DATA PROTECTION DECLARATION
1. What personal information do we collect from you?
Personal data is any information relating to an identified or identifiable natural person given to us by you or that arises or is collected by us. This can include:
Registration data: When you order goods through our online shop, you can register and open a customer account. When you register, you must enter your name and contact information (e.g. your address, telephone number, e-mail address) and set a password.
Order data in the online shop: If you order goods through our online shop (using a customer account or as a guest), we process the data entered by you, the data about your person (in particular delivery addresses and payment data) as well as the information provided to you by us. We also collect information about the time, scope and, if necessary, the location of your order.
Other content data: If you use other services on our website, e.g., fill out contact forms, sign up for newsletters, participate in contests or post a comment on our blog, we process the content data you provide and the information we make available to you.
Usage data: We create user profiles under a pseudonym based on how you use our website, which we then use to track how our website is used.
Server log data: When you use our websites, data (such as your IP address, browser type and version, device type and operating system, the date and time of your visit as well as the pages you accessed and the files you requested) are temporarily stored in a log file on our servers.
2. What is the purspose and legal basis for processing your personal data and how long is it stored?
2.1 Your customer account
When you register for a personal customer account, we process the registration data to set up and manage your customer account and process future orders. As a registered customer, you have access to your personal customer account (using your email address and password created by you), in which you can view your order history and save and change your personal settings (e.g. password settings, newsletter settings, invoice and delivery settings).
The legal basis for processing is our legitimate interest according to Art. 6 (1) (f) GDPR to provide you with the service of a "customer account" as described above respectively for the purpose of performance of the user contract with you (Art. 6 (1) (b) GDPR).
This data will be deleted if the registration on our website or the customer account is cancelled or changed.
You may object to the processing of your data on the basis of Art. 6 (1) (f) GDPR unless we can prove compelling reasons for the processing to continue. However, we will not do this for a customer account. In this case, the following applies: The customer account must then be deleted and is no longer available to you. Please note that we may store the data concerning the orders that are visible in your customer account for a longer period of time (see 2.2).
2.2 Your orders
We use your order data (such as your name, address, e-mail address, delivery preferences and other information pertaining to your order) to process the order and to deliver the goods you ordered. In addition, depending on the payment method you have selected, either we or payment service providers commissioned by us (see Section 3.2.1) process the payment information required by the respective payment method. For example, we store IBAN and BIC ourselves, while payment service providers store your credit card number, Paypal account details, etc.).
The legal basis for processing is the conclusion and performance of the sales contract for the purchased goods, Art. 6 (1) (b) GDPR.
This data will be deleted when it is no longer required for contract management (including customer service and warranty), unless we are legally obliged to store it, e.g. due to the legal obligation to retain data for commercial or tax-based reasons.
2.3 Your enquiries
If you send us enquiries using a contact form, via e-mail or by phone, we will process the information you provide in order to answer your query as well as your IP address and the date/time of the enquiry to prevent misuse of the contact form.
The legal basis for processing is our legitimate interest (Art. 6 (1) (f) GDPR) to provide you with the “enquiries" service described above. If your enquiry concerns the initiation or performance (including customer service or warranty) of a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
You can object to the processing of your data on the basis of Art. 6 (1) (f) GDPR. We can then continue processing if there are compelling reasons for processing. This may be necessary in order to provide evidence for enquiries from you and past communication with you. If there are no such compelling reasons, we will stop communicating with you and delete the data that has been collected.
This data will be deleted when our communication with you has been terminated, i.e. when the relevant facts have been clarified and no further legitimate interests exist for storage or no further legal obligations exist for storage.
If you take part in one of our contests, we use your data (e.g. name, e-mail address) to carry out the contest, for information purposes and to send you a prize, if applicable.
The legal basis for the processing is the consent you have given when participating in the contest (Art. 6 (1) (a) GDPR). Your data will be deleted when the contest is over and the prizes have been distributed. Your data will be used for other purposes, e.g. advertising, only if you have explicitly given your consent.
We would also like to use the data you have entered or accrued when using the websites to inform you about our products and services (advertising) or to improve our offerings and services (product development).
On our website, you can subscribe to a free newsletter. The data collected during registration will be processed (the data displayed as mandatory fields are absolutely necessary for receipt of the newsletter, while voluntary data fields are only used for a more personal form of address and selecting the information displayed).
We will contact you by e-mail with information, special sales and offers for loredani.com services tailored to you and your interests on the basis of either your explicit consent or - if you purchase similar goods or services from us and store your e-mail address here - even without your extra consent. We process data about your usage behaviour after we have sent you e-mails (e.g. click behaviour).
We will contact you by telephone only with your express consent to provide you with information, special sales and offers for loredani.com services tailored to your personal interests or usage of our site.
We will contact you by post with advertisements in written form, even without your consent, to the extent permitted by law for loredani.com services.
You can object to the use of your personal data for purposes of advertising and product development as well as the establishment of contact for this purpose in whole or in part at any time or withdraw any consent you have given. Please use the corresponding options provided for you (e.g. the unsubscribe link in your personal customer account) or contact our data protection officer via e-mail or in writing (keyword: data protection) using the contact information specified under section 8.
The legal basis for processing is your consent (Art. 6 (1) (a) GDPR) and our legitimate interests (Art. 6 (1) (f) GDPR) in conjunction with § 7 (3) of the German Act against Unfair Competition (UCA), if applicable.
This data will be deleted or stored only in aggregated, anonymous form after your objection or withdrawal of any consents you have given or after cessation of use by us at the very latest. If necessary, we will store the data of your objection in order to prevent further contact with you.
2.6 Providing the best website and services
The processing of server log data is necessary for technical reasons in order to provide the websites and services and in order to ensure system security thereafter.
The legal basis for processing is our legitimate interest in providing the website and our services (Art. 6 (1) (f) GDPR). The processing is absolutely necessary for the use of our website, and there is no right to object.
This data will be deleted after 12 days at the very latest.
The server log data may then be analysed anonymously for statistical purposes and to improve the quality of our website. The server log data is not linked to your personal data, nor will it be merged with other personal data sources.
3. Data transfer
3.1 Data transfer to processors
In some cases, we employ service providers in compliance with legal requirements for order processing, i.e. on our behalf, in accordance with our instructions and under our control.
§ technical service providers we use to provide the website, e.g. service providers for software maintenance, data centre operation and hosting
§ technical service providers we use to provide functionalities, e.g. essential cookies for technical purposes.
§ service providers for the practical implementation of advertising and marketing, e.g. service providers for e-mail and analytics cookies.
In these cases, we remain responsible for data processing; the transfer and processing of personal data to or by our processors rests on the legal basis that allows us to process the data in each case. A separate legal basis is not required.
3.2 Data transfer to third parties
In some cases, we also transfer your data to third parties, i.e. to partners with whom we cooperate outside of commissioned processing. Such partners provide their services and are as such the responsible parties. For the processing of your data by partners, only their data protection policy applies.
3.2.1 Payment service providers
To process your orders, we send payment information to payment service providers who then process the payment transactions associated with the orders. These include PayPal and your financial institution. The legal basis for the transmission is the performance of the contract with you, Art. 6 (1) (b) GDPR.
3.2.3 Logistics companies
For the transport of goods, we transfer your address and contact data, when necessary, to parcel delivery companies. The legal basis for the transmission is the performance of the contract with you, Art. 6 (1) (b) GDPR.
3.2.4 Social Networks
If you wish to share one of our websites on a social network (e.g. Facebook or Twitter) by clicking on one of our "Share" buttons, this information will be transferred to the social network. This assumes that you are logged in to the social network. The legal basis for the transmission is our legitimate interest in offering you the possibility of “sharing", Art. 6 (1) GDPR.