Privacy Policy
1) Information on the Collection of Personal Data and Contact Details of the Data Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when using our website. Personal data is any information that can be used to personally identify you.
1.2 The data controller responsible for processing personal data on this website in accordance with the General Data Protection Regulation (GDPR) is Vestiti Limited. The data controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the prefix "https://" and the lock symbol in your browser's address bar.
2) Data Collection When Visiting Our Website
When you use our website purely informatively, meaning if you do not register or provide us with any other information, we only collect the data that your browser sends to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary to display the website to you:
- The website you visited
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Browser used
- Operating system used
- IP address used (if applicable, in anonymized form)
The processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to retrospectively check the server log files if there are concrete indications of unlawful use.
3) Cookies
To make your visit to our website more attractive and to enable the use of certain features, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on a subsequent visit (persistent cookies). When cookies are set, they collect and process certain user information, such as browser and location data, and IP address values. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
Cookies are partly used to simplify the ordering process by storing settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). To the extent that individual cookies implemented by us also process personal data, the processing is carried out according to Art. 6 (1) (b) GDPR, either for the performance of the contract, or according to Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.
We may cooperate with advertising partners who help make our internet offering more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive during your visit to our website (third-party cookies). If we cooperate with the mentioned advertising partners, you will be individually and separately informed about the use of such cookies and the extent of the information collected in the following sections.
Please note that you can configure your browser to be informed about the setting of cookies and to individually decide on their acceptance, or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in how it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find this information for the respective browsers under the following links:
-
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/en-us/kb/cookies-allow-and-disallow
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Safari: https://support.apple.com/kb/ph21411?locale=en_US
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that the functionality of our website may be limited if you do not accept cookies.
4) Contacting Us
When you contact us (for example, via a contact form or email), personal data is collected. The data collected in the case of a contact form can be seen in the respective contact form. This data is stored and used solely for the purpose of responding to your request or for contacting you, as well as the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request according to Art. 6 (1) (f) GDPR. If your contact request is aimed at concluding a contract, an additional legal basis for the processing is Art. 6 (1) (b) GDPR. Your data will be deleted once your request has been fully processed, which is the case when it is clear from the circumstances that the matter has been definitively resolved and there are no legal retention obligations.
5) Data Processing When Opening a Customer Account and for Contract Fulfillment
According to Art. 6 (1) (b) GDPR, personal data is collected and processed when you provide it to us for the purpose of executing a contract or when opening a customer account. The data collected is detailed in the respective input forms. You can delete your customer account at any time by sending a message to the address of the data controller provided above. We store the data you provide and use it for the execution of the contract. After the contract has been fully executed or your customer account has been deleted, your data will be blocked in view of tax and commercial retention periods and, after the expiration of these periods, deleted, unless you have expressly consented to further use of your data or if there is a legally permissible further processing reserved by us, about which we will inform you below.
6) Use of Your Data for Direct Advertising
6.1 Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory data required to send the newsletter is your email address. Providing additional data is optional and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you the newsletter if you have explicitly confirmed that you agree to receive it. We will send you a confirmation email asking you to confirm via a link that you want to receive the newsletter in the future.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 (1) (a) GDPR. When subscribing to the newsletter, we store the IP address recorded by your internet service provider (ISP) as well as the date and time of the subscription to detect any misuse of your email address at a later time. The data collected during the newsletter subscription is used solely for advertising purposes via the newsletter. You can unsubscribe from the newsletter at any time via the designated link in the newsletter or by sending a message to the data controller mentioned above. After unsubscribing, your email address will be immediately removed from our newsletter distribution list, unless you have explicitly consented to further use of your data or if we reserve the right to use your data in a manner that is legally permissible and about which we inform you in this statement.
6.2 Sending Email Newsletters to Existing Customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range via email. We do not need to obtain separate consent for this. In this case, the data processing is solely based on our legitimate interest in personalized direct advertising in accordance with Art. 6 (1) (f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails. You have the right to object at any time to the use of your email address for the above-mentioned advertising purposes with future effect by sending a message to the data controller mentioned above. Only transmission costs according to the basic rates will be charged for this. Upon receipt of your objection, the use of your email address for advertising purposes will be immediately discontinued.
7) Data Processing for Order Fulfillment
7.1
The personal data we collect is transmitted to the transport company assigned with the delivery as part of the contract execution, to the extent necessary for the delivery of the goods. Your payment details are transmitted to the relevant credit institution for the purpose of processing the payment, to the extent necessary for payment processing. If payment service providers are involved, we will explicitly inform you about this below. The legal basis for the data transmission is Art. 6 (1) (b) GDPR.
7.2 Use of Payment Service Providers
PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "payment on account" or "installment payment" via PayPal, we pass your payment details to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transmission is in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.
PayPal reserves the right to perform a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "payment on account" or "installment payment" via PayPal. For this purpose, your payment details may be transmitted to credit information agencies in accordance with Art. 6 (1) (f) GDPR based on PayPal's legitimate interest in determining your creditworthiness. The result of the credit check regarding the statistical probability of default is used by PayPal to make a decision on offering the relevant payment method. Creditworthiness information may include probability values (so-called score values). If score values are included in the result of the credit check, these are based on a scientifically recognized mathematical-statistical process. The calculation of score values includes, but is not limited to, address data.
For more information on PayPal's privacy settings, including the credit information agencies used, please refer to PayPal's privacy statement: PayPal Privacy.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data as far as necessary for contractual payment processing.
SOFORT
When selecting the payment method "SOFORT," the payment processing is carried out by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we transmit the data provided during the ordering process along with the information about your order, in accordance with Art. 6 (1) (b) GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transmission of your data is solely for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary for this purpose.
For more information on SOFORT's privacy conditions, you can visit the following link: SOFORT Privacy.
8) Contact for Review Reminder
Own Review Reminder (No Sending via a Customer Review System)
We use your email address to remind you once to leave a review of your order for the review system we use, provided that you have given us your explicit consent for this during or after your order, in accordance with Art. 6 (1) (a) GDPR. You may withdraw your consent at any time by sending a message to the data controller.
9) Use of Social Media: Social Plugins
9.1 Facebook Plugins with Shariff Solution
To protect your data when you visit our website, these buttons are not fully integrated as plugins but are used only as HTML links on the page. This integration ensures that when you open a page of our website that contains such buttons, no connection to Facebook's servers is made. If you click on the button, a new browser window will open the Facebook page, where you can interact with the plugins (possibly after entering your login details).
Facebook Inc., located in the USA, is certified under the EU-U.S. Privacy Shield, which ensures compliance with the data protection level applicable in the EU. The purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and options to protect your privacy, can be found in Facebook's privacy policy: Facebook Privacy.
9.2 Google+ Plugins as Shariff Solution
Our website uses so-called social plugins ("plugins") of the social network Google+, managed by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). To protect your data when you visit our website, these buttons are not fully integrated as plugins but are used only as HTML links on the page. This integration ensures that when you open a page of our website containing such buttons, no connection to Google+'s servers is made. If you click on the button, a new browser window will open the Google+ page, where you can interact with the plugins (possibly after entering your login details).
Google LLC, located in the USA, is certified under the EU-U.S. Privacy Shield, which ensures compliance with the data protection level applicable in the EU. The purpose and scope of data collection and the further processing and use of data by Google, as well as your rights and options to protect your privacy, can be found in Google's privacy policy: Google Privacy.
9.3 Instagram Plugin as Shariff Solution
Our website uses so-called social plugins ("plugins") of the online service Instagram, managed by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram"). To enhance the protection of your data when visiting our website, these buttons are not fully integrated as plugins but are used only as HTML links on the page. This integration ensures that when you open a page of our website containing such buttons, no connection to Instagram's servers is made. If you click on the button, a new browser window will open the Instagram page, where you can interact with the plugins (possibly after entering your login details).
Instagram LLC, located in the USA, is certified under the EU-U.S. Privacy Shield, which ensures compliance with the data protection level applicable in the EU. The purpose and scope of data collection and the further processing and use of data by Instagram, as well as your rights and options to protect your privacy, can be found in Instagram's privacy policy: Instagram Privacy.
10) ONLINE MARKETING
10.1 DoubleClick by Google
10.1 Use of DoubleClick by Google
This website uses the online marketing tool DoubleClick by Google, managed by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick").
DoubleClick uses cookies to display relevant ads to users, improve campaign performance, and prevent users from seeing the same ads multiple times. Through a cookie ID, Google records which ads are shown in which browser, thereby preventing repeated display of the same ads. The processing is based on our legitimate interest in the optimal marketing of our website according to Art. 6 (1) (f) GDPR.
Additionally, DoubleClick may use cookie IDs to track so-called conversions related to ad requests. For example, if a user sees a DoubleClick ad and later visits the advertiser's website using the same browser and makes a purchase, this can be tracked. According to Google, DoubleClick cookies do not contain personal information.
By using these marketing tools, your browser automatically establishes a direct connection to Google's server. We have no influence over the extent and further processing of the data collected by Google using this tool, and therefore inform you to the best of our knowledge: Through the integration of DoubleClick, Google receives the information that you have visited a part of our website or clicked on one of our ads. If you are registered with a Google service, Google may link the visit to your account. Even if you are not registered or logged in to Google, there is a possibility that the provider will detect and store your IP address.
If you wish to opt out of this tracking method, you can disable cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com through Google Ads Settings. This setting will be removed when you clear your cookies. Alternatively, you can visit the Digital Advertising Alliance's website www.aboutads.info to obtain information on how to set cookies and adjust your settings. You can also configure your browser to inform you about the placement of cookies and decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general. Please note that the functionality of our website may be limited if you do not accept cookies.
Google LLC, based in the USA, is certified under the EU-U.S. Privacy Shield, which ensures compliance with the level of data protection applicable in the EU.
More information on DoubleClick by Google's privacy practices can be found on the following website: Google Privacy.
10.2 Use of Google AdWords Conversion Tracking
This website uses the online advertising program "Google AdWords" and, as part of Google AdWords, Google LLC's conversion tracking, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google AdWords to bring our attractive offers to your attention using ads (so-called Google AdWords) on external websites. We can analyze the effectiveness of individual advertising campaigns based on the data from the campaigns. Our goal is to show you relevant ads, make our website more interesting for you, and ensure fair calculation of advertising costs.
The conversion tracking cookie is placed when a user clicks on an AdWords ad displayed by Google. Cookies are small text files stored on your computer system. These cookies generally expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user has clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies cannot therefore be tracked across AdWords customers' websites. The information collected through the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Customers are informed about how many users have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they do not receive information that would allow users to be personally identified.
If you do not wish to participate in the tracking process, you can disable the Google conversion tracking cookie in your internet browser's user settings. You will then not be included in the conversion tracking statistics. We use Google AdWords based on our legitimate interest in targeted advertising according to Art. 6 (1) (f) GDPR.
Google LLC, based in the USA, is certified under the EU-U.S. Privacy Shield, which ensures compliance with the level of data protection applicable in the EU.
For more information on Google's privacy policies, please visit: Google Privacy. You can permanently disable cookies for ad settings by adjusting your browser settings accordingly or by downloading and installing the browser plugin available at the following link: Google Ads Plugin.
Please note that certain features of this website may not be available or may be limited if you disable the use of cookies.
For more information about DoubleClick by Google’s privacy practices, please visit the following website: Google Privacy.
11) WEB ANALYSIS SERVICES
Google (Universal) Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies," which are text files placed on your computer to analyze your use of the website. The information generated by the cookie about your use of this website (including the truncated IP address) is usually transmitted to and stored on a server of Google in the USA.
This website uses Google Analytics with the extension "_anonymizeIp()" to ensure the anonymization of your IP address by truncating it, which excludes direct personal identification. By using this extension, your IP address is truncated by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. In these exceptional cases, the processing is carried out based on Art. 6, para. 1, lit. f GDPR, on the grounds of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
Google will use this information on our behalf to evaluate your use of the website, compile reports on website activities, and provide other services related to website and internet use. The IP address transmitted by your browser through Google Analytics will not be merged with other data from Google.
You can prevent the storage of cookies by adjusting the settings in your browser software. However, please note that you may not be able to use all features of this website fully in that case. Additionally, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of these data by Google by downloading and installing the browser plugin available at the following link: Google Analytics Opt-Out.
As an alternative to the browser plugin or for mobile browsers, you can click on the following link to set an opt-out cookie that will prevent the collection by Google Analytics on this website in the future (this opt-out cookie only works in this browser and only for this domain; if you delete your cookies in this browser, you will need to click this link again): Disable Google Analytics.
Google LLC, located in the USA, is certified under the EU-U.S. Privacy Shield, which ensures compliance with the level of data protection required in the EU.
This website also uses Google Analytics for cross-device analysis of visitor flows, which is performed via a User-ID. Upon your first visit to a page, you are assigned a unique, permanent, and anonymized ID that is set across devices. This allows interaction data from different devices and sessions to be assigned to a single user. The User-ID does not contain personal data and does not send such data to Google.
You can object to the collection and storage of data via the User-ID at any time with future effect. You must disable Google Analytics on all systems you use, such as in another browser or on your mobile device. You can disable this by using the Google Opt-Out Plugin. Alternatively, by clicking the following link, you can set an opt-out cookie that will prevent the collection by Google Analytics on this website in the future: Disable Google Analytics.
For more information about Universal Analytics, please visit: Universal Analytics.
12) RETARGETING/REMARKETING/ADVERTISING ADVICE
Facebook Custom Audience via the Pixel Process
This website uses the "Facebook Pixel" provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). If you have given explicit consent, it can be used to track user behavior after they have viewed or clicked on a Facebook advertisement. This process is intended to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising campaigns.
The data collected is anonymous to us, which means we cannot draw conclusions about the identity of users. However, the data is stored and processed by Facebook, allowing it to link with the respective user profile, and Facebook can use the data for its own advertising purposes according to Facebook's Privacy Policy (Facebook Privacy).
You can allow Facebook and its partners to display ads on and off Facebook. A cookie may also be placed on your computer for these purposes. These processing activities only take place with explicit consent in accordance with Art. 6, para. 1, lit. a GDPR.
Consent for the use of the Facebook Pixel may only be given by users who are over the age of 13. If you are younger, we ask that you seek consent from your parents or guardians.
Facebook Inc., based in the USA, is certified under the EU-U.S. Privacy Shield, which ensures compliance with the data protection level required in the EU.
To deactivate the use of cookies on your computer, you can configure your internet browser to prevent cookies from being placed or to delete cookies that have already been placed. However, disabling all cookies may result in some functions of our websites being restricted. You can also disable the use of cookies by third parties like Facebook via the Digital Advertising Alliance website: Digital Advertising Alliance.
Google AdWords Remarketing
Our website uses the features of Google AdWords Remarketing, which allows us to advertise this website in Google's search results and on other websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For this purpose, Google places a cookie in your device's browser, which enables personalized ads based on a pseudonymous cookie ID and the pages you have visited. This processing is carried out based on our legitimate interest in optimal marketing of our website according to Art. 6, para. 1, lit. f GDPR.
Further data processing only occurs if you have given Google permission to link your internet and app browsing history with your Google account and to use information from your Google account for personalizing the ads you see on the web. If you are logged into Google during your visit to our website, Google uses your data along with Google Analytics data to create and define audience lists for cross-device remarketing. To do this, your personal data is temporarily linked with Google Analytics data to form audiences.
You can permanently disable the placement of cookies for ad preferences by downloading and installing the browser plugin available at the following link: Google Ads Settings.
Alternatively, you can find information about cookie settings and manage your preferences on the Digital Advertising Alliance website: Digital Advertising Alliance. You can also configure your browser to be informed about cookie placement and decide individually whether to accept them or exclude their acceptance for specific cases or in general. Not accepting cookies may limit the functionality of our website.
Google LLC, based in the USA, is certified under the EU-U.S. Privacy Shield, which ensures compliance with the data protection level required in the EU.
For more information about ads and Google, please visit: Google Ads Privacy.
13) RIGHTS OF THE DATA SUBJECT
13.1 The applicable data protection law grants you extensive rights (information and intervention rights) regarding the processing of your personal data by the data controller. Below, we provide information on these rights:
Right to Information under Art. 15 GDPR: You have the right to obtain information about your personal data processed by us, including the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned retention period or the criteria for determining the retention period, the existence of the right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the source of your data if not collected from you, the existence of automated decision-making, including profiling, and significant information about the involved logic, as well as the impact and intended consequences of such processing, and your right to be informed about the safeguards according to Art. 46 GDPR applicable to the transfer of your data to third countries.
Right to Rectification under Art. 16 GDPR: You have the right to obtain the immediate rectification of inaccurate data and/or the completion of incomplete data that we have stored about you.
Right to Erasure under Art. 17 GDPR: You have the right to request the erasure of your personal data if the conditions of Art. 17, para. 1 GDPR are met. However, this right does not exist, in particular, if the processing is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for asserting, exercising, or defending legal claims.
Right to Restriction of Processing under Art. 18 GDPR: You have the right to request the restriction of processing of your personal data while the accuracy of your data is contested, if you refuse the erasure of your data due to unlawful processing and instead request the restriction of processing, if you need your data for the assertion, exercise, or defense of legal claims, after we no longer need the data for the purposes for which it was collected, or if you have objected to processing based on grounds related to your particular situation, as long as it has not yet been determined whether our legitimate interests override your interests.
Right to Notification under Art. 19 GDPR: If you have exercised the right to rectification, erasure, or restriction of processing with the controller, they are obligated to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of data or restriction of processing, unless this is impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to Data Portability under Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller, insofar as this is technically feasible.
Right to Withdraw Consent under Art. 7, para. 3 GDPR: You have the right to withdraw any consent previously given for the processing of data at any time with future effect. In the event of withdrawal, we will promptly delete the affected data, unless further processing can be based on a legal basis for processing without consent. The lawfulness of the processing based on consent prior to its withdrawal is not affected by the withdrawal of consent.
Right to Lodge a Complaint under Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, without prejudice to other administrative or judicial remedies, in particular in the member state of your residence, workplace, or the place of the alleged infringement.
13.2 Right to Object
If we process your personal data based on a balancing of interests, you have the right to object to this processing at any time on grounds relating to your particular situation. This objection will have effect for the future.
If you exercise your right to object, we will cease processing the relevant data. However, further processing may still occur if we can demonstrate compelling, legitimate reasons for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for such marketing at any time. You can exercise this right as described above.
If you exercise your right to object, we will cease processing your data for direct marketing purposes.
14) Duration of Data Storage
The duration of the storage of personal data is determined based on statutory retention periods (e.g., commercial and tax retention periods). After the retention period expires, the relevant data is routinely deleted, unless further retention is necessary for the performance of a contract or the conclusion of a contract and/or if we have a legitimate interest in further storage.