Privacy Policy of Maratti-Collection Anna Cieślik
Content Overview
1. Summary
2. Name and Contact Details of the Data Controller as well as the Internal Data Protection Officer
3. Purposes of Data Processing, Legal Bases and Legitimate Interests Pursued by Maratti-Collection Anna Cieślik or a Third Party, as well as Categories of Recipients
3.1. Accessing Our Website
3.2. Conclusion, Execution or Termination of a Contract
3.3. Data Processing for Advertising Purposes
3.4. Online Presence and Website Optimization
3.5. Customer Account
3.6. Social Login via Facebook, Instagram, Pinterest or Google
3.7. Contact per Email
3.8. Blog
4. Communication with Recipients Outside of the EU
5. Your Rights
6. Data Security Measures
1. Summary
As of the 25th of May 2018, the provisions of the EU General Data Protection Regulation (hereinafter: GDPR) are effective throughout Europe. In what follows, we would like to inform you about the processing of personal data carried out by Maratti-Collection Anna Cieślik in accordance with this new ordinance (see Article 13 of the GDPR). Please carefully review our privacy policy. If you have any questions or comments about this privacy policy, you can address them at any time to the email address indicated under Section
The following privacy policy will inform you about the nature and extent of the processing of so-called personal data by Maratti-Collection Anna Cieślik. Personal data is information that can be directly or indirectly attributed or assigned to your person.
The data processing done by Maratti-Collection Anna Cieślik can essentially be divided into two categories:
– For the purpose of contract execution, all data necessary for the execution of a contract with Maratti-Collection Anna Cieślik is processed. Should external service providers be involved in the execution of the contract, e.g. Logistics companies or payment service providers, your data will be passed on to the extent required.
– By visiting the Maratti-Collection.com website, various information is exchanged between your device and our server. This can also include personal data. The information collected in this way will be used, among other things, to optimize our website or to display advertisements in the browser of your device.
According to the regulations of the GDPR, you have various rights that you can assert against us. This includes, among other things, the right to object to selected data processing; in particular, data processing for advertising purposes. You can quickly identify the option to object by the following symbol:
If you have any questions about our privacy policy, feel free to contact our Internal Data Protection Officer at any time. You can find the contact details below.
2. Name and Contact Details of the Data Controller as well as the Internal Data Protection Officer.
This privacy policy applies to data processing by Maratti-Collection Anna Cieślik, Wybrzeże Stanisława Wyspiańskiego 32 apt.6, 50-370Wrocław, Poland (“Responsible Party”) and the following website: www.annamaratti.com
The Internal Data Protection Officer of the Maratti-Collection.com can be reached at the aforementioned address, c/o Data Protection Officer, or at shop@annamaratti.com.
3. Purposes of Data Processing, Legal Bases and Legitimate Interests Pursued by Maratti-Collection.com or a Third Party, as well as Categories of Recipient
3.1. Accessing our Website
When you visit our website, the browser used on your device automatically sends information to the server of our website and temporarily stores it in a so-called log file. We have no influence over this. The following information is also recorded without any action on your part and is stored until automated deletion:
•the IP address of the requesting Internet-enabled device.
•the date and time of access.
•the website from which access initiated (HTTP referrer)
•the browser you use and, if applicable, the operating system of your Internet-capable device and the name of your access provider
Article 6 (1) (f) GDPR provides the legal basis for processing the IP address. Our legitimate interest derives from the purposes of data collection listed below. At this juncture, we would like to point out that from the data collected, no direct conclusions about your identity can be made nor are they drawn by us.
The IP address of your device and the other data listed above are used by us for the following purposes:
•ensuring a smooth connection setup
•ensuring comfortable use of our website
•evaluating system security and stability
The data is stored for a period of 30 days and then automatically deleted. We also use cookies, tracking tools, targeting techniques and for our website. The exact procedures and how your data is used for that will be described and explained in more detail below in section 3.4.
3.2. Execution, Conclusion, or Termination of a Contract
The scope of activity of Maratti-Collection Anna Cieślik is the remote selling of goods and services. In this context, we process the data required for the execution, conclusion, or termination of a contract with you. Which includes:
•First Name, Last Name
•Billing and Delivery Address
•Email Address
•Billing and payment data
•Date of Birth, if applicable
•Telephone Number, if necessary
The legal basis for this is Article 6 (1) (b) GDPR, i.e. You provide us with the data based on the contractual relationship between us. To process your email address, we are also obligated to send an electronic order confirmation due to a requirement in the Civil Code (BGB) (see Article 6 (1) (c) GDPR). Insofar as we do not use your contact data for advertising purposes (see point 3.3.), we store the data collected for the execution of the contract until the expiration of the statutory or, if applicable, contractual warranty and guarantee rights. After expiration of this period, we retain information of our contractual relationship as required by commercial and tax law for the statutory periods. For this periodfrom the conclusion of the contract, the data will be reprocessed in the event of a review by the tax authorities.
In order to process the purchase agreement, the following data processing is necessary:
If you have selected a payment method other than Pay-In-Advance , we pass on the required payment data to a payment service provider whom we commission. We will forward details of your delivery address to a logistics company commissioned by us for the purpose of completing the purchase agreement.
3.3. Data Processing for Advertising Purposes
The following statements pertain to the processing of personal data for advertising purposes. The GDPR declares such data processing on the basis of Article 6 (1) (f) as fundamentally conceivable and as a legitimate interest. The duration of data storage for advertising purposes is not subject to any rigid principles and is based on the question of whether the storage is required for the promotional approach. In 3.3.4., you can read about the procedure in the case of your opposition.
3.3.1. Advertising Purposes of Maratti-Collection Anna Cieślik
To the extent that you have consummated a contract with us, we will treat you as an established customer. In this case, we will process your postal contact details without explicit consent in order to provide you with information about new products and services. We process your email address in order to provide you with information about particular similar products, without explicit consent.
3.3.2. Personalized Ads
In order for you to only receive promotional information that is of perceived interest to you, we categorize and supplement your customer profile with additional information. This requires the use of both statistical information and information about you (e.g., basic customer profile data). The goal is to provide you with advertisements solely oriented to your actual or perceived needs and not to bother you with useless advertising.
3.3.3. Newsletter
On our website we offer you the opportunity to register for our newsletter.
Your e-mail address is sufficient for registration. As an option, you can also state your gender in order to receive more customized offers.
To avoid improper use of your e-mail address we us a double opt-in process for registration. After registration you will receive an e-mail with a confirmation link. Once you click on the link you will be added to the newsletter mailing list and you will receive another confirmation e-mail with your personal voucher.
Newsletter registration is documented in order to prove that the registration process was completed in accordance with legal requirements. This includes saving the date of registration and confirmation as well as the IP address. In addition, changes to your data which are saved at our email marketing provider (see below) will be documented as well. Documenting the registration process is based on our legitimate interests as per article 6 (1) f GDPR. Our interest is to establish a user friendly and secure newsletter system which serves our business interests as well as meets your expectations and allows us to prove your consent.
Our newsletter is sent out at irregular intervals approximately twice per week. You can expect the following content:
•Information on brand new products
•Sale deals
•Discount vouchers
•Raffles
•Rating our shop (after sale mail)
For sending out the newsletter we will collect and process the following information:
Master Data (if these exist)
•E-mail address
•First name
•Country
•Information on the last order (if available)
•Shipping country
•Shipping status
•Date
Our newsletter contains a tracking pixel file (“web-beacon”) which is triggered when the newsletter is opened from the server of our email marketing provider. With this pixel information is collected such as an IP address, the browser used and the time the newsletter was opened.
The previously mentioned collected and transferred data are only used to improve our newsletter offer.
Dispatch of the newsletter and the associated performance measurement are based on your agreement per article 6 (1) a GDPR in conjunction with § 7 (2) Nr. 3 UWG. If you previously purchased something from our site you are listed as an existing customer. In this case the newsletter is sent out based on our legitimate interests in direct marketing as per article 6 (1) f GDPR in conjunction with § 7 (3) UWG.
You can unsubscribe from the newsletter at any time and object to the use of your e-mail address. You can either unsubscribe via the link at the bottom of every newsletter or directly in “My Account” under the menu item “Newsletter”. The data processed as a result of the newsletter mail-out is not subject to any automatic deletion period, but will be deleted only after unsubscribing to the newsletter.
If you have any questions please contact our customer service at any time.
3.3.4. Right to Object
You can lodge an objection against future data processing for the aforementioned purposes at any time, free of charge, for any model of communication to which you object. Just send an email to shop@annamaratti.com or send a letter to the address mentioned under Section 2 above.
If you file an objection, the affected contact address will be disabled from further advertisement processing. We would like to point out that in exceptional cases, even after receipt of your objection, it is possible that advertising material may continue to be delivered for a temporary period. This is due to the necessary lead time of advertisements and does not mean that we have not implemented your objection. Thank you very much for understanding!
3.4. Online Presence and Website Optimization
3.4.1. Cookies – General Information
On our website we utilize so-called “Cookies”. To the extent these cookies contain personal data, their use will comply with Article 6 (1) (f) GDPR, as our interest in optimizing our website is considered to be justified. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not damage your device and do not contain viruses, Trojans or other malicious software. A cookie contains information that is related to the device that you are using. However, this does not mean that we are directly made aware of your identity.
On the one hand the use of cookies serves to enhance your visit to our website. For example, we use so-called “session cookies” to recognize that you have already visited individual pages on our website or that you’ve already logged in to your customer account. The session cookies are automatically deleted once you’ve left our site.
Similarly, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our website again, it will automatically recognize that you have visited the site before and will implement any input or settings you previously applied, so that you don’t have to enter them all again.
If you have a customer account with Maratti-Collection Anna Cieślik and you are logged in, the information stored in cookies will be assigned to your customer account and saved.
We also use cookies to statistically record the use of our website and evaluate it for the purpose of optimizing our product range and services, and to display information tailored to you. When you visit our website, this type of cookie allows us to automatically identify that you have visited us before. They are automatically deleted after a defined period of time. Most browsers allow cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a notice always appears before a new cookie is stored. However, disabling cookies completely may mean that you won’t be able to use all the features of our website. The storage period of cookies depends on their intended purpose and is not the same for everyone.
3.4.2. Google Analytics / Universal Analytics
For the purpose of the needs-oriented design and continuous optimization of our site, we use Google Analytics on the basis of Article 6 (1) (f) GDPR. It is a web analysis service provided by Google Ireland Limited (“Google”), a company registered and operated under Irish law (register number: 368047), located in Gordon House, Barrow Street, Dublin 4, Ireland. In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your usage of this website such as
•Browser Type / Version,
•Operating System being used,
•Referrer-URL (the page you were previously on),
•Host name of the connected device (IP-Address),
•Time of the server request
are transmitted to Google servers. Google operates servers around the world therefore your data may also be processed on servers outside of the EU, for example on Google LLC servers in the USA. In compliance with the EU Privacy Policy, Google has been certified in accordance with the Privacy Shield Agreement between the EU and USA and Switzerland and the USA.
The information is used to evaluate the usage of the website, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if those third parties are processing the data on Google’s behalf. Your IP address will never be merged with other data from Google. The IP addresses are rendered anonymous, so that identification and assignment is not possible (so-called IP masking).
We use Google Analytics including the features of Universal Analytics. Universal Analytics allows us to analyse the activities on our pages across devices (so-called cross-device tracking, for example, when you access via laptop and later via a tablet). This is made possible by assigning a pseudonymous user ID to a user. This kind of allocation occurs, for example, when you register for a customer account or when you sign into your customer account. However, no personal information is forwarded to Google. Adding additional features to Google Analytics with Universal Analytics does not entail any limitation or reduction of data protection measures such as IP masking or the browser add-on.
You may refuse the use of cookies by selecting the appropriate settings on the browser software. We’d like to point out, however, that if you elect this option, not all of the features of this website may be fully available to you. You may also prevent the collection of data generated by the cookie and relevant to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing this browser add-on.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent Google Analytics from capturing cookies by setting the switch to “ACTIVE”.
Active/Inactive
An opt-out cookie will be set which prevents the future collection of your data when you visit our website. The opt-out Cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you’ll have to reset the opt-out Cookie.
For more information about privacy in connection with Google Analytics, please visit the Google Analytics website.
3.4.3. Targeting
The targeting measures we employ listed below are implemented pursuant to Article 6 (1) (f) GDPR. By employing these targeting measures, we strive to make sure that only advertising oriented to your actual or perceived interests is displayed on your devices, because we do not want to bother you with uninteresting ads.
3.4.4.1. Onsite-Targeting
On our website, cookies are used to collect and evaluate information for ad optimization. This data may contain, for example, information about which of our products you are interested in. The collection and evaluation are done exclusively pseudonymously and does not allow us to identify you. More particularly, the information is not merged with personal information. Using information about your past user behavior, we can show you offers on our site that are specifically geared towards your interests. The Onsite Targeting Cookies are automatically deleted after 30 days.
3.4.5. Social-Media-Plug-ins
As permitted by Article 6 (1) (f) GDPR, we use social media Plug-ins on our website from the social networks Facebook to raise brand awareness. This underlying commercial purpose is regarded as a legitimate interest in accordance with the GDPR. Our compliance with data protection guidelines ensures liability by their respective providers. We integrate these plug-ins by means of the so-called two-click method to best protect visitors of our website.
3.4.5.1. Facebook
Our website uses plug-ins from the social network Facebook, which is provided by Facebook Inc. The Facebook plug-ins are denoted by the Facebook logo with the addition of “like” or “share”.
If you activate such a plug-in (first click), your browser establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and is integrated into the page. Through this integration, Facebook receives the information that your browser has accessed that corresponding page of our website, even if you do not have a Facebook profile or are currently not logged in to Facebook.
This information (including your IP address) will be sent from your browser directly to a Facebook server in the U.S. and stored there. If you are logged into Facebook, Facebook can immediately assign your visit to our website to your Facebook profile.
If you interact with the plug-ins, for example by clicking the “Like” button (second click), this information will also be sent directly to a Facebook server and stored there. The information will also be posted on your Facebook profile and displayed to your Facebook friends.
For the purpose and scope of the data collection and the further processing and use of that data by Facebook, as well as your rights related thereto and settings options to protect your privacy, you can refer to Facebook’s privacy policy.
If you do not want Facebook to directly associate the information gathered from your visit to our website with your Facebook profile, you must log out of Facebook before visiting our website.
3.5. Customer Account
In order to provide you with the greatest possible ease while shopping, we offer you the option to permanently store your personal data in a password-protected customer account. The creation of a customer account is voluntary and is contingent on your consent in accordance with Article 6 (1) (a) GDPR. After setting up a customer account, no repeated data entry is necessary. You can also view and change the data stored in your customer account at any time.
In addition to the data requested from you while placing an order, you must provide a self-chosen password in order to set up a customer account. This, together with your email address, will be used to access your customer account. Please treat your personal access data confidentially and, in particular, do not make it accessible to unauthorized third parties. We cannot accept liability for misused passwords provided we are not responsible for the misuse. Please note that after leaving our website, you will remain logged in unless you actively log out. You have the option to delete your customer account at any time. Please note, however, that this does not mean that the data in the customer account shall be deleted, as we are bound by statutory retention periods.
After pressing the appropriate button you will be forwarded to Facebook, Instagram or Pinterest. If you are not logged in, please log in and confirm, that annamaratti.com is allowed to get access to your personal data.
Which of my personal data will be stored?
The following personal data will be transmitted to us, which we use for registration purposes:
•Facebook: surname, forename, e-mail-address, gender, date of birth, Facebook ID
•Google: surname, forename, e-mail-address, Google-ID
•Pinterest: e-mail-address, Pinterest ID
•Instagram-email address,
What happens after my account was connected?
If you already have a annamaratti.com account with the same e-mail address as on Facebook, Google, Pinterest or Instagram, you are now logged in and you can shop online.
If you don’t have an account with the e-mail address that is registered on Facebook, Google you will be forwarded to our registration page. The received data are already filled into the registration form. After the completion of the data, which are necessary to register and by clicking “continue” your account will be created and you can start shopping on annamaratti.com
How can I delete the connection?
If you want to disconnect your annamaratti.com account, please visit Facebook, Google, Pinterest or Instagram and configure it under “settings – apps”.
After deleting the connection you can log in with your former password, unless you have already had an account. Alternatively you can request a new password by using our “Son of a bee sting. I forgot my password” function.
You can draw further information regarding Facebook login and Facebook privacy settings here: terms and policies and data policy.
3.6. Contact per Email
Due to legal regulations, our website contains information that allows you to quickly contact our company and to communicate with us directly. If you contact us by email, via our contact form or by using the feedback button integrated on our site, the personal data you provide will be automatically saved. These include:
•your name,
•your email address,
•your IP-Address, and
•your message.
Such personal data transmitted by you to us on a voluntary basis will be stored for the purpose of contacting you or processing. No disclosure of this personal data to third parties shall take place. The processing of your personal data is carried out in accordance with Art. 6 (1) (b) GDPR.
3.7. Blog
In our blog, we offer you the opportunity to leave comments on individual blog posts. A blog is a web-based, usually publicly-accessible portal in which one or more people, called bloggers or web bloggers, can post articles or record their thoughts in so-called blog posts.
If you comment on a post in our blog, your comments, as well as the time of your comment and the username (pseudonym) you’ve chosen, will be saved and published. Your IP address will also be saved. The storage of your IP address is done for security reasons and in the event that you violate the rights of third parties or post illegal content. The use of your email address is intended, in the case of a Sweepstakes or Giveaway, to inform that you’ve won, and also to protect us against automated spam comments.
Your personal data shall not be disclosed to third parties unless such a disclosure is required by law or for our legal defence. Processing takes place in accordance with Article 6 (1) (c) and (f) GDPR.
4. Communication with Recipients outside of the EU
With the exception of points 3.4.5., 3.6., 3.7. and 3.9., we do not disclose your data to recipients based outside the European Union or the European Economic Area. The processes mentioned under points 3.4.5., 3.6., 3.7. and 3.9. cause a transmission of data to be made to the servers of contractors appointed or used by us. These servers are located in the U.S.. The transmission of data takes place in compliance with the principles of the “Privacy Shield”, as well as on the basis of the EU Standard Contractual Clauses (SCCs).
5. Your Rights
5.1. Overview
In addition to the right to revoke the consent you granted to us, you are entitled to the following additional rights, subject to applicable law:
•You have the right to information about your personal data stored by us in accordance with Art. 15 GDPR. In particular, you are entitled to information about processing purposes, the category of personal information, the categories of recipients to whom your information has been disclosed, the projected retention period of your data, and the source of your data, if not collected directly from you.
•You have the right to rectification, i.e. the right to correct inaccurate data or to complete correct, yet incomplete, data in accordance with Art. 16 GDPR.
•You have the right to erase your personal data stored by us in accordance with. Art. 17 GDPR, except insofar as required by statutory and/or contractual retention periods. Other statutory obligations and/or rights for further storage are also to be observed.
•You have the right to restrict the processing of your data in accordance with Art. 18 GDPR, provided that (1) the processing is unlawful and you oppose the erasure of the personal data, and instead request the restriction of their use, (2) the person responsible for the data no longer needs it, but you need it for the establishment, exercise or defense of legal claims, or (3) you have objected to processing in accordance with Art. 21 GDPR.
•You have the right to data portability in accordance with Art. 20 GDPR, i.e. You have the right to receive selected data concerning yourself, which you have provided to us, in a commonly-used, machine-readable format or to request to have the personal data transmitted directly from one controller to another.
•You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your place of residence or work, or of our company headquarters.
5.2. Right to Object
Under the conditions of Article 21 (1) GDPR, data processing can be objected to for reasons related to the concerned person’s particular situation.
The aforementioned general right to object applies to all processing purposes described in this Privacy Policy, which are handled on the basis of Article 6 (1) (f) GDPR. Unlike the special right to object to data processing for commercial purposes (see point 3.3.4.), according to the GDPR, we are only obligated to execute such a general objection if you can provide us with reasons of overriding importance (e.g. possible threat to life or health). Furthermore, it is possible to contact the supervisory authority responsible for Maratti-collection.com or our data protection officer (see Section 2).
6. Data Security Measures
All of the personal data that you share with us, including your payment details, is transmitted via the general, commonly used and secure standard SSL (Secure Socket Layer). SSL is a secure and proven Standard, which is also used in online banking, for example. You can recognize a secure SSL connection by, among other things, the added “s” on the http (i.e. “https“) in the address bar of your browser and a padlock icon, which, depending on the browser, used is also typically located near the address bar.
Of course, we take the appropriate technical and organizational security measures to protect your personal data against manipulation, partial or complete loss, and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments