DATA PROTECTION

Privacy policy

1. Access Data and Hosting
2. Data processing for contract processing and contacting
2.1 Data processing for contract processing
2.2 Customer account
2.3 Contact
3. Data processing for the purpose of dispatch processing
Data transfer to shipping service providers for the purpose of shipping announcement
4. Data processing for payment processing
4.1 Data processing for transaction processing
4.2 Data processing for the purpose of fraud prevention and the optimisation of our payment processes
5. Advertising by email
5.1 E-mail newsletter with registration
5.2 Sending review requests by e-mail
6. Social media
6.1 Facebook social buttons (by meta), Instagram (by meta), Pinterest, Whatsapp
6.2 Our online presence on Facebook (by Meta), Instagram (by Meta), Youtube, Pinterest
7. Contact options and your rights
7.1 Your Rights
7.2 Contact options

The controller for the data processing is:

Fink

Nachtigallenweg 4

74906

Email: shop-finkhandmade.de

Phone: +49 7063 3599851

We appreciate your interest in our online shop. The protection of your privacy is very important to us. Below we will inform you in detail about the handling of your data.

1. Access Data and Hosting

You can visit our websites without providing any personal information. Each time a website is called up, the web server only automatically stores a so-called server log file, which, for example, contains the name of the requested file, your IP address, the date and time of the retrieval, the amount of data transferred and the requesting provider (access data) and documents the retrieval. These access data are evaluated exclusively for the purpose of ensuring trouble-free operation of the site and the improvement of our offer. This serves to safeguard our legitimate interests in a correct presentation of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. All access data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes.

The services for hosting and presenting the website are partly provided by our service providers in the context of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in the forms provided on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

Our service providers sit and/or use servers in the following countries, for which the European Commission has determined an appropriate level of data protection by decision: Israel, United Kingdom, USA.

The adequacy decision for the USA shall be deemed to be the basis for third country transmission, provided that the respective service provider is certified. A certification is available.

Our service providers are sitting and/or use servers in these countries: Brazil, Mexico, India, Ukraine.
There is no adequacy decision by the European Commission for these countries. Our cooperation with you is based on these guarantees: standard data protection clauses of the European Union.

2. Data processing for contract processing and contacting

2.1 Data processing for contract processing

For the purpose of contract processing (incl. Requests for and processing of any existing warranty and service disturbance claims as well as any statutory updating obligations) in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us in the context of your order. Mandatory fields are identified as such, since in these cases we absolutely need the data for contract processing and we cannot send the order without the specification. Which data is collected can be seen from the respective input forms.

Further information on the processing of your data, in particular for the disclosure to our service providers for the purpose of ordering, payment and shipping processing, can be found in the following sections of this privacy policy. After completion of the contract, your data will be restricted for further processing and after expiry of the tax and commercial retention periods in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you expressly in any further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

2.2 Customer account

If you have your consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, by choosing to open a customer account, we use your data for the purpose of opening your customer account and for storing your data for further future orders on our website. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted unless you explicitly use your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

2.3 Contact

As part of customer communication, we collect to process your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, if you voluntarily provide it to us when you contact us (e.g. via contact form, live chat tool or e-mail). Mandatory fields are identified as such, since in these cases we need the data to process your contact. Which data is collected can be seen from the respective input forms. After completion of your request, your data will be deleted unless you expressly in any further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

3. Data processing for the purpose of dispatch processing

For the fulfilment of the contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

Data transfer to shipping service providers for the purpose of shipping announcement

If you have given us your express consent to this during or after your order, we give us thereof pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, you will forward your e-mail address and telephone number to the selected shipping service provider so that they can contact you before delivery for the purpose of delivery announcement or coordination.
The consent can be revoked at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to further data use, which is permitted by law and about which we inform you in this declaration. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

United Parcel Service Germany S.Ã r.l. & Co. OHG
Görlitzer Strasse 1
41460 Neuss
Germany

DHL Parcel GmbH
Road route 10
53113 Bonn
Germany

DPD Germany GmbH
Wailandt Street 1
63741 Aschaffenburg
Germany

4. Data processing for payment processing

When processing payments in our online shop, we work with these partners: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction processing

Depending on the selected payment method, we pass on the data necessary for the processing of the payment transaction to our technical service providers who are active for us in the context of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for the processing of the payment. This serves to fulfil the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In part, the payment service providers collect the data required for the processing of the payment themselves, e.g. on their own website or via a technical integration in the ordering process. The privacy policy of the respective payment service provider applies in this respect.
If you have any questions about our payment processing partners and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

4.2 Data processing for the purpose of fraud prevention and the optimisation of our payment processes

If necessary, we may provide our service providers with further data, which they, together with the data necessary for the processing of the payment as our processors for the purpose of fraud prevention and the optimisation of our payment processes (e.g. Use invoicing, processing of contested payments, support of accounting). This is done according to Art. 6 para. 1 sentence 1 lit. f GDPR, the protection of our legitimate interests in our protection against fraud or in an efficient payment management system, which are overriding in the context of a balancing of interests.

5. Advertising by email

5.1 E-mail newsletter with registration

When you subscribe to our newsletter, we will use the data required or separately provided by you to regularly our e-mail newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time and can be done either by sending a message to the contact option described below or via a link provided in the newsletter. After unsubscribing, we will delete your e-mail address from the recipient list, unless you expressly regarding further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

Our service providers sit and/or use servers in the following countries, for which the European Commission has determined an appropriate level of data protection by decision: Israel, United Kingdom, USA.

The adequacy decision for the USA shall be deemed to be the basis for third country transmission, provided that the respective service provider is certified. A certification is available.

Our service providers are sitting and/or use servers in these countries: Brazil, Mexico, India, Ukraine.
There is no adequacy decision by the European Commission for these countries. Our cooperation with you is based on these guarantees: standard data protection clauses of the European Union.

5.2 Sending review requests by e-mail

If you give us your express consent to this during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we use your e-mail address for the request to submit an evaluation of your order via the rating system we use. This consent can be revoked at any time by sending a notice to the contact option described in this privacy policy or via a link provided for this purpose in the rating request. After the withdrawal of your consent, we will delete your e-mail address from the recipient list, unless you expressly in a further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

Use of Wix statistics for web analysis

For the purpose of website analysis, technologies of Wix Ldt., 40 Nemal St., Tel Aviv 6350671, Israel (“Wix”) data (IP address, time of visit, device and browser information, location information and information about your use of our website) are automatically collected and stored using usage profiles, from which usage profiles are created using pseudonyms. Cookies can be used for this purpose. The pseudonymised user profiles are not merged with personal data about the bearer of the pseudonym without a separate, express consent. Wix is active for us on our behalf.

6. Social media

6.1 Facebook social buttons (by meta), Instagram (by meta), Pinterest, Whatsapp

Social buttons from social networks are used on our website. These are only included in the page as HTML links, so that when our website is accessed, no connection with the servers of the respective provider is established. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser There, you can click on the Like or Share button, for example.

6.2 Our online presence on Facebook (by Meta), Instagram (by Meta), Youtube, Pinterest

If you have your consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO, your data for market research and advertising purposes are automatically collected and stored when visiting our online presence on the above-mentioned social media, from which user profiles are created using pseudonyms. These can be used, e.g. To place advertisements inside and outside the platforms that are presumably in line with your interests. Cookies are usually used for this purpose. The detailed information on the processing and use of the data by the respective social media operator as well as a contact option and your rights in this regard and setting options for protecting your privacy, please refer to the data protection information of the providers linked below. Should you still need help in this regard, you can contact us.

Facebook (by Meta) is an offering of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transmitted to a Meta Platforms, Inc. server, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. The data processing as part of the visit of a Facebook (by Meta) fan page is carried out on the basis of an agreement between jointly controllers in accordance with Art. 26 GDPR. Further information (Information on insights data) can be found here.

Our service providers sit and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA shall be deemed to be the basis for third country transmission, provided that the respective service provider is certified. A certification is available.

Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on these guarantees: standard data protection clauses of the European Commission.

Instagram (by Meta) is an offering of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is usually transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, Menlo Park, California 94025, USA and stored there. Data processing as part of the visit of an Instagram (by Meta) fan page is carried out on the basis of an agreement between jointly responsible persons in accordance with Art. 26 GDPR. Further information (Information on insights data) can be found here.

The adequacy decision for the USA shall be deemed to be the basis for third country transmission, provided that the respective service provider is certified. A certification is available.

Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
There is no adequacy decision by the European Commission for these countries. Our cooperation with you is based on these guarantees: standard data protection clauses of the European Commission.

YouTube is an offer of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information collected automatically by Google about your use of our online presence on YouTube is usually transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there.

Our service providers sit and/or use servers in countries outside the EU and EEA, for which the European Commission has determined an adequate level of data protection by decision.

Our service providers are located and/or use servers in countries outside the EU and EEA. There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on standard data protection clauses of the European Commission.

Pinterest is an offer from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). The information collected automatically by Pinterest about your use of our online presence on Pinterest is usually transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA and stored there.

Our service providers sit and/or use servers in countries outside the EU and EEA, for which the European Commission has determined an adequate level of data protection by decision.

7. Contact options and your rights

7.1 Your Rights

As a data subject you have the following rights:

according to Art. 15 GDPR, you have the right to request information about your personal data processed by us to the extent specified therein;
according to Art. 16 GDPR, the right to demand the immediate correction of incorrect or completion of your personal data stored by us;
according to Art. 17 GDPR, you have the right to demand the deletion of your personal data stored by us, unless the further processing is used
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation;
- for reasons of public interest or
- is necessary for the establishment, exercise or defence of legal claims;
according to Art. 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as
- the accuracy of the data is disputed by you;
- the processing is unlawful, but you reject its deletion;
- we no longer need the data, but you need it to assert, exercise or defend legal claims or
- You as per Art. 21 GDPR have objected to the processing;
according to Art. 20 GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request its transfer to another controller;
according to Art. 77 GDPR, the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

Right of objection

Insofar as we process personal data as explained above in order to safeguard our legitimate interests, as explained above, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. Insofar as the processing is carried out for other purposes, you are only entitled to object if there are reasons arising from your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.

This does not apply if the processing is carried out for direct marketing purposes. Then we will not process your personal data for this purpose.

7.2 Contact options

If you have any questions about the collection, processing or use of your personal data, information, correction, restriction or deletion of data as well as revocation of granted consent or objection to a specific use of data, please contact us directly using the contact details in our imprint.