Privacy declaration according to the GDPR
This data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our website.
I. Name and address of the person responsible
The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Managing Directors: Ina Fischer and Christian Jaehnel
Register: Charlottenburg Local Court, HRB 164410 B
Phone: 030 54 88 40 53
II. General information on data processing
1. Scope of the processing of personal data
We only process personal data of our users if this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users takes place regularly only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.
We process inventory data (e.g., name, address and e-mail address) as well as contract data (e.g., services used, payment information) of our customers, interested parties and business partners for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 Para. 1 letter b. DSGVO and for marketing, advertising and market research purposes pursuant to Art. 6 para. 1 lit. f. DSGVO. The entries marked as mandatory in online forms are required for the conclusion of the contract.
2. Legal basis for the processing of personal data
As we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Ordinance (GDPR) serves as the legal basis. In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. As the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, article 6(1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
3. Data erasure and storage time
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
4. Cooperation with contract processors and third parties, hosting
If we transfer data to other persons and companies (contractors or third parties) within the scope of our processing or otherwise grant them access to the data, this is only on the basis of a legal permission, you have consented, a legal obligation this provides, the processing of contractual relationships with you or we have a legitimate interest in the data transmission (e.g. when using agents, web hosters, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of art. 28 GDPR.
The hosting services used by us serve the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services which we use for the purpose of operating this online service. Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 lit. f DSGVO in connection with Art. 28 DSGVO (conclusion of an order processing contract).*
5. Data security
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
6. Company profiles in social media
We operate company profiles within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
III. Provision of the website and creation of log files
When you visit our website https://www.pattydoo.de, the browser used on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
- Information about the browser type and version used
- The user's operating system
- The user's Internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system reaches our website
- Websites accessed by the user's system through our website
- Protocol (GET or POST)
- Status code (200 or 500)
The mentioned data will be processed by us for the following purposes:
- Ensuring a smooth connection of the website,
- Ensure comfortable use of our website,
- evaluation of system security and stability as well as
- for other administrative purposes.
As far as cookies are concerned, which are technically necessary, our legitimate interest in data processing lies in the above-mentioned purposes. The legal basis in these cases is Art. 6 Para. 1 lit. f) GDPR. In all other cases the legal basis is Art. 6 para. 1 lit. a) GDPR (your consent). You can change or withdraw your consent at any time in the cookie settings.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may prevent führen from allowing you to use all functions of our website.
V. User account
Users can optionally create a user account. During the registration process, the necessary mandatory information will be provided to the users. The data entered during registration will be used for the purposes of using our web shop. Users can be informed by e-mail about information relevant to the offer or registration, such as changes in the scope of the offer or technical circumstances. If users have terminated their user account, their data will be deleted with regard to the user account, subject to its retention for commercial or tax reasons pursuant to Art. 6 para. 1 lit. c DSGVO. It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.*
Within the scope of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c DSGVO. The IP addresses will be anonymised or deleted after 7 days at the latest.*
VI. Email contact
Contact with us is possible via the e-mail address email@example.com provided. In this case, the user's personal data transmitted by e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 exp. 1 lit. b GDPR.
The processing of the personal data from the e-mail serves us only for the treatment of the establishment of contact. This also includes the necessary legitimate interest in the processing of the data.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data sent by e-mail, this is the case when the conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail (firstname.lastname@example.org), he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
VII. Contact form
If you have any questions, we offer you the possibility to contact us via a form provided on the website. The following personal data must be provided: email address
So we know who sent the request and can answer it. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. The personal data collected by us for the use of the contact form will be automatically deleted after you have completed your request.
VIII. Comments and contributions
If users leave comments or other contributions, their IP addresses will be used on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. of the German Data Protection Act. DSGVO for 7 days. This is done for our security if someone leaves illegal contents (insults, forbidden political propaganda, etc.) in comments and contributions. In this case we can be prosecuted ourselves for the comment or contribution and are therefore interested in the identity of the author.*
IX. Comment Subscriptions
Subsequent comments may be subscribed to by users with their consent pursuant to Art. 6 para. 1 lit. a DSGVO. Users receive a confirmation email to check whether they are the owner of the email address entered. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will contain information on the cancellation options.*
You can subscribe to a free newsletter on our website. When registering for the newsletter, the following data from the input mask is transmitted to us:
- E-mail address (required)
- First name (optional)
- Last name (optional)
In the course of the registration process, your consent is obtained for the processing of the data and reference is made to this data protection declaration. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. The changes to your data stored with the shipping service provider are also logged.
Klaviyo, Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level, information on this here.
Furthermore, Klaviyo can use this data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, Klaviyo does not use the data of our newsletter recipients to write them down or pass them on to third parties.
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file which is retrieved from the server of the shipping service when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention, nor that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR. The collection of the user's e-mail address serves to send the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter. This also makes it possible to revoke the consent to the storage of personal data collected during the registration process. Alternatively, you are welcome to send your unsubscription request at any time to: email@example.com
XI. Advertising via e-mail
We also process personal data (e.g. name, address, e-mail address) for the purposes of advertising communication, which can take place via various channels, such as e-mail, in accordance with the legal requirements. You have the right to revoke any consent you have given us at any time or to object to promotional communication at any time.
As far as you have not objected to the use of your personal data for advertising purposes or have revoked a consent granted to us, our legitimate interest in data processing lies in the promotional communication with our customers. The legal basis in these cases is Art. 6 Para. 1 lit. f) GDPR. If you have given us consent, the legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.
XII. Amazon Affiliate Program
Further information on Amazon's use of data and possible objections can be found in the company's data protection declaration: http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?i….*
XIII. Tracking Tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 f GDPR. With the tracking measures used, we want to ensure that our website is designed to meet requirements and is continually optimised. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our website für These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
1. Google Analytics
For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymised user profiles are created and cookies (see point IV) are used. The information generated by the cookie about your use of this website such as
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
XIV. Social Media Plug-ins
We use social plug-ins of the social networks Facebook on our website on the basis of Art. 6 Para. 1 S. 1 lit. f DSGVO in order to make pattydoo better known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the DSGVO. Responsibility for data protection-compliant operation is to be guaranteed by the respective provider. The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.
Social media plugins from Facebook are used on our website to make their use more personal. For this we use the "LIKE" or "SHARE" button. This is an offer from Facebook. If you access a page of our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which integrates it into the website. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example by clicking the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends. Facebook may use this information for the purpose of advertising, market research and tailoring Facebook Pages to your needs. To this end, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. If you do not want Facebook to associate the information collected through our website with your Facebook account, you must log out of Facebook before visiting our website. Please refer to Facebook's Privacy Notice (https://www.facebook.com/about/privacy) for the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights and privacy settings in this regard.
XV. Integration of services and contents of third parties
Within the scope of our online offer, we act on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. of the German Civil Code). DSGVO) content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the user, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring web pages, visit times and other information about the use of our online services, as well as may be linked to such information from other sources.*
2. Google Fonts
3. Google ReCaptcha
We integrate the function for recognition of bots, e.g. for entries in online forms ("ReCaptcha") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Statement: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.*
XVI. Rights of the data subject
If personal data are processed by you, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
1. Right of information
You can ask the person in charge to confirm whether personal data concerning you will be processed by us.
If such processing has taken place, you can request information from the person responsible about the following information:
- the purposes for which the personal data are processed;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
- the planned duration of the storage of personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- the existence of a right to have your personal data concerning you corrected or deleted, a right to have the data controller restrict processing or to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information on the origin of the data if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
2. The right of correction
You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.
3. Right of limitation of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
- if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
- if you have filed an objection against the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the limitation of the processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
4. Right of cancellation
a) Duty of Erasure
You can demand that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately, if one of the following reasons applies:
- the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- you revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
- you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
- the personal data concerning you have been processed unlawfully.
- the deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- the personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
The right to cancellation does not exist insofar as the processing is necessary
- to exercise freedom of expression and information;
- for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
- to assert, exercise or defend legal claims.
5. Right of information
If you have exercised your right to have the processing corrected, deleted or restricted, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the person responsible to be informed about these recipients.
6. Right of objection
You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f GDPR for reasons arising from their particular situation; this also applies to profiling based on these provisions. The person responsible no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right of objection in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
7. Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
8. right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of having infringed the GDPR, if you believe that the processing of personal data concerning you is contrary to it. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Version: August 2020
This data protection declaration has been created in part with the help of the data protection generator of RA Dr. Thomas Schwenke (sections marked with *).