Privacy Policy

1) Introduction and Contact Details of the Controller

1.1

We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data means any data by which you can be personally identified.

1.2

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Victoria Hilbrecht, VHaquarell
Im Falkenhorst 12, 51145 Cologne, Germany
Email: info@victoriahilbrecht.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 Server Log Files

When you use our website for informational purposes only (i.e., if you do not register or otherwise actively provide information), only the data that your browser automatically transmits to the server is processed (“server log files”).

In particular, the following information may be processed:

  • accessed website or file

  • date and time of access

  • amount of data transferred

  • referrer URL

  • browser used

  • operating system used

  • IP address (possibly in shortened/anonymised form)

These data are processed for the technical provision of the website, to ensure stability and security, and to prevent, investigate and clarify misuse, on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR.

Processing may take place within the scope of technical provision by service providers engaged by us. No further use of the data takes place beyond this.

2.2 SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by “https://” and the lock symbol in your browser.

3) Hosting and Technical Provision of the Website

For hosting, operation and technical delivery of our website, we use the infrastructure of the following provider:

Shopify International Limited
Victoria Buildings, 1–2 Haddington Road
Dublin 4, D04 XN32, Ireland
(“Shopify”)

In the course of using Shopify, personal data are processed insofar as this is necessary for operation, maintenance, security and technical provision of the website. This may also include the involvement of companies affiliated with Shopify or sub-processors used by Shopify.

Data may also be processed in third countries if this is technically required. In such cases, processing is carried out on the basis of appropriate data protection safeguards, in particular adequacy decisions of the European Commission or other safeguards permissible under the GDPR.

We have concluded a data processing agreement (Art. 28 GDPR) with Shopify.

The legal basis for processing is our legitimate interest in operating our online offering in a secure, stable and efficient manner pursuant to Art. 6(1)(f) GDPR.

4) Cookies and Similar Technologies

4.1 General Information

We use cookies and similar technologies on our website to ensure operation and basic functions of the website and—where necessary—to provide additional functions.

Cookies are small text files that are stored on your device or that can read information from your device.

4.2 Technically Necessary Cookies

Technically necessary cookies are used to ensure the functionality and security of the website. These cookies are necessary for operating the website and cannot be disabled.

The legal basis for the use of technically necessary cookies is Art. 6(1)(f) GDPR in conjunction with Sec. 25(2) No. 2 TTDSG.

4.3 Cookies and Technologies Requiring Consent

Cookies and similar technologies that are not technically necessary are used exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Sec. 25(1) TTDSG.

You give your consent via the cookie consent tool used on our website. You can change or withdraw your consent at any time with effect for the future via the cookie consent tool.

4.4 Managing Cookie Settings

Which cookies and similar technologies are used in detail, what purposes they serve and how long they are stored, can be found in the settings of the cookie consent tool.

5) Contacting Us

When you contact us (e.g., by email or contact form), personal data are processed exclusively for the purpose of handling and responding to your request and only to the extent necessary for this purpose.

The legal basis is our legitimate interest in responding to your enquiry pursuant to Art. 6(1)(f) GDPR. If your contact aims at concluding or performing a contract, processing is additionally based on Art. 6(1)(b) GDPR.

Your data will be deleted as soon as the matter has been conclusively resolved, unless statutory retention obligations prevent deletion.

6) Data Processing When Creating a Customer Account

When you create a customer account, personal data are processed to the extent necessary to enable use of the offered functions and to process orders and contractual relationships. The legal basis is Art. 6(1)(b) GDPR.

Which data are required for creating a customer account results from the respective input form during registration.

You may delete your customer account at any time. After deletion, personal data will be deleted provided that all contractual relationships processed via the account have been fully fulfilled, no statutory retention obligations exist, and no legitimate interest in further storage applies.

7) Use of Personal Data for Information and Marketing Purposes

7.1 Newsletter

If you subscribe to our newsletter, we use your email address to send you information about our offers. Processing is based exclusively on your voluntary consent pursuant to Art. 6(1)(a) GDPR.

Subscription is carried out using the double opt-in procedure. You can withdraw your consent at any time with effect for the future, e.g., via the unsubscribe link in the newsletter.

After you unsubscribe, your email address will be deleted from the mailing list unless another legally permissible basis for further processing exists.

7.2 Dispatch via Service Providers

Email communications may be sent via technical service providers acting on our behalf. They process personal data exclusively on the basis of a data processing agreement and only for the respective intended purposes.

To the extent that statistical evaluations are carried out in the context of email communications, this will only take place if an appropriate consent exists.

8) Data Processing for Order Fulfilment

To process orders, we process personal data insofar as this is necessary for the initiation, performance and fulfilment of the contract. This includes in particular data required for processing orders, payment handling and delivery of goods.

The legal basis is Art. 6(1)(b) GDPR.

In the course of order processing, personal data may be transferred to third parties insofar as this is necessary for contract performance, in particular to shipping and logistics providers as well as parties involved in payment processing.

The payment methods available in each case are displayed during the ordering process. Payment data are processed only to the extent necessary for payment handling.

No processing of personal data for other purposes takes place within the scope of order fulfilment.

9) Affiliate Programs and Online Marketing

We participate in affiliate programs in which links to third-party offers may be integrated on our website.

In the context of such affiliate programs, it may be necessary to process information for attribution of referrals and settlement of commissions. Cookies or similar technologies used for this purpose are only used if consent has been given via the cookie consent tool.

Data processing within affiliate programs is carried out by the respective providers under their own responsibility. Further information on the type, scope and purpose of processing can be found in the privacy notices of the respective partner websites.

10) Web Analytics and Statistical Evaluations

To analyse the use of our website and for statistical evaluation, we may use web analytics and statistics services.

In this context, information about the use of our website may be processed in order to improve the functionality, security and economic optimisation of our online offering.

The use of such services takes place exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR. Consent is obtained via the cookie consent tool used on our website and can be withdrawn there at any time with effect for the future.

The specific services used, their purposes and the storage duration of the cookies or similar technologies used result from the settings of the cookie consent tool.

11) Online Advertising, Retargeting and Conversion Measurement

To promote our offers, we may use online advertising and marketing services that enable evaluation of the effectiveness of advertising measures as well as interest-based delivery of advertising.

The use of corresponding technologies takes place exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR. Consent is obtained via the cookie consent tool used on our website and can be withdrawn there at any time with effect for the future.

Which technologies are used in detail, for which purposes, and how long cookies or comparable technologies are stored is set out in the settings of the cookie consent tool.

12) Third-Party Content and Language Features

12.1 Third-Party Content (e.g., Videos)

Our website may contain third-party content or link to such content, for example videos provided by external platforms.

Depending on the type of presentation and following a corresponding user interaction, personal data may be processed by the respective third-party provider, for example by loading external content or resources.

The respective third-party provider is solely responsible for its data processing. Further information can be found in the privacy notices of the respective providers.

12.2 Language and Translation Features

Our website may provide functions to display content in different languages. Technical services may be used that are necessary for providing the selected language.

Personal data are processed only insofar as this is technically necessary or if corresponding consent exists. In this respect, the information in the cookie consent tool is decisive.

13) Tools and Miscellaneous

To fulfil commercial and tax law obligations, we may use external service providers for bookkeeping purposes.

If personal data are processed in this context, processing is based on our legitimate interest in proper organisation and documentation of our business transactions pursuant to Art. 6(1)(f) GDPR.

14) Rights of Data Subjects

14.1 Data Subject Rights

Applicable data protection law grants you, as a data subject, the following rights in particular:

  • right of access pursuant to Art. 15 GDPR

  • right to rectification pursuant to Art. 16 GDPR

  • right to erasure pursuant to Art. 17 GDPR

  • right to restriction of processing pursuant to Art. 18 GDPR

  • right to be informed pursuant to Art. 19 GDPR

  • right to data portability pursuant to Art. 20 GDPR

  • right to withdraw consent pursuant to Art. 7(3) GDPR

  • right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

14.2 Right to Object

Where we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to such processing.

If you exercise your right to object, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to such processing. After your objection, the personal data concerned will no longer be processed for these purposes.

15) Storage Duration of Personal Data

The storage duration of personal data depends on the respective legal basis, the purpose of processing and—where applicable—statutory retention periods.

Where processing is based on consent pursuant to Art. 6(1)(a) GDPR, personal data will be stored until consent is withdrawn.

Data processed in the context of contractual or pre-contractual measures pursuant to Art. 6(1)(b) GDPR will be deleted after expiry of statutory retention periods, provided they are no longer necessary for contract performance and no legitimate interests in further storage exist.

Where processing is based on Art. 6(1)(f) GDPR, data will be stored until a right to object is exercised, unless compelling legitimate grounds or legal obligations prevent deletion.

In all other cases, personal data will be deleted once they are no longer necessary for the purposes for which they were collected or otherwise processed.