Privacy Policy
PRIVACY POLICY
1) INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND
CONTACT DETAILS OF THE RESPONSIBLE PERSON
1.1 We are pleased that you are visiting our website and thank you for your
interest. In the following, we inform you about how we handle your
personal data when using our website. Personal data
here means all data that can personally identify you.
1.2 The person responsible for data processing on this website, as defined by the
General Data Protection Regulation (GDPR), is Bondi Bay Boutique. The person responsible for processing
personal data is the natural or legal person who alone or jointly with others determines the purposes and means of
processing personal data.
1.3 For security reasons and to protect the transmission of
personal data and other confidential content (e.g. orders or
inquiries to the responsible person), this website uses SSL or TLS encryption. You can
recognize an encrypted connection by the string "https://" and the lock symbol
in your browser bar.
2) DATA COLLECTION WHEN VISITING OUR WEBSITE
When you visit our website for informational purposes only, without
registering or otherwise providing information, we only collect
data that your browser transmits to our server (so-called "server log files"). When you
access our website, we collect the following data, which is technically
necessary for us to display the website:
Our visited website
Date and time of access
Amount of data sent in bytes
Referrer URL
Used browser
Operating system used
IP address used (possibly in anonymized form)
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our
legitimate interest in improving the stability and functionality of our
website. The data will not be passed on or used in any other way.
However, we reserve the right to check the server log files retrospectively if
there are specific indications of illegal use.
3) COOKIES
To make your visit to our website attractive and to enable the use of certain
functions, we use so-called cookies on various pages. These are small text files that are stored on your device.
Some of the cookies we use are deleted after the end of the
browser session, i.e. after you close your browser (so-called
session cookies). Other cookies remain on your device and allow us
or our partner companies (third-party cookies) to recognize your browser on the
next visit (persistent cookies). If cookies are set, they collect and process
certain user information to the extent required,
such as browser and location data and IP address values. Persistent cookies are
automatically deleted after a specified period, which may vary depending on the cookie.
Cookies are sometimes used to simplify the ordering process by storing settings
(e.g. remembering the contents of a virtual shopping cart for
a later visit to the website). If personal data is also processed by
individual cookies implemented by us, processing will be carried out
in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of a contract or
in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in
the best possible functionality of the website as well as a user-friendly and effective
design of the website visit.
We may work with advertising partners who help us improve our website.
we have received your explicit confirmation that you agree to receive the newsletter. We will then send you a confirmation email asking you to confirm that you would like to receive the newsletter by clicking on a link in the email. By clicking on the link, you give us your consent to use your personal data for advertising purposes.
6.2 Newsletter tracking
Our newsletters may contain tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format to enable log file recording and analysis. This allows for statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if and when an email was opened by a data subject, and which links in the email were accessed.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed in order to optimize the delivery of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted. We automatically regard a withdrawal from the receipt of the newsletter as a revocation.
7) CONTACT FORM AND EMAIL CONTACT
When you contact us via the contact form or by email, the data you provide will be used to process your inquiry. The data will be stored and used for the purpose of responding to your inquiry and for any further communication that may be necessary. This data will not be passed on to third parties without your consent.
Please note that the transmission of data via the internet may have security vulnerabilities. Complete protection of data against access by third parties is not possible.
8) DATA SECURITY
We strive to protect your personal data by implementing appropriate technical and organizational security measures to minimize risks associated with data processing. However, we cannot guarantee complete data security when communicating via email, so we recommend sending sensitive information by post.
If you have any further questions regarding data protection or the processing of your personal data, please do not hesitate to contact us.
You have expressly confirmed to us that you consent to receiving newsletters. We will then send you a confirmation email, asking you to confirm by clicking on a corresponding link that you wish to receive newsletters in the future.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) lit. a GDPR. When registering for the newsletter, we will save your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration, in order to trace any potential misuse of your email address at a later time. The data collected during newsletter registration will only be used for advertising purposes via the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the responsible party mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond what is legally permitted, as we will inform you in this statement.
6.2 Sending of email newsletters to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services to those already purchased from our range by email. In this case, we do not need separate consent from you. The data processing is based solely on our legitimate interest in personalized direct marketing in accordance with Art. 6 (1) lit. f GDPR. If you initially objected to the use of your email address for this purpose, we will not send any emails. You are entitled to object to the use of your email address for the aforementioned advertising purposes at any time with effect for the future by notifying the responsible party mentioned at the beginning. You will only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will be immediately discontinued.
7) DATA PROCESSING FOR ORDER PROCESSING
7.1 The personal data collected by us will be forwarded to the transport company responsible for delivery as part of the order processing, to the extent necessary for the delivery of the goods. We will pass on your payment data to the authorized credit institution as part of the payment processing, if this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for the data transfer is Art. 6 (1) lit. b GDPR.
7.2 Use of Payment Service Providers
- Paypal
If you pay via PayPal, credit card via PayPal, direct debit via PayPal, or, if offered, "purchase on account" or "installment payment" via PayPal, we will forward your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer is in accordance with Art. 6 (1) lit. b GDPR and only to the extent necessary for the payment processing.
For payment methods such as credit card via PayPal, direct debit via PayPal, or, if offered, "purchase on account" or "installment payment" via PayPal, PayPal reserves the right to conduct a credit check. Your payment data will be used for this purpose.
If necessary, according to Art. 6 para. 1 lit. f GDPR based on the legitimate interest of PayPal in determining your ability to pay, the result of the credit check regarding the statistical probability of default is passed on to credit agencies. PayPal uses the results of the credit check to decide on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical method. The calculation of score values includes, among other things, but not exclusively, address data. For further data protection information, including the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if necessary for the contractual payment processing.
- IMMEDIATELY
If you choose the payment method "IMMEDIATELY," the payment processing is carried out by the payment service provider IMMEDIATELY GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "IMMEDIATELY"), to whom we pass on the information provided by you during the ordering process, including information about your order, according to Art. 6 para. 1 lit. b GDPR. IMMEDIATELY GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is only passed on for the purpose of payment processing with the payment service provider IMMEDIATELY and only to the extent necessary. You can find more information about the data protection regulations of IMMEDIATELY at the following Internet address: https://www.klarna.com/sofort/datenschutz.
8) CONTACT FOR REVIEW REMINDER
Own review reminder (not sent by a customer review system)
We use your email address to send you a one-time reminder to review your order for the review system we use, if you have given us your explicit consent according to Art. 6 para. 1 lit. a GDPR during or after your order. You can revoke your consent at any time by sending a message to the data controller responsible for data processing.
9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS
9.1 Facebook plugins with Shariff solution
Special additional customs clearance costs and/or import duties are not included in the price and are borne by the customer. On our website, so-called social plugins ("plugins") of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"), are used.
To enhance the protection of your data when visiting our website, these buttons are not embedded as plugins but only as HTML links. This way of embedding ensures that when a page on our website containing such buttons is accessed, no connection is made to Facebook's servers. Clicking the button will open a new browser window and access Facebook's page where you can interact with the plugins there (possibly after entering your login details).
Facebook Inc., based in the USA, is certified for the US-European Privacy Shield agreement, which ensures compliance with the level of data protection in the EU.
For the purpose and scope of data collection and further processing and use of the data by Facebook, as well as your rights and options for protecting your privacy, please refer to Facebook's privacy policy: https://www.facebook.com/policy.php.
9.2 Google+ Plugins as Shariff Solution
On our website, so-called Social Plugins ("Plugins") of the social network Google+ are used, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
To increase the protection of your data when visiting our website, these buttons are not fully integrated as plugins, but only embedded into the page using an HTML link. This type of integration ensures that when a page on our website containing such buttons is accessed, no connection to Google+ servers is established. When you click on the button, a new browser window opens and loads the Google+ page where you can interact with the plugins there, possibly after entering your login details.
Google LLC, based in the USA, is certified for the EU-US Privacy Shield agreement, which ensures compliance with the level of data protection in the EU.
For the purpose and scope of data collection and further processing and use of the data by Google, as well as your rights and options to protect your privacy, please refer to Google's privacy policy: https://www.google.com/intl/en/policies/privacy/
9.3 Instagram Plugin as Shariff Solution
On our website, so-called Social Plugins ("Plugins") of the online service Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram"), are used.
To increase the protection of your data when visiting our website, these buttons are not fully integrated as plugins, but only embedded into the page using an HTML link. This type of integration ensures that when a page on our website containing such buttons is accessed, no connection to Instagram servers is established. When you click on the button, a new browser window opens and loads the Instagram page where you can interact with the plugins there, possibly after entering your login details.
Instagram LLC, based in the USA, is certified for the EU-US Privacy Shield agreement, which ensures compliance with the level of data protection in the EU.
For the purpose and scope of data collection and further processing and use of the data by Instagram, as well as your rights and options to protect your privacy, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/
10) ONLINE MARKETING
10.1 DoubleClick by Google
This website uses the online marketing tool DoubleClick by
Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick").
DoubleClick uses cookies to display ads relevant to users, improve campaign performance reports, or prevent a user from seeing the same ads multiple times. Through a cookie ID, Google tracks which ads are displayed in which browser and can prevent them from being displayed multiple times. The processing is based on our legitimate interest in optimally marketing our website according to Art. 6 para. 1 lit. f GDPR.
In addition, DoubleClick can track conversions using cookie IDs that are related to ad requests. This may occur when a user sees a DoubleClick ad and later uses the same browser to visit the advertiser's website and makes a purchase. According to Google, these conversions include.
DoubleClick cookies do not contain any personally identifiable information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no control over the extent and further use of the data collected by Google through the use of this tool, and therefore inform you based on our current knowledge: By integrating DoubleClick, Google receives information that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or not logged in, the provider may still obtain and store your IP address.
If you wish to opt out of this tracking process, you can disable cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com, https://www.google.de/settings/ads. This setting will be deleted if you clear your cookies. Alternatively, you can visit the Digital Advertising Alliance website at www.aboutads.info to learn about cookie settings and make adjustments. You can also configure your browser to notify you of cookie settings and decide on their acceptance individually, or block cookie acceptance for certain cases or in general. However, rejecting cookies may limit the functionality of our website.
Google LLC, based in the USA, is certified under the US-EU Privacy Shield agreement, ensuring compliance with the data protection level in the EU.
You can find further information about DoubleClick's privacy policy by Google at the following internet address: https://www.google.de/policies/privacy/
10.2 Use of Google AdWords Conversion Tracking
This website uses the online advertising program "Google AdWords" and, within Google AdWords, the conversion tracking of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google AdWords to promote our attractive offers on external websites through advertising materials (Google AdWords). We can determine the success of individual advertising campaigns based on campaign data. Our goal is to show you advertisements that are relevant to you, make our website more interesting for you, and achieve a fair calculation of advertising costs.
The conversion tracking cookie is set when a user clicks on a Google AdWords ad. Cookies are small text files that are stored on your computer system. These cookies generally expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to that page. Each Google AdWords customer receives a different cookie, so cookies cannot be tracked across AdWords customers' websites. The information obtained through the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag.
The page where Conversion-Tracking-Tag was placed. However, you will not receive any information that can personally identify users. If you do not wish to participate in tracking, you can block this by disabling the Google Conversion-Tracking cookie through your internet browser's user settings. You will then not be included in the conversion tracking statistics. We use Google Adwords due to our legitimate interest in targeted advertising according to Art. 6 para. 1 lit. f DSGVO. Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield," which ensures compliance with the level of data protection in the EU.
You can find more information about Google's privacy policy at the following internet address: https://www.google.de/policies/privacy/
You can disable cookies for ad preferences permanently by preventing them through a corresponding setting in your browser software or by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/plugin?hl=en
Please note that certain functions of this website may not be usable or may be limited if you have disabled the use of cookies.
11) WEB ANALYSIS SERVICES
Google (Universal) Analytics
- Google Universal Analytics
This website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses so-called "cookies," which are text files stored on your computer that allow an analysis of your website usage. The information generated by the cookie about your use of this website (including your IP address shortened by removing the last octet) is usually transmitted to a Google server in the USA and stored there.
This website uses Google Analytics exclusively with the IP anonymization option activated ("_anonymizeIp()"), which ensures the anonymization of the IP address by shortening it and excludes any direct personal reference. The IP address supplied by your browser as part of Google Analytics will not be merged with other data from Google.
You can prevent the storage of cookies by setting your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of this website to their full extent. Additionally, you can prevent Google from collecting and processing data generated by the cookie regarding your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Alternatively, you can click the following link to set an opt-out cookie within browsers on mobile devices, which prevents the collection.
Prevention of Google Analytics within this website in the future (this opt-out cookie works only in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): Disable Google Analytics Google LLC in the USA is certified for the EU-US Privacy Shield agreement, which ensures compliance with the level of data protection applicable in the EU. This website also uses Google Analytics for cross-device analysis of visitor flows, which is done through a User ID. When a page is accessed for the first time, the user is assigned a unique, permanent, and anonymized ID that is set across devices. This allows interaction data from different devices and sessions to be assigned to a single user. The User ID does not contain any personal data and does not transmit any to Google. Data collection and storage through the User ID can be objected to at any time with effect for the future. To do this, you must deactivate Google Analytics on all systems you use, for example, in a different browser or on your mobile device. You can deactivate it using a browser plugin from Google (https://tools.google.com/dlpage/gaoptout?hl=en). Alternatively, you can click on the following link within browsers on mobile devices to set an opt-out cookie that prevents Google Analytics from collecting data on this website in the future (this opt-out cookie works only in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): Disable Google Analytics. For further information on Universal Analytics, please visit: https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376 12) RETARGETING/ REMARKETING/ RECOMMENDATION ADVERTISING Facebook Custom Audience via the Pixel Process This website uses the "Facebook Pixel" of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). With the explicit consent, user behavior can be tracked after they have seen or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising measures. The data collected are anonymous to us, therefore they do not provide any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). You can allow Facebook and its partners to display ads on and off Facebook. For these purposes, a cookie may also be stored on your computer. These processing operations only take place with the explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent to the use of the Facebook Pixel may only be given by users who are older than 13 years old. If you are younger, please ask your legal guardians for permission. Facebook Inc. based in the USA is certified for the EU-US Privacy Shield agreement, which ensures compliance with the level of data protection applicable in the EU. To disable the use of cookies on your computer, you can set your internet browser to no longer allow cookies to be stored on your computer in the future, or to delete already stored cookies.
Disabling all cookies can, however, lead to some functions on our websites not being able to be executed. You can deactivate the use of cookies by third parties such as Facebook on the following website of the Digital Advertising Alliance: https://www.aboutads.info/choices/
Google AdWords Remarketing
Our website uses the features of Google AdWords Remarketing, with which we advertise for this website in Google search results, as well as on third-party websites. The provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For this purpose, Google sets a cookie in the browser of your device, which enables interest-based advertising automatically based on a pseudonymous cookie ID and the pages you have visited. The processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 para. 1 lit. f GDPR. Further data processing only takes place if you have agreed to Google linking your internet and app browser history with your Google account and using information from your Google account to personalize ads that you view on the web. If you are logged into your Google account during the visit to our website in this case, Google uses your data together with Google Analytics data to create and define target audience lists for cross-device remarketing. Your personal data is temporarily linked by Google with Google Analytics data to create target audiences.
You can permanently disable the setting of cookies for ad preferences by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/
Alternatively, you can inform yourself about the setting of cookies and make settings regarding this at the Digital Advertising Alliance website www.aboutads.info. Finally, you can set your browser to inform you about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be restricted.
Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield," which ensures compliance with the level of data protection applicable in the EU.
For further information and the privacy policy regarding advertising and Google, please see here: https://www.google.com/policies/technologies/ads/
13) RIGHTS OF THE DATA SUBJECT
13.1 The applicable data protection law grants you comprehensive rights as a data subject (information and intervention rights) vis-à-vis the data controller with regard to the processing of your personal data, about which we inform you below:
Right to information according to Art. 15 GDPR: You have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage duration or the criteria for determining the storage duration, the existence of the right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing, as well as your right to be informed about guarantees under Art. 46 GDPR for the transfer of your data to third countries;
Right to rectification according to Art. 16 GDPR: You have the right to immediate rectification of inaccurate data concerning you and/or completion of your incomplete data stored with us; Right to erasure according to Art. 17 GDPR: You have the right to request the erasure of your personal data if the conditions of Art. 17 (1) GDPR are met. However, this right does not exist in particular if processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims; Right to restriction of processing according to Art. 18 GDPR: You have the right to request the restriction of processing of your personal data as long as the accuracy of your data contested by you is verified, if you refuse the erasure of your data due to unlawful data processing and instead request the restriction of processing of your data, if you need your data for the establishment, exercise or defense of legal claims after we no longer need this data for the intended purpose or if you have objected on grounds of your particular situation, as long as it is not yet determined whether our legitimate grounds prevail; Right to information according to Art. 19 GDPR: If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed about this rectification or erasure of data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.; Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller, where technically feasible; Right to revoke consent granted according to Art. 7 (3) GDPR: You have the right to revoke consent to the processing of data granted at any time with effect for the future. In the event of revocation, we will immediately delete the affected data, unless further processing can be based on a legal basis for processing without consent. Revocation of consent does not affect the legality of processing carried out on the basis of consent until revocation; Right to lodge a complaint according to Art. 77 GDPR: If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work, or the place of the alleged infringement. 13.2 RIGHT TO OBJECT IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.