Privacy Policy

DATA PROTECTION
INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we inform you about the handling of personal data when using our website. Personal data includes all data with which you can be personally identified.

1.2 The controller for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Grace & Lily’s Boutique, who is responsible for processing. The controller for personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (such as orders or inquiries to the responsible person). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser bar.

  1. DATA COLLECTION WHEN VISITING OUR WEBSITE

When you use our website for informational purposes only, without registering or providing information in any other way, we only collect the data that your browser sends to our server (server log files). When you visit our website, we collect the following data, which is technical and necessary to display the website to you: the website visited, date and time of access, amount of data sent in bytes, source/reference from which you accessed the page, browser used, operating system used, IP address used (possibly anonymized). Processing is carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way, but we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

  1. COOKIES

To make your visit to our website attractive and to enable the use of certain functions, we use various types of cookies on different pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., when you close your browser (session cookies). Other cookies remain on your device and allow us or our partner companies to recognize your browser on your next visit (persistent cookies). These persistent cookies are automatically deleted after a specified period, which may vary depending on the type of cookie. Some cookies are used to store settings and simplify the ordering process (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If cookies process personal data implemented by us, this is done in accordance with Article 6(1)(b) of the GDPR to fulfill the contract, or in accordance with Article 6(1)(f) of the GDPR to protect our legitimate interests in providing the best possible functionality of the website and a customer-friendly and effective design of page visits.

We may collaborate with advertising partners to make our website more interesting for you. When you visit our website, cookies from partner companies may also be stored on your device (third-party cookies). If we collaborate with advertising partners, you will be informed about the use of such cookies and the scope of the information collected in the following paragraphs, where you will be individually and separately informed.

Please note that you can set your browser to inform you about the setting of cookies and individually decide whether to accept them, or you can disable the acceptance of cookies for specific cases or in general. The way in which cookie settings are managed varies by browser and is described in the help menu of each browser, explaining how to change your cookie settings. You can find this information for each browser via the following links: Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies, Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences, Chrome: https://support.google.com/chrome/answer/95647?hl=en, Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac, Opera: https://help.opera.com/en/latest/web-preferences/#cookies. Please note that if you do not accept cookies, the functionality of our website may be limited.

  1. CONTACT US

When you contact us (e.g., via the contact form or email), we collect personal data. The specific data collected via a contact form can be found in the respective form. This data is used solely to respond to your request and for associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request, in accordance with Article 6(1)(f) of the GDPR. If your contact is related to concluding a contract, Article 6(1)(b) of the GDPR also applies as the legal basis for processing. Your data will be deleted once your request has been fully processed, which occurs when the matter is clarified, and there is no legal obligation to retain the data to the contrary. Contact email: info@gracelilysboutique.com.

  1. DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT EXECUTION

In accordance with Article 6(1)(b) of the GDPR, personal data is still collected and processed when you provide it to us for the execution of a contract or to open a customer account. The specific data collected is determined based on the information you provide via the relevant input forms. You can have your customer account deleted at any time by sending a message to info@gracelilysboutique.com. We store and use the data you provide for the processing of the contract. Once the contract has been fully executed or your customer account has been deleted, your data will be processed for tax and accounting purposes. Commercial law retention periods are observed, and your data will be deleted once these periods have expired, unless you expressly consent to further processing of your data or further processing is permitted by law.

  1. USE OF YOUR DATA FOR DIRECT ADVERTISING

6.1 Registration for our email newsletter: When you subscribe to our email newsletter, we regularly send you information about our offers. The only mandatory data for sending the newsletter is your email address. Any additional data may be voluntarily provided and used to address you personally. For sending the newsletter, we use the double-opt-in procedure. This means that we only send you an email newsletter after you have explicitly confirmed that you agree to receive it. We will then send you a confirmation email with a link to confirm that you want to receive the newsletter. By clicking the confirmation link, you give us permission to use your personal data, in accordance with Article 6(1)(a) of the GDPR. When you subscribe to the newsletter, we store your data, including the IP address from which you registered, as well as the date and time of registration, to prevent any future misuse of your email address. The data collected during your subscription to the newsletter is used solely for advertising purposes via the newsletter. You can unsubscribe from the newsletter at any time via the link in the newsletter or by sending a message to info@gracelilysboutique.com. Once you unsubscribe, your email address will be immediately removed from our newsletter distribution list, unless you expressly agree to further use of your data or further processing is permitted by law.

6.2 Sending the email newsletter to existing customers: If you have provided us with your email address when purchasing goods or services, we reserve the right to send you offers for similar goods or services to those you have already purchased from us. No separate consent is required for this form of direct advertising from you. The processing of your data is based solely on our legitimate interest in personalized direct advertising, as intended in Article 6(1)(f) of the GDPR. If you object to the use of your email address for this purpose, we will refrain from sending emails. You have the right to object at any time to the use of your email address for direct marketing in the future by notifying the controller as previously mentioned.

  1. DATA PROCESSING FOR ORDER PROCESSING

7.1 The personal data we collect is processed as part of the contract processing with the transport company responsible for delivery, as far as necessary for the delivery of the goods. Your payment details will be passed on to the respective credit institution for payment processing, if necessary. If payment service providers are used, explicit information will be provided. The legal basis for data transfer is Article 6(1)(b) of the GDPR.

7.2 Use of payment service providers (payment service providers): PayPal When paying via PayPal, credit card via PayPal, direct debit via PayPal, or - if offered - "purchase on account" or "installment payment" via PayPal, your payment data will be transmitted to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transmission takes place in accordance with Article 6(1)(b) of the GDPR and only to the extent necessary for payment processing. PayPal reserves the right to conduct a credit check when paying by credit card via PayPal and by direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data will be used if necessary, in accordance with Article 6(1)(f) of the GDPR based on PayPal's legitimate interest in passing it on to credit agencies to determine your creditworthiness. The results of the credit check, including score values, are used by PayPal to decide on offering the respective payment method. More information on data protection, including the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/en/webapps/mpp/ua/privacy-full. You can object to this processing of your data at any time by sending a message to info@gracelilysboutique.com.

SOFORT If you select the "SOFORT" payment method, the payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"). We will pass on your data to SOFORT as part of the information provided during the ordering process, as well as information about your order, in accordance with Article 6(1)(b) of the GDPR. Your data will be passed on to SOFORT solely for the purpose of payment processing and only to the extent necessary for this purpose. More information can be found in SOFORT's privacy policy: https://www.klarna.com/sofort/datenschutz.

  1. CONTACT FOR REVIEW REMINDER

If you have expressly consented during or after your order, we will use your email address for a one-time reminder to send an email asking you to review your order via the review system we use, in accordance with Article 6(1)(a) of the GDPR. You can revoke your consent at any time by sending a message to info@gracelilysboutique.com.

  1. USE OF SOCIAL MEDIA: SOCIAL PLUGINS

9.1 Facebook plugins with Shariff solution: Our website uses so-called social plugins ("plugins") from the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). To enhance the protection of your data when visiting our website, these buttons are not displayed as complete plugins but are only integrated as an HTML link on the page. This integration ensures that when you visit a page on our website with such buttons, no connection is made to the Facebook servers yet. However, when you click the button, a new browser window opens, and you will have access to the Facebook page, where you can interact with the plugins there (possibly after entering your login details). Facebook Inc., located in the USA, is responsible for complying with the EU-US Privacy Shield agreement, which ensures compliance with data protection standards in the EU. For more information about the purpose and scope of data collection, further processing and use of data via Facebook, as well as your rights in this regard and setting options to protect your privacy, please refer to Facebook's privacy policy: https://www.facebook.com/policy.php

9.2 Google+ plugins as Shariff solution: Our website uses so-called social plugins ("plugins") from the social network Google+, operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). To enhance the protection of your data when visiting our website, these buttons are not displayed as complete plugins but are only integrated as an HTML link on the page. This integration ensures that when you visit a page on our website with such buttons, no connection is made to the servers of Google+. When you click the button, a new browser window opens, and the Google+ page opens, where you can use the plugins there (possibly after entering your login details). Google LLC, located in the USA, is responsible for complying with the US-European data protection agreement "Privacy Shield", which ensures compliance with data protection standards in the EU. For more information about the purpose and scope of data collection, further processing and use of data via Google, as well as your related rights and setting options to protect your privacy, please refer to Google's privacy policy: https://www.google.com/intl/en/policies/privacy/

9.3 Instagram plugin as Shariff solution: Our website uses so-called social plugins ("plugins") from the online offering Instagram, operated by Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram"). To enhance the protection of your data when visiting our website, these buttons are not displayed as complete plugins but are only integrated as an HTML link on the page. This integration ensures that when you visit a page on our website with such buttons, no connection is made to the servers of Instagram. When you click the button, a new browser window opens, and you will have access to the Instagram page, where you can use the plugins there (possibly after entering your login details). Instagram LLC, located in the USA, is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with data protection standards in the EU. For more information about the purpose and scope of data collection, further processing and use of data via Instagram, as well as your rights in this regard and setting options to protect your privacy, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/

  1. ONLINE MARKETING

10.1 DoubleClick by Google: This website uses the online marketing tool DoubleClick by Google from the operator Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick"). DoubleClick uses cookies to display ads that are relevant to users, to improve campaign performance reporting, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being displayed multiple times. The processing is carried out based on our consent and our interest in optimal marketing of our website in accordance with Article 6, paragraph 1, letter f GDPR. Additionally, DoubleClick may use cookie IDs to register conversions related to ad requests. This occurs, for example, when a user views a DoubleClick ad and later visits the website with the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain personal information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by the use of this tool by Google and will therefore inform you to the best of our knowledge: By integrating DoubleClick, Google receives information that you have visited the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or not logged in, there is a possibility that the provider will obtain and store your IP address. If you object to participation in this tracking process, you can disable conversion tracking cookies by setting your browser to block cookies from the domain www.googleadservices.com. This setting will be deleted when you delete your cookies. You can also contact the Digital Advertising Alliance at the website address www.aboutads.info for information on setting cookies and preferences. Finally, you can set up your browser to notify you about setting cookies and decide on an individual basis whether to accept or exclude cookies for specific cases or in general. However, not accepting cookies may limit the functionality of our website. Google LLC, based in the USA, is certified under the EU-US Privacy Shield agreement, which guarantees compliance with EU data protection standards. For more information, please refer to the DoubleClick by Google Privacy Policy: https://www.google.de/policies/privacy/

10.2 Use of Google AdWords Conversion Tracking: In this context, this website uses the online advertising program "Google AdWords" from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use the Google AdWords service to use advertising material (so-called Google AdWords) to draw attention to our attractive offers on external websites. We can determine how successful the advertising campaigns are in relation to the data of individual advertising measures. We use this to pursue your interest in ads, display information that is relevant to you, make our website more interesting for you, and achieve a fair calculation of advertising costs. The conversion tracking cookie is set when a user clicks on an AdWords ad on a Google website. Cookies are small text files stored on your computer system. These cookies usually expire after 30 days and are not used for personal identification. If a user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Therefore, cookies cannot be tracked via the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who are interested in conversion tracking and have decided to track conversions. However, customers do not receive any information that can be used to personally identify users. If you do not want to participate in tracking, you can prevent this by disabling the Google Conversion Tracking cookie through your internet browser settings. You will then not be included in the conversion tracking statistics. We use Google AdWords based on our legitimate interest in targeted advertising in accordance with Article 6, paragraph 1, letter f GDPR. Google LLC, based in the USA, is responsible for the EU-US Privacy Shield and is certified, which guarantees compliance with applicable EU data protection regulations and standards. For more information, please visit the following website: Google Privacy Policy: https://www.google.de/policies/privacy/. You can permanently disable cookies for ad preferences by clicking this link or by adjusting your browser software accordingly. Please note that certain features of this website may not work or may only be used to a limited extent if you opt out of using cookies.

  1. WEB ANALYSIS SERVICES Google (Universal) Analytics

  • Google Universal Analytics: This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Due to the activation of IP anonymization on this website, Google truncates your IP address beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage. The IP address transmitted by your browser is not combined with other Google data. You can prevent the storage of cookies by a corresponding setting in your browser software; however, we point out that in this case, you may not be able to use all functions of this website to the full extent. Additionally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout. Google Analytics is used based on our legitimate interest in the analysis and optimization of the website in accordance with Article 6(1)(f) of the GDPR.

  1. RIGHT TO INFORMATION, DELETION, AND CORRECTION

12.1 You have the right to obtain information about your stored personal data at any time and, if necessary, to request the correction, deletion, or restriction of the processing of your data. You also have the right to request a copy of the personal data processed by us.

12.2 You can exercise these rights by contacting info@gracelilysboutique.com.

  1. DATA RETENTION

We store personal data only for as long as necessary for the purposes for which it is processed, for tax and commercial retention obligations, or as legally required. Once the respective retention period expires or the purpose no longer applies, the data is routinely deleted unless consent has been given for further use.

  1. CHANGES TO OUR PRIVACY POLICY

We reserve the right to update this Privacy Policy at any time. The current version can always be found on our website. We recommend that you check our Privacy Policy regularly.

Contact email for questions regarding data protection: info@gracelilysboutique.com