DATA PROTECTION DECLARATION

1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when you use our website. Personal data means all data by which you can be personally identified.

1.2 The controller in charge of data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Beverly Hills Boutique. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

2) DATA COLLECTION WHEN VISITING OUR WEBSITE

When you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called server log files). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

• The pages visited on our website

• Date and time of access

• Amount of data sent in bytes

• Referrer source

• Browser used

• Operating system used

• IP address used (where applicable, in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

3) COOKIES

To make your visit to our website attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files stored on your device. Some cookies are deleted after the end of the browser session (session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, certain user information (e.g. browser and location data, IP address values) is processed. Persistent cookies are automatically deleted after a specified period that may vary by cookie.

In some cases, cookies simplify processes (e.g. remembering the contents of a shopping cart). Where personal data is processed, this occurs in accordance with Art. 6(1)(b) GDPR (performance of a contract) or Art. 6(1)(f) GDPR (legitimate interest in best possible functionality and user-friendly website design).

We may work with advertising partners who help us make our website more interesting. For this purpose, cookies from partner companies may be stored on your hard drive when you visit our website (third-party cookies). You will be informed below where applicable.

You can set your browser to be informed about the setting of cookies and decide individually on their acceptance or exclude acceptance for certain cases or in general. Browser help menus explain how to change cookie settings:

• Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies

• Firefox: https://support.mozilla.org/kb/cookies-erlauben-und-ablehnen

• Chrome: https://support.google.com/chrome/answer/95647

• Safari: https://support.apple.com/kb/ph21411

• Opera: https://help.opera.com/en/latest/web-preferences/#cookies

If you do not accept cookies, the functionality of our website may be restricted.

4) CONTACTING US

When contacting us (e.g. via contact form or email), personal data is collected. The type of data depends on the form fields used. Data is processed exclusively to respond to your request and for related technical administration, pursuant to Art. 6(1)(f) GDPR (legitimate interest in handling inquiries). If your contact aims at concluding a contract, Art. 6(1)(b) GDPR also applies. Data will be deleted after final processing of your request, provided no statutory retention obligations apply.

5) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING

Pursuant to Art. 6(1)(b) GDPR, personal data is collected and processed if you provide it to us to perform a contract or open a customer account. Required data is apparent from the respective input forms. You can request deletion of your customer account at any time. We store and use data for contract performance. After complete processing or deletion of the account, data is blocked for tax and commercial retention periods and deleted after expiry, unless you have consented to further use or we are legally permitted to retain it.

6) USE OF YOUR DATA FOR DIRECT ADVERTISING

6.1 Newsletter subscription
If you subscribe to our newsletter, we will regularly send information about our offers. Only your email address is mandatory. We use a double opt-in procedure. By activating the confirmation link, you consent to processing under Art. 6(1)(a) GDPR. We store your IP address, date and time of registration to prevent misuse. You can unsubscribe at any time via the link in each email or by contacting the controller. After unsubscribing, your email address is removed from our mailing list unless you have consented to further use or we are legally permitted to use it.

6.2 Email to existing customers
If you have provided your email address when purchasing goods or services, we may send you offers for similar goods or services by email on the basis of our legitimate interests in personalized direct advertising (Art. 6(1)(f) GDPR). You can object at any time by contacting the controller. Only transmission costs according to the basic rates arise.

7) DATA PROCESSING FOR ORDER PROCESSING

7.1 We transmit personal data to the transport company commissioned with delivery where necessary for delivery of goods, and payment data to the financial institution commissioned with payment processing, in each case pursuant to Art. 6(1)(b) GDPR. If we use payment service providers, details are provided below.

7.2 Payment service providers

• PayPal
  When paying via PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, your payment data is transmitted to PayPal for payment processing pursuant to Art. 6(1)(b) GDPR. PayPal may conduct a credit check based on legitimate interests (Art. 6(1)(f) GDPR). For details, see PayPal’s privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full. You can object by contacting PayPal; contractual processing may still require data processing.

• SOFORT / Klarna
  If you select SOFORT, payment is processed by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (Klarna Group). We transmit your data and order details pursuant to Art. 6(1)(b) GDPR for payment processing. Privacy info: https://www.klarna.com/sofort/datenschutz

8) RATING REMINDERS

We may use your email address as a one-time reminder to submit a review of your order if you have expressly consented pursuant to Art. 6(1)(a) GDPR. You can revoke consent at any time by contacting the controller.

9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS

9.1 Facebook (Shariff solution)
Our website may use plugins of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, integrated via an HTML link (Shariff). No connection to Facebook servers is established until you click the button. Purpose, scope and further processing by Facebook and your rights can be found at: https://www.facebook.com/policy.php

9.2 Instagram (Shariff solution)
Plugins of Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA, may be integrated via an HTML link (Shariff). Privacy info: https://help.instagram.com/155833707900388/

10) ONLINE MARKETING

10.1 DoubleClick by Google
We use DoubleClick by Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Cookies help display relevant ads, improve campaign reports and avoid duplicates. Processing is based on our legitimate interest in optimal marketing (Art. 6(1)(f) GDPR). More info: https://policies.google.com/privacy
Opt-out options include blocking cookies from www.googleadservices.com, using www.aboutads.info, or browser settings.

10.2 Google Ads conversion tracking
We use Google Ads conversion tracking (Google LLC). A cookie is set when you click a Google ad. It expires after 30 days and is not used for personal identification. We receive aggregated statistics. You can disable the conversion cookie in your browser settings. More info: https://policies.google.com/privacy and https://www.google.com/settings/ads/plugin

11) WEB ANALYSIS SERVICES

Google Analytics (with IP anonymization)
This website uses Google Analytics (Google LLC). We use the “_anonymizeIp()” function so that IP addresses are processed in shortened form. Processing for statistical analysis and optimization is based on Art. 6(1)(f) GDPR. You can prevent cookie storage via browser settings or use the opt-out plugin: https://tools.google.com/dlpage/gaoptout
For cross-device analysis via User-ID, you can deactivate Google Analytics on all systems you use.

12) RETARGETING / REMARKETING / REFERRAL ADVERTISING

Facebook Custom Audiences (Pixel)
With your explicit consent (Art. 6(1)(a) GDPR), we use the Facebook pixel of Facebook Inc. to measure and optimize ads. Data is anonymous to us but processed by Facebook in accordance with https://www.facebook.com/about/privacy/
You can disable third-party cookies (e.g. via https://www.aboutads.info/choices/). Consent may only be given by users 13+.

Google Ads Remarketing
We use Google Ads Remarketing (Google LLC). A cookie with a pseudonymous ID enables interest-based advertising (Art. 6(1)(f) GDPR). If you consented to Google linking your web and app history with your Google account, cross-device remarketing may occur. Opt-out: https://www.google.com/settings/ads/onweb/ or via browser settings. More info: https://policies.google.com/technologies/ads

13) RIGHTS OF THE DATA SUBJECT

You have the following rights under the GDPR with respect to your personal data:

• Right of access (Art. 15)

• Right to rectification (Art. 16)

• Right to erasure (Art. 17)

• Right to restriction of processing (Art. 18)

• Right to notification (Art. 19)

• Right to data portability (Art. 20)

• Right to withdraw consent (Art. 7(3))

• Right to lodge a complaint with a supervisory authority (Art. 77)

Right to object (Art. 21)
If we process your data based on legitimate interests, you may object at any time on grounds relating to your particular situation. If you object, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or processing serves the establishment, exercise or defense of legal claims.
If your personal data is processed for direct marketing, you may object at any time; we will then stop processing for such purposes.

14) DURATION OF STORAGE OF PERSONAL DATA

The storage duration is based on statutory retention periods (e.g. commercial and tax law). After expiry of these periods, data is routinely deleted if no longer required for contract performance or initiation and no legitimate interest in continued storage exists.

CONTACT

For any privacy-related questions or to exercise your rights, contact us at: help@beverlyhillsboutique.one