Privacy Policy Studio Peter Büchler
As of September 2020
The protection of personal data and the responsible handling of the information you entrust to us is an important and special concern of ours. Studio Peter Buechler processes personal data on https://www.peterbuechler.com (hereinafter the Website) only in accordance with the legal regulations. These are in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
This privacy policy contains information how we process personal data in the case you
· visit our website (see section 2)
· conclude and execute agreements with us (see section 3)
· your payment options (see section 4)
Further, this privacy policy contains information on recipients of your personal data within the EEA (see section 6) and third countries (see section 7), deletion of your personal data and retention periods (see section 9), your rights as a data subject (see section 10) and automated decision making (see section 11).
1. Data Controller
Data controller in terms of data protecion law:
Studio Peter Buechler
Joachim-Friedrich-Straße 20, 10711 Berlin
mail@peterbuechler.com
Tel. +49 170 2807201
2. Usage of our Website
When you visit our website, we process personal data to enable you to use it (usage data), as described in section 2.1. In addition, we process personal data to send newsletters, to use cookies and for other purposes as described in section 2.2 et seq. Below you will find the information on the legal basis, the purposes and, if applicable, legitimate interests and the necessity of processing your personal data.
2.1. Data Processing to Enable the Use of the Website
When you visit our website, we collect personal data to enable you to use it (usage data). This includes your IP address and data on the beginning, end and subject of your use of the website as well as any identification data (e.g. your login data if you log into a secure area). In addition, this includes technical data transmitted by your browser, such as browser type / browser version, the previously visited website (referrer URL), monitor resolution, operating system, possibly device information (e.g. device type) etc. We process this usage data for the purpose of providing and designing this website in line with requirements in our legitimate interest (Art. 6 (1) (f) GDPR). If you are interested in detailed information on the balancing of your and our interests, please refer to the address in section 1.
2.2. Newsletter and E-Mail Advertising
If you would like to receive our newsletter and register for it, we will collect your e-mail address and send you a confirmation e-mail with a confirmation link that you must click to subscribe to our newsletter. We will also add you to our mailing list to send you a-mail advertising for our own similar goods if you purchase a good from us. This only occurs if you have not previously objected to this processing of your e-mail address. You can unsubscribe from the newsletter and object to the e-mail advertising at any time. You will find a possibility to declare your objection in every newsletter and every other advertising e-mail that we send you.
2.3. Cookies
When you visit our website, information might be stored on your device in the form of cookies. Cookies are small text files that are sent to your browser by a web server and stored on your device. When revisiting our website, the cookies are transferred back to our web server. This enables us, for example, to recognize you when you visit the website again. Cookies can be divided into first-party cookies (used by us) and third-party cookies (used by third parties). We also categorize cookies as follows:
Category 1:
Technically Required Cookies
These cookies are absolutely necessary to ensure the technical functionality of the website (e.g. enabling the shopping cart function or login during a session, etc.). Without these cookies we cannot properly offer use of the website.
Category 2:
Functional Cookies
These cookies are used to create the most pleasant surfing experience possible on our website, with a maximum degree of individual user conformity (e.g. enabling a session-spanning login, high surfing speed through search suggestions or saving individual page settings such as language or text size, etc.).
Category: 3
Performance Cookies
These cookies are used to constantly optimize our website and lead to a continuously improved surfing experience (e.g. by evaluating the use of offered website functions, reporting display errors, etc.).
Category 4:
Social Network and Advertising Cookies
Some of these cookies allow you to connect to your social networks and share content. The other part helps to better personalize your advertising by collecting information to better match your interests.
Cookies of categories 2 to 4 can be used in the context of web analysis. They can be combined with other information about your activities on our website and are processed in pseudonymous user profiles. This helps us to analyze information about web traffic and to improve our website in order to adapt it to the needs of our users. We only use this information for statistical analysis. In addition to cookie-based web analysis, there is also non-cookie-based web analysis using other means, such as your individual device settings, to recognize you when you revisit our website.
The legal basis for the use of category 1 cookies is our legitimate interest in the provision of our website in accordance to Art. 6 (1) (f) GDPR.
The legal basis for the use of cookies of categories 2 to 4 and web analytics is your consent according to Art. 6 (1) (a) GDPR.
Detailed information on the individual cookies used on our website can be found in the following table:
Category | Name | Purpose | Storage Period
1 | CART | Shopping Cart Management | 2 Weeks
1 | crumb | Performing the browser session | Session
1 | hasCart | Shopping Cart Management | 2 Weeks
1 | SS_SESSION_ID | Perfoming the browser session | Session
2.4. Social Networks
Our website contains links to social networks (Facebook and Instagram). These services are operated exclusively by third parties. If you follow the links, information may be transferred to these providers. We use the so-called "Shariff Solution” for links to social networks. To ensure no personal data will be passed on when you visit our site. Only if you click a social share button, information will be transferred to the provider. The purpose and scope of the data processing by the provider as well as your rights and setting options for the protection of your privacy can be found in the privacy policy of the provider:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
http://www.facebook.com/policy.php/
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA
https://help.instagram.com/155833707900388
3. Conclusion of Contracts / Web shop
To conclude or execute contracts with you or within the scope of the ordering process in our web shop, we process personal data concerning you, such as name, address, e-mail address, payment data. Without communication of your data we cannot process the contract and cannot send you the goods. For some payment methods, either we need the necessary payment data to pass them on to a payment service provider commissioned by us or they are collected directly by the payment service providers (see below for payment options).
The legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. The purpose of the processing is to establish and implement the contractual relationship with you. This requires the provision of your personal data. You are not obliged to provide your personal data, but if such are not provided, the establishment and execution of the contractual relationship is not possible. Otherwise there will be no further consequences for you.
4. Payment Options
4.1. Payment by Credit Card
If you pay by credit card, we collect the following data: Name of the credit card holder, card type (VISA; Mastercard, American Express), credit card number, expiration date, security code, amount, date, time, PIN if applicable.
We forward this data to the network operator and the acquirer (according to the Payment Services Supervision Act (ZAG) of regulated payment service providers, which carries out the acceptance and settlement of payment transactions for us) for the purpose of processing the payment.
The legal basis for this data processing is Art. 6 (1) (b) GDPR, as the processing of your data is necessary for the fulfillment of the agreement on payment of your purchase by credit card. Furthermore, the legal basis for the data processing connected with this is Art. 6 (1) (f) GDPR, based on the legitimate interest of the network operator and the acquirer to offer you a secure and effective payment option and to prevent fraud in this context. If you are interested in detailed information on the balancing of your and our interests, please refer to the address in section 1.
4.2. Payment via PayPal
If you would like to pay for your order in our web shop using PayPal, the amount to be paid, together with your first and last name, delivery address, e-mail address, telephone number and IP address, will be transmitted to PayPal (i.e. to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) so that you can authorize the payment to us to PayPal. You will need a PayPal account for this. PayPal also offers the possibility to make virtual payments by credit card if a user does not have a PayPal account.
The legal basis for the data processing associated with this is Art. 6 (1) (b) GDPR, since the processing of your data is necessary for the fulfillment of the agreement to pay for your purchase via PayPal.
The data transmitted to PayPal may be transmitted by PayPal to credit agencies. This transmission is used for identity and credit checks. For more information about PayPal’s privacy policy, please visit https://www.paypal.com/de/webapps/mpp/ua/privacy-full. Payment with PayPal is voluntary, we offer you alternative payment options.
The legal basis for the data processing associated with this is Art. 6 (1) (f) GDPR. Our legitimate interest is to offer our customers a safe and effective payment option and to prevent fraud in this context. If you are interested in detailed information on the balancing of your and our interests, please refer to the address in section 1.
5. Website Protection
In order to prevent unauthorized access to your data by third parties, we are guided by the latest technical and organizational possibilities. We therefore use SSL encryption for all our areas to ensure the best possible data security. However, we would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. Unfortunately, we cannot guarantee complete protection of data access by third parties.
6. Transfer to Recipients of Personal Data within the EEA
We only transfer personal data to third parties as far as this is necessary for the provision of our service or as far as it is required by law. Within the scope of the purposes stated here, personal data is forwarded to service providers who work for us and support us in particular in providing our services. These service providers are bound by further contractual provisions on data protection in addition to their legal obligation to comply with all data protection regulations by us. This includes in particular an obligation as a processor according to Art. 28 GDPR.
Otherwise, we only transfer personal data to other recipients if we have legal permission to do so or you have given your prior consent. You can revoke any consent you may have given at any time with effect for the future. We will only pass on your data to government agencies within the framework of legal obligations or on the basis of an official order or court decision and only to the extent permitted by data protection law.
7. Transmission to Recipients of Personal Data in States outside the EEA
As far as for our purposes and in individual cases we may also transfer your data to recipients outside the EU. This is particularly the case if we have to transfer this data to recipients in third countries for the purpose of fulfilling a contract, due to legal obligations or if this is necessary for the establishment, exercise or defense of legal claims.
If we transfer data to third countries we ensure that the recipient has implemented an adequate level of data protection within the meaning of Art. 45 GDPR or appropriate safeguards within the meaning of Art. 46 (2), (3) GDPR and no other interests worthy of protection speak against the passing on of data or you have consented to the transfer of data pursuant to Art. 49 para. 1 a) GDPR.
8. Automatic Deletion, Deletion Period
We delete your personal data as soon as they are no longer required for the aforementioned purposes of processing, in the event of an objection where there are no compelling reasons worthy of protection or in the event of a revocation with no further legal basis for processing. In certain cases, e.g. if there is a legal obligation to retain data, your personal data will first be blocked and then deleted upon expiry of the retention period.
9. Your Rights
As a data subject, you have a right to confirmation whether data relating to your person is being processed by us and, if so, the right to access this personal data (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restriction (blocking) of your data (Art. 18 GDPR).
In addition, in the case of processing on the basis of Art. 6 (1) (e), (f) GDPR, you may object to the processing (art. 21 GDPR), in which case, except in the case of direct mail, you must give a specific reason. If you have provided this data, you may request the transfer of the data (Art. 20 GDPR). Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law. If the processing is based on a consent within the meaning of Art. 6 sentence 1 (a) GDPR or Art. 9 (2) (a) GDPR, you may revoke this consent at any time for the future (Art. 7 (3) GDPR). You also have the right to contact the responsible data protection authority (Art. 77 GDPR).
10. No Automated Individual Case Decision
We do not use your personal data for automated individual case decisions within the meaning of Art. 22 (1) GDPR.
11. Modification of the Privacy Policy
New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adjusted accordingly. The latest version will always be accessible on our website.