Data protection
Data Protection
1) Introduction and contact details of the data controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data includes any information that can be used to identify you personally.
1.2 The data controller for the processing of data on this website in accordance with the General Data Protection Regulation (GDPR) is Leonidas Kompodietas, Hansestraße 1b, 33689 Bielefeld, Germany, Tel .: 017642215859, Email: Info@redwoodclothing.de. The data controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
2) Data collection when visiting our website
2.1 When you visit our website for informational purposes only, without registering or otherwise providing us with information, we only collect the data that your browser sends to our server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Browser used
- Operating system used
- IP address used (if applicable, in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of illegal use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the data controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser bar.
3) Hosting & Content Delivery Network
Shopify
For hosting our website and displaying the site content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada. All data collected on our website is processed on the provider's servers. We have signed a data processing agreement with the provider to ensure the protection of our site visitors' data and prohibit unauthorized disclosure to third parties. When transferring data to Canada, an adequate level of data protection is ensured by a decision of the European Commission.
4) Cookies
To make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device for a longer period of time and allow the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings of your web browser. If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either to fulfill the contract, in accordance with Art. 6 para. 1 lit. a GDPR in case of given consent, or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a user-friendly and effective design of the site visit.
You can configure your browser to be informed about the setting of cookies and to decide individually on their acceptance or to exclude the acceptance of cookies for specific cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
5) Contact
When contacting us (e.g. via contact form or email), personal data will be processed exclusively for the purpose of processing and responding to your request and only to the extent necessary. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is related to a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted when it can be seen from the circumstances that the matter in question has been finally clarified and there are no legal retention obligations.
6) Comment function
As part of the comment function on this website, information about the time of the comment creation and the commentator name chosen by you will be stored and published on this website alongside your comment. In addition, your IP address will be logged and stored for security reasons and in case the person concerned violates the rights of third parties or posts unlawful content through a comment. We require your email address to contact you if a third party objects to your published content as unlawful.
Legal bases for storing your data are Art. 6 para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are objected to by third parties as unlawful.
7) Use of customer data for direct marketing
7.1 Signup for our email newsletter
When you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For newsletter delivery, we use the double opt-in procedure, which ensures that you only receive newsletters after explicitly confirming your consent to receive the newsletter by clicking on a verification link sent to the email address provided.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. We store the IP address entered by the Internet Service Provider (ISP) and the date and time of registration to track possible misuse of your email address at a later time. The data collected during newsletter registration is used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data for purposes permitted by law and inform you about it in this statement.
7.2 Klaviyo
The sending of our email newsletters is done through this provider: Klaviyo, 225 Franklin St, Boston, MA 02110, USA
Based on our legitimate interest in effective and user-friendly newsletter marketing, we provide the data you provided during newsletter registration in accordance with Art. 6 para. 1 lit. f GDPR to this provider so that they can take over the newsletter distribution on our behalf.
Subject to your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the provider also conducts a statistical evaluation of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure opening rates and specific interactions with the newsletter content. Device information (e.g. time of access, IP address, browser type, and operating system) is also collected and analyzed, but not merged with other databases.
You can revoke your consent for newsletter tracking at any time with future effect.
We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision of the European Commission.
8) Data processing for order processing
8.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us in accordance with Art. 6 para. 1 lit. b GDPR is passed on to the commissioned shipping company and the commissioned financial institution.
If we owe you updates for goods with digital elements or digital products based on a corresponding contract, we process the contact data transmitted by you when ordering (name, address, email address) in order to inform you personally within the legally prescribed period of upcoming updates in a suitable communication way (e.g. by post or email) in accordance with our legal information obligations pursuant to Art. 6 para. 1 lit. c GDPR. Your contact data will be strictly used for the purpose of notifying you of updates owed by us and will only be processed by us to the extent necessary for the respective information.
In order to process your order, we also work with the following service provider(s) who support us in whole or in part in the execution of closed contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
8.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name, delivery address and, if necessary for delivery, your telephone number exclusively for the purpose of delivering goods in accordance with Art. 6 para. 1 lit. b GDPR to a shipping partner selected by us.
8.3 Use of Payment Service Providers (Payment Services)
- Amazon Pay
On this website, one or more online payment methods from the following provider are available: Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg
When selecting a payment method from the provider where you pay in advance (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data will only be passed on for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
- Apple Pay
If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing will be done through the "Apple Pay" function on your iOS, watchOS, or macOS device by charging a payment card stored in "Apple Pay." Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you will need to enter a code previously set by you and verify using the "Face ID" or "Touch ID" function on your device.
For payment processing purposes, your information provided during the order process, along with information about your order, will be transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay for payment processing. This encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment success.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, date, and time, as well as whether the transaction was successfully completed. Personal identification is completely excluded through anonymization. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made through Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel to Apple servers. Apple does not process or store any of this information in a format that can identify you. You can disable the option to use Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay" and disable "Allow payments on Mac."
For more information on data protection with Apple Pay, please visit the following website: https://support.apple.com/en-us/HT203027
- Google Pay
If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing will be done through the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with NFC functionality by charging a payment card stored in Google Pay or a verified payment system (e.g. PayPal). To authorize a payment via Google Pay of more than €25, unlocking your mobile device through the respective verification measure (such as face recognition, password, fingerprint, or pattern) is required.
For payment processing purposes, your information provided during the order process, along with information about your order, will be forwarded to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the originating website to verify a completed payment. This transaction number does not contain any information about the actual payment data of your payment methods stored in Google Pay but is created and transmitted as a uniquely valid numerical token. Google acts only as a mediator for processing payments in all Google Pay transactions. The transaction is carried out solely between the user and the originating website by charging the payment method stored in Google Pay.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Google reserves the right to collect, store, and analyze certain process-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and any associated offer, if applicable.
According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR based on the legitimate interest in proper billing, verification of transaction data, and optimization and preservation of the Google Pay service.
Google also reserves the right to merge the processed transaction data with additional information collected and stored by Google when using other Google services.
The terms of use for Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
For further information on data protection with Google Pay, please visit the following website:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna
On this website, one or more online payment methods from the following provider are available: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
If you choose a payment method from the provider where you pay in advance (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the contents of your order will be disclosed to them in accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data will only be passed on to the provider for the purpose of payment processing and only to the extent necessary.
If you choose a payment method where the provider pays in advance (such as invoice or installment payment or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, possibly data for an alternative payment method) during the ordering process.
To protect our legitimate interest in determining the solvency of our customers, we will forward this data to the provider for the purpose of a credit check in accordance with Art. 6 para. 1 lit. f GDPR. Based on the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experiences), the provider will determine whether the payment option selected by you can be granted with regard to payment and/or default risks.
In addition to provider-specific criteria according to Art. 6 para. 1 lit. f GDPR, identity and credit information from the following credit agencies may be included in the decision-making process within the scope of the application review:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may include probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. Address data, among other things, but not exclusively, is included in the calculation of the score values.
You can object to the processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- Paypal
On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
When selecting a payment method from the provider where you make a prepayment, your payment data provided during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be disclosed to them in accordance with Art. 6 para. 1 lit. b GDPR. Your data will be disclosed solely for the purpose of processing the payment with the provider and only to the extent necessary.
When selecting a payment method where we make a prepayment, you will also be asked to provide specific personal data (first and last name, street, house number, postcode, city, date of birth, email address, phone number, and possibly data regarding an alternative payment method) during the ordering process.
In order to maintain our legitimate interest in determining your creditworthiness in such cases, this data will be transmitted by us to the provider for the purpose of a credit check in accordance with Art. 6 para. 1 lit. f GDPR. Based on the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experiences), the provider will assess whether the payment method selected by you can be granted with regard to payment and/or default risks.
The credit assessment may include probability values (so-called score values). If score values are included in the result of the credit assessment, they are based on a scientifically recognized mathematical-statistical procedure. Address data is among the data used in the calculation of score values.
You can object to the processing of your data at any time by sending a message to us or directly to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
- Shopify Payments
On this website, one or more online payment methods from the following provider are available: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
When selecting a payment method from the provider where you make a prepayment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be disclosed to them in accordance with Art. 6 para. 1 lit. b GDPR. Your data will be disclosed solely for the purpose of processing the payment with the provider and only to the extent necessary.
- SOFORT
On this website, one or more online payment methods from the following provider are available: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany.
When selecting a payment method from the provider where you make a prepayment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be disclosed to them in accordance with Art. 6 para. 1 lit. b GDPR. Your data will be disclosed solely for the purpose of processing the payment with the provider and only to the extent necessary.
9) Retargeting/ Remarketing and Conversion-Tracking
9.1 Meta Pixel
Within our online offering, we use the service "Meta Pixel" from the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Meta").
When a user clicks on an advertisement placed by us on Facebook and/or Instagram, the URL of our linked page is expanded with a parameter using "Meta Pixel". This URL parameter is then entered into the user's browser after redirection by a cookie set by our linked page itself.
This makes it possible for Meta to determine the visitors of our online offering as a target group for the display of advertisements (so-called "Ads"). Accordingly, we use the service to show Facebook and/or Instagram Ads only to those users who have shown an interest in our online offering or exhibit certain characteristics (e.g. interests in specific topics or products determined based on visited websites) that we transmit to Meta (so-called "Custom Audiences").
On the other hand, with the "Meta Pixel", it can be traced whether users were redirected to our website after clicking on an advertisement and what actions they take there (so-called "conversion tracking").
The data collected is anonymous to us, and does not provide insights into the identity of the users. However, the data is stored and processed by Meta, allowing a connection to the respective user profile and enabling Meta to use the data for its own advertising purposes.
All of the described processes, especially the setting of cookies for reading information on the end device used, are only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by disabling this service in the "Cookie Consent Tool" provided on the website.
We have entered into a data processing agreement with the provider to ensure the protection of the data of our site visitors and to prohibit unauthorized disclosure to third parties.
The information generated by Meta is usually transmitted to a server of Meta and stored there; in this context, it may also be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider has joined the EU-US Privacy Shield Framework, which ensures compliance with the European data protection level based on an adequacy decision of the European Commission.
9.2 Google Ads Remarketing
This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
For this purpose, Google places a cookie in your device's browser, which enables interest-based advertising automatically based on a pseudonymous cookie ID and the pages you visit. Further data processing only takes place if you have agreed to Google linking your internet and app browsing history with your Google account and using information from your Google account to personalize ads you view on the web. If you are logged into Google during your website visit and have agreed to this, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. Your personal data is temporarily linked with Google Analytics data to create audience lists. In the use of Google Ads Remarketing, personal data may also be transferred to the servers of Google LLC. in the USA.
All processing described above, especially the setting of cookies to read information on the device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, the use of retargeting technology during your visit to the site will not take place.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website.
For data transfers to the USA, the provider has joined the EU-US Privacy Shield, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
10) Site Functionality
Endereco
In order to enable real-time verification of certain inputs in the address form of the ordering process of our webshop for input errors, we use the services of the following provider: Endereco UG, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany.
The provider validates the entered address, verifies the spelling, and possibly adds missing data. If the address is not clear, correct alternative suggestions are displayed. For this purpose, the address data entered by you is transmitted to the provider, stored and evaluated there.
This processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in properly capturing the correct address data of the customer for the careful fulfillment of our contractual delivery obligations and to prevent contract performance issues.
The provider processes the data separately and does not merge it with other databases, deleting it as soon as its status or correctness has been confirmed, but no later than after 30 days.
11) Rights of the Data Subject
11.1 The applicable data protection law grants you the following rights as a data subject with regard to the processing of your personal data by the controller (information and intervention rights), with reference to the legal basis mentioned for the respective exercise requirements:
Right to information according to Art. 15 GDPR;
Right to rectification according to Art. 16 GDPR;
Right to erasure according to Art. 17 GDPR;
Right to restriction of processing according to Art. 18 GDPR;
Right to be informed according to Art. 19 GDPR;
Right to data portability according to Art. 20 GDPR;
Right to withdraw consent granted according to Art. 7 para. 3 GDPR;
Right to lodge a complaint according to Art. 77 GDPR.
11.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCE OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE REASONS FOR PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA TO CONDUCT DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.
12) Duration of storage of personal data
The duration of the storage of personal data is determined based on the respective legal basis, the processing purpose, and – if applicable – additionally based on the respective statutory retention period (e.g. commercial and tax retention periods).
When processing personal data based on explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the relevant data will be stored until you revoke your consent.
If there are statutory retention periods for data processed in the context of contractual or contract-like obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods expire, unless it is no longer necessary for contract fulfillment or initiation and/or we no longer have a legitimate interest in continued storage.
When processing personal data based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
When processing personal data for the purpose of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 2 GDPR.
Unless otherwise specified in the specific processing situations described in this statement, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.