary in the framework of contract execution, e.g. to the company charged with the delivery of the goods or the institute charged with payment processing. There will be no further disclosure of data, respectively only if you expressly agree with such disclosure. Your data will not be disclosed to third parties without express agreement, e.g. for advertising purposes.
To process orders via our online shop, we use the services of Snipcart offered by Snipcart Inc. 2018, Québec City, Canada. For details on Snipcart’s services, please see the data protection provisions of Snipcart Inc. under https://cdn.snipcart.com/legal/dpa.pdf.
Regarding payment processing, we propose the services of PayPal. This payment service is offered by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). By choosing this payment option you agree to the transmission of personal data to PayPal necessary for payment processing. Usually, personal data transmitted to PayPal are fist name, surname, address, email address, IP address, phone number, mobile phone number or other data necessary for payment processing. Also for processing the purchase contract such personal data in connection with the respective order are necessary. The purpose of the data transmission is payment processing and fraud prevention. In particular, we transmit personal data to PayPal if there is a legitimate interest in the transmission. Personal data exchanged between PayPal and us may under certain circumstances be transferred by PayPal to credit reporting agencies to check on identities and credit worthiness. PayPal may pass on personal data to affiliated enterprises, service providers or subcontractors if necessary for meeting contractual obligations or data should be processed on their behalf. For PayPal’s applicable data protection provisions see https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
2.3.2 Legal basis and purpose of data processing
The processing of personal data is based on Art. 6 (a) lit. a) and b) GDPR, allowing data processing to fulfil a contract or pre-contractual measures, respectively, based on consent.
2.3.3 Opposition and removal possibility
You can withdraw your consent to data processing at any time. A withdrawal does not affect the validity of data processing procedures in the past. As to your rights, we refer to point 3. of this data protection declaration. Furthermore, you may withdraw your consent for PayPal’s handling of personal data at any time. Such withdrawal does not affect personal data needing to be processed, used or transmitted for (contractual) payment processing.
2.4 Instagram plug-in
Our website integrates functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. When you are logged into your Instagram account you may click on the Instagram sign to link the content of our pages with your Instagram profile. Thus, Instagram can allocate your visits to our websites to your user account. Please note that we, as provider of the websites, will not be informed by Instagram of the data content transmitted and their use by Instagram. For further information on this subject, please see Instagram‘s Data Protection Declaration: https://help.instagram.com/about/legal/privacy.
2.5 Email contact, telephone contact, contact via social media platform
2.5.1 Description and scope of data processing
On our website our email address figures under „Contact” and elsewhere. You can also reach us via the phone number listed in the legal notice or contact us via the social media platform Instagram. If you contact us by email, phone or via the social media platform Instagram and would like to request information on orders or data protection, on the online shop or other subjects, you may possibly be required to transmit certain personal data to us, such as surname, first name, address, email address or invoice number in order to deal with your query to your entire satisfaction. These data are used solely to verify and process your query for specific purposes. If you contact us via a social-media platform, please note that since it is not owned by us nor falls in our domain, the protection and confidentiality of data provided to us via the respective social media platform may thus not be guaranteed. For questions on data protection, please contact the operators and owner of the social media platform.
No data will be transmitted to third parties in this connection. The data will be used exclusively to process the conversation.
2.5.2 Purpose and legal basis of data processing
Processing of personal data via the respective communication channel solely serves to process your inquiry and dealing with same. Hence the legitimate interest necessary to process the data.
The legal basis for processing data provided by you in the context of your query is Art. 6 (1) lit. f) GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) lit. b) GDPR.
2.5.3 Duration of storage
The data will be deleted as soon as no longer necessary to achieve the purpose of their collection. This applies to personal data transmitted by email when the respective communication with the user has ended. The communication is considered as ended if the circumstances reveal that the relevant situation is definitely clarified. However, we may have to store certain personal data of the communication long-term arising from retention and documentation obligations.
2.5.4 Opposition and removal possibility
Regarding your rights, we refer to point 3. of this data protection declaration.
3. Your data protection rights
Under certain circumstances, you may invoke the following data protection rights vis-à-vis us:
• Right to withdraw consent: If you consented to certain types of processing activities, you may revoke such consent with effect for the future at any time. Such withdrawal does however not affect the legitimacy of processing before you withdrew your consent or to the extent processing on another legal basis is legitimate.
• Right to information: You have the right to be informed about which of your data have been stored by us as per Art. 15 GDPR (if appropriate with restrictions as per § 34 of the BDSG (German Federal Data Protection Act)).
• Right to rectification: At your request, we will rectify your data stored by us as per Art. 16 GDPR if these are incorrect, incomplete or erroneous.
• Right to delete: At your request your data will be deleted in compliance with the principles set out in Art. 17 GDPR unless prevented by other legal provisions (e.g. statutory storage obligations or restrictions as per § 35 of the BDSG) or an overriding interest on our part (e.g. to defend our rights and claims).
• Right to processing restriction: Considering the conditions laid down in Art. 18 GDPR, you may demand that the processing of your data be restricted.
• Right of objection: Furthermore, you may object to the processing of your data as per Art. 21 GDPR. This right of objection is given if certain reasons exist arising from your specific situation and only concern data processing the legality of which is based on weighing up of interests concerning profiling or direct advertising purposes. In such case we will no longer process your data unless we are entitled by law to reject your objection. If you object to direct marketing, including profiling, we will however no longer process your data without you having to provide any reasons.
If you have agreed to direct advertising and no longer wish to receive it, you may withdraw your consent with effect for the future at any time.
• Right to data portability: You are also entitled to receive your data according to the provisions of Art. 20 GDPR in a structured, current and machine-readable format or to transmit them to a third party.
• Complaint to a data protection authority: You may also lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR). We recommend however to always address a complaint first to our legal department for data protection (firstname.lastname@example.org) to enable us to respond to your request as soon as possible.
To ensure timely handling please send your requests to exercise your rights in writing to the following address:
4. Disclosure to third parties
We have called in service providers who, in their capacity of processors, have access to your data and process them for purposes determined concretely by us. These processors may be the website hosting provider, IT support provider, marketing provider or website analysis provider.
If legally required, we would also be obliged to transmit certain data to third parties, i.a. authorities, external consultants, business partners, courts, experts as well as internal committees and control mechanisms.
This Data Protection Declaration was last updated on 30 June 2019. We reserve the right to update this Data Protection Declaration from time to time.