Status: December 2020
Alicia Ephan, Juliusstraße 64, 12051 Berlin, info(at)ephan.eu, +49 03 68985379
2. Legal basis on which personal data are processed
Personal data is processed in accordance with the requirements of the European Data Protection Regulation (DS-GVO) and the German Federal Data Protection Act (BDSG).
For the respective services offered on this website, I collect different data from you:
- Contact details (e.g. name, address, e-mail, telephone number)
- Contract data (e.g. subject of the contract, delivery and invoice address)
- Payment data (e.g. bank details, payment method)
- Communication data (e.g. by telephone, e-mail, contact form, ratings, comments)
- Usage data (e.g. interest in content)
According to Art. 6 DS-GVO, data may be processed in the public interest, on the basis of consent and for the fulfillment of contractual obligations or pre-contractual measures. Data is also collected if it is necessary to protect the legitimate interests of the controller or a third party, provided that the interests and fundamental freedoms of the data subject, which require the protection of personal data, do not prevail. A legitimate interest exists in particular in the case of the establishment of a contract with economic obligations, such as the conclusion of a sales contract.
3. Data collected and processed during visits to the Internet site
Log files and device information that your browser automatically transmits to our web server include data on:
- Your IP address
- the date and time of the request
- the requested URL (concrete page)
- Access status/HTTP status code
- the amount of data transferred in each case
- the website from which the request comes (referrer URL)
- the browser type and browser language setting
- the time zone difference from Greenwich Mean Time (GMT)
- the exact content of the requirements (the specific page)
- the source/website from which the requests come from
- Your used browser
- the operating system used, as well as its interface
- the language and version of your browser software
The aforementioned data ("server log files") are technically necessary to display the Internet pages to you.
The processing is carried out for the evaluation of system security and stability, other administrative purposes, to ensure a smooth connection of the Internet pages and to ensure a comfortable use of the pages of this website. Your data will not be used to draw conclusions about your person.
4. Data collected and processed during the use of the online store.
If you have an inquiry or order goods, certain data from you will be required and processed, such as information about the order you have selected or made, your address and e-mail address and the selected payment method. An indication about a telephone number is also necessary to enable a faster contact.
You can voluntarily create a customer account, under which your data can be stored for further purchases. Should you create a customer account, the data you provide will be stored revocably for the period of existence of the customer account (Art. 6 para. 1 a) DS-GVO.
According to Art. 6 para. 1 c) and f) DS-GVO your data will be used for the execution of the contract, depending on the desired method of payment for a pre-contractual review and for a possible processing of warranty claims.
Necessary data about you or your order will also be passed on to service providers used (such as logistics companies, payment intermediaries). Depending on the selected payment method, credit checks may also be performed. The acceptance of orders may not be offered at all or only under limited selection in the payment methods if the personal data is not accurate
Your data will be transmitted to my IT system.
Your data will also be processed to inform you about other interesting products or to contact you on specific occasions, e.g. via the newsletter.
5. Processing of data in the case of requests or communications by mail, by e-mail or via a contact form.
If you have sent inquiries or messages by mail, by e-mail or via a contact form, the inquiry or message, as well as the reply, will be stored as correspondence relating to the respective order or to your customer account within the scope of the retention obligations under commercial and tax law.
If you send other inquiries or messages by mail, e-mail or via a contact form, the personal data contained therein will be used exclusively to respond to your inquiry. Your inquiry and communicated personal data will not be stored afterwards.
Should you have a customer account, you have the possibility to write reviews on the respective products. If you are verified to leave a review, it will be saved and published on the respective product page for everyone to see, stating your name to which the customer account is saved.
With your consent you can subscribe to my newsletter. This functions to inform you about current offers.
I use the double-opt-in procedure for the registration of my newsletter. This means that after your registration you will receive an e-mail to the specified e-mail address, in which I ask for confirmation if you want to receive my newsletter. If you do not confirm your registration after 24 hours, your information will be blocked and automatically deleted after one month. Your IP address, as well as the time and confirmation of the registration will be stored in order to prove your registration or to be able to clarify any misuse of your data..
Your e-mail address is mandatory information for sending the newsletter. Further information about your person is voluntary and serves to address you personally.
Your e-mail address will be stored after your confirmation for the purpose of sending you the newsletter (Art. 6 para. 1 a) DS-GVO.
You can unsubscribe from the newsletter at any time and thus revoke your consent. A link provided in every newsletter e-mail serves this purpose, but you can also request an unsubscription by sending an e-mail to info(at)ephan.eu.
The MailChimp service is used to send and analyze my newsletter. The provider of this service is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. If you have opened an email sent with MailChimp, a file contained in the email (so-called tracking pixel) connects to the servers of MailChimp in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. Technical information is also collected (eg time of retrieval, browser type, IP address and operating system). However, this information cannot be assigned to the respective newsletter recipient. They are used solely for statistical analysis of my newsletter campaigns, so that future newsletters can be better adapted to the interests of the recipients..
7. Transmission of data
Through your order in the webshop, personal data will be forwarded to the shipping company commissioned by me, insofar as this is necessary for the delivery of ordered goods. With the payment, required payment data will be forwarded to the credit institution or payment service provider commissioned by you. Cookies are used when you visit the website. Detailed explanations follow.
In order to run my company economically and in accordance with applicable law, data of customers, interested parties, suppliers and, if necessary, own personnel will be transmitted to authorities in accordance with legal obligations, such as to tax authorities and to external consultants (tax advisors, lawyers, auditors), if necessary.
Your data will only be processed and transferred in a third country (outside the EU) or outside the European Economic Area (EEA) if this is done to fulfill my contractual obligations, on the basis of your consent, legal obligations or legitimate interests.
This website uses Google Maps. If you want to get the embedded Google Map (map) displayed on the contact page, your personal data (IP address) will be sent to Google. Therefore, it is possible that your access to the website can be tracked by Google. However, this will only happen with your explicit consent after clicking on the Maps display link contained in the information box.
8. Duration of data storage
When your session is over, log and device files are automatically deleted.
Your personal data will only be stored as long as it is necessary for the fulfillment of the respective purpose for which you have provided me with your data or for compliance with legal requirements. The legal basis for the corresponding data uses and legal retention period is Art. 6 para. 1 c) DS-GVO
As a matter of routine, corresponding data is deleted when the legal retention period has expired, the data is no longer required for the fulfillment or initiation of a contract and/or there is no legitimate interest on my part in continuing to store it.
The storage time of cookies varies and depends on the type of cookie and your browser settings.
If you request to close your customer account, all data stored about you will be deleted. If a complete deletion of your data is not possible or not required for legal reasons, the relevant data will be blocked for further processing, i.e. access rights to this data will be restricted.
If I still need your data for further contract processing, legal prosecution or legal defense (e.g. complaints), I may refrain from immediately deleting your data in the cases permitted by law, even if your data is not subject to any legal retention obligation. After expiry of the statutory limitation periods, the relevant data will be permanently deleted.
Cookies are used on this website to enable the use of certain functions and to make the website more appealing, user-friendly and effective. These are small text files that are stored on your end device (laptop, tablet, smartphone or similar) when you visit this website.
Transite or session cookies are deleted after you close your browser, i.e. at the end of your session. Persistent cookies, which remain on your terminal device, allow me to recognize your browser on your next visit. Lawful cookies collect and process certain user information such as browser and location data, as well as IP address values to the individually specified extent. Persistent cookies are automatically deleted after a specified duration. This duration varies depending on the cookie..
The processing of personal data by cookies is carried out in accordance with Art. 6 para. 1 f) DS-GVO to protect the legitimate interests in the best possible functionality of this website, as well as an effective and customer-friendly design of the site visit.
Under certain circumstances, I work together with third-party providers who help to make this website more interesting. Therefore, in this case, cookies from third-party providers may also be stored on your terminal device when you visit this website.
You can set your browser so that it informs you about each setting of cookies. Through the settings in your browser, you can also decide on the acceptance of certain cookies or generally exclude them. You can find more information and how to change your cookie settings in the help menu of your browser. You can arrange for the deletion of stored cookies there at any time.
10. Rights of the data subjects
According to the applicable data protection laws pursuant to Art. 15 DS-GVO, you have the right to information about duration, confirmation, levy to third parties, deletion, portability, rectification, as well as the restriction of processing of your personal data.
You have the right to withdraw your consent at any time.
You can unsubscribe from my newsletter at any time via the link provided in every email or by sending me an email to info(at)ephan.eu. This allows you to revoke the receipt or use of your data to receive the newsletter, including the analysis of user behavior in connection with the newsletter by the service MailChimp.
You can change the consent of cookies at any time via the button "Manage consent" on the home page or via the corresponding functionalities of your browser. All cookie settings can be managed via the browser, please note that you can only fully use functions of this website with the respective required cookies.
To exercise your rights, please write an e-mail to info(at)ephan.eu.
If you believe that the processing of personal data concerning you is in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority in the Member State of your residence, workplace or the place of the alleged infringement.
11. Consents given
For contacting us for the purpose of certain data use or advertising, you may have given consent (e.g. newsletter, customer account). If this is the case, the consent texts are stored and can be retrieved. To retrieve these texts, please contact us by e-mail at info(at)ephan.eu. The requested information will then be transmitted by e-mail.
12. Online presence in social media
In order to get in contact with customers, interested parties and users, I use social networks and platforms. When calling the respective social media, the terms and conditions and data processing policies of the respective operators apply. I process data of users if they communicate with me within the social networks and platforms (e.g. through sent messages, links or posts).
For marketing and advertising purposes, I and partner companies generate information and data using cookies and tracking pixels. Tracking pixels are small graphics that are integrated into my newsletter and page source texts. As soon as you call up the relevant web page or open the newsletter, these are automatically loaded onto your end device. Tracking pixels provide information about your user behavior with regard to my website and my newsletter.
Generated information is used to display advertisements on my website or on third-party websites. This data provides information about which advertisements are of particular interest to you because you clicked on them, and how you move around the Internet. This enables me and partner companies to target advertising much more effectively.
I place ads on the platforms I use, Facebook and Instagram. With the help of the Facebook pixel, for example, I want to ensure that my Facebook ads correspond to the potential interest of the users and do not have a harassing effect. The remaketing function "Custom Audience" of Facebook Inc., 1 Hacker Way Menlo Park, CA 94025, USA gives me and Facebook information about the advertising I use in Facebook. Via your browser, the tool establishes a direct connection with Facebook's server. To the best of my knowledge, Facebook receives the information that you have clicked on my ad and/or called up my website. If you are registered with Facebook, Facebook can assign the visit to your account. If you are not registered or logged in, there is still the possibility that Facebook learns and stores your IP address and other identifying characteristics of your person.
Facebook is certified under the Privacy Shield agreement, providing a guarantee to comply with European data protection law.
13. Data security
For security reasons and to protect the transmission of personal data and other confidential content (eg orders or requests), this website uses SSL or TLS encryption. You can recognize the encryption by the closed display of the key or lock symbol in the status bar of the browser you are using.
In order to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, appropriate technical and organizational security measures are taken, which are continuously improved.
14. Automated decision making
I do not use automated decision making including profiling.