We are glad that you have shown interest in our business. Data protection is particularly important for Marfuny's management. You can use Marfuny's Internet pages without any personal data instructions; however, if the data subject wants to use special corporate services through our website, it is necessary to process personal data. If it is necessary to process personal data and there is no legal basis for processing, we usually obtain the consent of the data subject.
Processing personal data, such as the name, address, e-mail address, or phone number of the data subject, should always comply with the General Data Protection Regulation (GDPR) and the country-specific data protection applicable to Marfuny. Through this data protection statement, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. In addition, through this data protection statement, data subjects can be informed of their rights.
As a controller, Marfuny has taken many technical and organizational measures to ensure the most comprehensive protection of personal data processed through this website. However, in principle, there may be security holes in Internet-based data transmission, so absolute protection may not be guaranteed. Therefore, each data subject can freely transfer personal data to us by other means (for example, by telephone).
Marfuny's data protection statement is based on the terms used by the General Data Protection Regulation (GDPR) adopted by the British lawmakers. Our data protection statement should be clear and understandable to the public as well as our customers and business partners. To ensure this, we must first explain the terminology used.
In this data protection statement, we especially use the following terms:
a) Personal data
Personal data refers to any information related to an identified or identifiable natural person ("data subject"). An identifiable natural person refers to a person who can be identified directly or indirectly, especially by referring to an identifier such as name, identification number, location data, online identifier, or for one or more body-specific, physiological, Genetic, psychological, economic, cultural or social identity.
b) Data subject
The data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for processing.
Processing refers to any operation or set of operations performed on personal data or personal data sets, whether or not performed through automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, through dissemination , Publicize, align or combine, restrict, delete or destroy.
Restricted processing Restriction is to mark stored personal data, and its purpose is to restrict its processing in the future.
Analysis refers to any form of automatic processing of personal data, including the use of personal data to evaluate certain personal aspects related to the natural person, especially the analysis or prediction of the natural person's work performance, economic status, health status, personal preferences , Interest, reliability, behavior, location or action.
Pseudonymization is the processing of personal data in the following way: without the use of additional information, personal data can no longer be attributed to a specific data subject, but only if such additional information should be kept separately and ensured by technical and organizational constraints Personal data does not belong to measures that have been identified or can identify natural persons.
The controller or controller responsible for processing is a natural or legal person, a public authority, agency or other agency that determines the purpose and manner of processing personal data alone or together with others; if the purpose and manner of such processing is It is determined by the laws of the Union or Member States, and the specific standards of controllers or nominations may be stipulated by the laws of the Union or Member States.
The processor is a natural or legal person, public authority, agency or other agency that processes personal data on behalf of the controller.
The recipient is a natural or legal person, public institution, agency or other institution to whom personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data within the framework of specific queries under federal or member state law should not be considered as recipients; the processing of such data by these public agencies should comply with applicable data protection rules according to the purpose of the processing.
j) Third party
Third parties are natural persons or legal persons, public authorities, institutions or organizations other than data subjects, controllers, processors, and persons authorized to process personal data under the direct authorization of the controller or processor.
The data subject ’s consent is any free, clear, informed and unequivocal expression of the data subject ’s wishes, and through statements or clear affirmative action, he or she expresses consent to the processing of personal data related to him or her.
For the purpose of the General Data Protection Regulation (GDPR), other data protection laws applicable in the UK and other regulations related to data protection, the chief financial officer is:
Fashion Marfuny bags
By using cookies, Marfuny can provide users of the site with a more user-friendly service without cookie settings.
The data subject can block the setting of cookies through our website at any time through the corresponding settings of the Internet browser being used, and therefore can permanently refuse to set cookies. In addition, the set cookies can be deleted at any time through the Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the cookie setting in the Internet browser used, it may not be possible to fully use all the functions of our website.
When the data subject or automated system calls the website, marfuny's website will collect a series of regular data and information. This general data and information is stored in server log files. What may be collected are (1) the type and version of browser used, (2) the operating system used to access the system, (3) the website from which the system accesses our website (so-called referrer URL), (4)-website , (5) the date and time of access to Internet sites, (6) Internet protocol address (IP address), (7) Internet service provider accessing the system, and (8) any other similar data, as well as in our information technology system Information that may be used when under attack.
When using these general data and information, Marfuny draws any conclusions about the data subject. Instead, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website and its advertisements, (3) ensure the long-term viability of our information technology system and website technology (4) submit to law enforcement Provide information needed for criminal prosecution in the event of a cyber attack. Therefore, Marfuny will anonymously analyze the collected data and information in a statistical manner to improve the data protection and data security of our enterprise and ensure the best level of protection for the personal data we process. The anonymous data of the server log file is stored separately from all personal data provided by the data subject.
The data subject can register and display personal data on the controller's website. Which personal data is sent to the controller is determined by the corresponding input mask used for registration. Personal data entered by the data subject will be collected and stored for internal use by the controller and for its own purposes. The controller may request transfer to one or more processors (such as parcel service), which also uses personal data for internal purposes attributed to the controller.
On Marfuny's website, users have the opportunity to subscribe to our corporate newsletter. The input mask used for this purpose determines the personal data to be transmitted and the time when the newsletter is ordered from the controller.
Marfuny regularly informs its customers and business partners through newsletters about corporate offers. If (1) the data subject has a valid email address, and (2) the data subject is registered for sending newsletters, the data subject can only receive corporate newsletters. For legal reasons, for the purpose of double choice, a confirmation email will be sent to the data subject ’s registered email address for the first time for newsletter. The confirmation email is used to prove whether the owner of the email address that is the subject of the data is authorized to receive the newsletter.
During the registration of the newsletter, we also stored the IP address of the computer system assigned by the Internet Service Provider (ISP), as well as the IP address used by the data subject at the time of registration and the date and time of registration. In order to understand the (possible) misuse of the data subject ’s email address (later), it is necessary to collect this data, so its purpose is to provide legal protection for the controller.
Personal data collected as part of the newsletter registration will only be used to send our newsletter. In addition, newsletter subscribers can be notified via email, as long as this is necessary for the operation of the newsletter service or related registration, because this may happen when the newsletter offer is modified, or when the technical environment changes . The newsletter service will not transfer the collected personal data to third parties. Data subjects can terminate their subscription to our newsletter at any time. The data subject ’s consent to the storage of personal data provided for the transportation of newsletters can be revoked at any time. In order to withdraw consent, a corresponding link is found in each newsletter.
Marfuny's newsletter contains so-called tracking pixels. Tracking pixels are miniature graphics embedded in such emails, which are sent in HTML format to enable log file recording and analysis. This allows statistical analysis of the success or failure of online marketing activities. Based on the embedded tracking pixels, Marfuny can check whether and when the data subject opened the email, and whether the data subject invoked which links in the email.
The controller stores and analyzes such personal data collected in the tracking pixels included in the newsletter to optimize the delivery of the newsletter and make the content of the future newsletter better adapt to the interests of the data subject. This personal data will not be passed on to third parties. The data subject has the right at any time to revoke the independent consent statements issued through the double selection procedure. After revocation, these personal data will be deleted by the controller. Marfuny will automatically consider withdrawal of the newsletter.
The information contained on Marfuny ’s website allows us to make quick electronic contact with our business, as well as direct contact with us, which also includes the so-called general address of e-mail (e-mail address). If the data subject contacts the controller via e-mail or contact form, the personal data transmitted by the data subject will be automatically stored. For the purpose of processing or contacting the data subject, store such personal data voluntarily transmitted by the data subject to the data controller. This personal data will not be transferred to third parties.
Possibility to contact through the website
Marfuny provides users with the possibility to leave separate comments on individual blog contributions on the blog on the administrator's website. A blog is a web-based, publicly accessible portal through which one or more people called bloggers or web bloggers can publish articles or write ideas in so-called blog posts. Blog posts can usually be commented by third parties.
If the data subject comments on the blog posted on this site, the comments posted by the data subject will also be stored and published, as well as information about the date of the comment and the user (pseudonym) selected by the data subject. . In addition, the IP address assigned to the data subject by the Internet Service Provider (ISP) will be recorded. The storage of the IP address is for security reasons, and is carried out when the data subject violates the rights of a third party or publishes illegal content through a given comment. Therefore, the storage of these personal data is in the personal interest of the data administrator, so if infringement occurs, he can be exempted. These collected personal data will not be passed on to third parties,
The data controller should only process and store the personal data of the data subject within the time required for the purpose of storage, or within the scope permitted by the laws or regulations of the United Kingdom legislator or other legislators. to.
If the storage purpose is not applicable, or if the storage period set by the British legislature or another competent legislative body expires, personal data will be routinely blocked or deleted in accordance with legal requirements.
a) Right to confirm
Each data subject should have the rights granted by the British legislator to ask the controller for confirmation as to whether to process personal data related to him or her. If the data subject wishes to use this confirmation right, he or she can contact any employee of the controller at any time.
b) Access rights
Each data subject should have the rights granted by the British legislator, and free information about their personal data and a copy of that information can be obtained from the controller at any time. In addition, UK directives and regulations grant data subjects access to the following information:
The type of personal data;
Recipients or categories of recipients who have or will disclose personal data, especially recipients in third countries or international organizations;
Where possible, the envisaged period of storage of personal data, or, if not possible, the criteria used to determine that period;
Whether there is a right to request the controller to correct or delete personal data, or to restrict the processing of personal data related to the data subject or to object to such processing;
Have the right to file a complaint with the supervisory authority;
If personal data is not collected from the data subject, any available information about its source;
The existence of automatic decisions (including configuration files) as described in Article 22 (1) and (4) of the GDPR, and at least in these cases, meaningful information about the logic involved and its importance and consequences This processing of the data subject.
In addition, the data subject has the right to obtain information about whether personal data is transferred to a third country or an international organization. In this case, the data subject should have the right to be informed of appropriate protection measures related to the transfer.
If the data subject wishes to use this access right, he or she can contact any employee of the controller at any time.
c) Right to correction
Each data subject should have the rights granted by the British legislator to obtain corrections about his or her incorrect personal data from the controller. Considering the purpose of processing, the data subject should have the right to complete incomplete personal data, including by providing supplementary declarations.
If the data subject wishes to exercise this right of correction, he or she can contact any employee of the controller at any time.
d) Right to delete (right to be forgotten)
Each data subject should have the right granted by the British legislator to delete personal data related to it from the controller without undue delay, and for one of the following reasons, the controller is obliged to delete personal data without delay. As long as no processing is required, it applies:
For the purpose of collecting or otherwise using personal data, personal data is no longer necessary.
The data subject withdraws consent for processing under Article 6 (1) (a) of GDPR or Article 9 (2) (a) of GDPR, and there is no other legal basis for processing.
The data subject objected to the processing under Article 21 (1) of the GDPR and had no legal basis above all else, or the data subject objected to the processing under Article 21 (2) of the GDPR.
Personal data has been processed illegally.
In order to comply with the legal obligations of the laws of the Union or the member states to which the controller is subject, personal data must be deleted.
Personal data related to the information society services mentioned in Article 8 (1) of the GDPR has been collected.
If one of the above reasons exists, and the data subject wishes to request the deletion of personal data stored by Marfuny, he or she can contact any employee of the controller at any time. Marfuny ’s employees should immediately ensure that the removal requirements are complied with immediately.
If the controller has disclosed personal data and is obliged to delete personal data in accordance with Article 17, paragraph 1, the controller shall take into account available technology and implementation costs, and shall take reasonable steps, including technical measures, to inform others of the In the case of processing, any links that process such personal data that the subject of the data requires to be deleted, or the controller that copies or copies these personal data. Marfuny's employees will arrange the necessary measures according to the specific situation.
e) Right to deal with restrictions
Each data subject should have the rights granted by the British legislator and can obtain processing restrictions from one of the following conditions from the controller:
The accuracy of personal data has been questioned by data subjects for a period of time. Enable the controller to verify the accuracy of personal data.
The processing is illegal, and the data subject opposes the deletion of personal data, but requests that its use be restricted.
The controller no longer needs personal data for processing purposes, but personal data required by the data subject to establish, exercise or claim legal claims.
Before verifying whether the controller ’s legal grounds override the data subject ’s legal basis, the data subject has objected to processing under Article 21 (1) of the GDPR.
If one of the above conditions is met, and the data subject wishes to request to restrict the processing of personal data stored by Marfuny, he or she can contact any employee of the controller at any time. Marfuny employees will arrange for processing restrictions.
f) Data portability
Each data subject should have the rights granted by the British legislator to receive his or her personal data in a structured, commonly used and machine-readable format that has been provided to the controller. As long as it is processed in accordance with the consent of Article 6, paragraph 1 (a), he or she has the right to transfer these data to another controller without being hindered by the controller who provided the personal data. GDPR or GDPR Article 9 (2) (a), or a contract signed in accordance with GDPR Article 6 (1) (b), and the processing is carried out in an automated manner, as long as the execution is out of public interest Or the exercise of official powers conferred by the controller is not necessary.
In addition, according to Article 20, paragraph 1, of the GDPR, the right to data portability is exercised, and the data subject shall have the right to transfer personal data directly from one controller to another if it is technically feasible and technically feasible People adversely affect the rights and freedoms of others.
In order to maintain the right to data portability, the data subject can contact any Marfuny employee at any time.
g) Right to object
Each data subject has the right to grant an objection by the British legislator at any time based on his particular circumstances to process his or her personal data based on: GDPR Article 6 (1) e) Or (f). This also applies to profiles based on these regulations.
Unless objections are raised, Marfuny will no longer process personal data unless we can demonstrate compelling legal grounds for processing that are above the interests, rights and freedoms of the data subject, or to establish, exercise or defend legal claims .
If Marfuny processes personal data for direct marketing purposes, the data subject has the right to object to the processing of his or her personal data for such marketing at any time. This applies to analysis related to such direct marketing. If the data subject objected to Marfuny's processing for direct marketing purposes, Marfuny will no longer process personal data for these purposes.
In addition, according to Article 89, the data subject has the right to object to Marfuny ’s processing of his or her personal data for scientific or historical research, or for statistical purposes, on grounds related to his or her special circumstances. 1) Unless the processing required to perform the task is out of public interest.
In order to exercise the right of objection, the data subject can contact any employee of Marfuny. In addition, despite the 2002/58 / EC directive, data subjects are free when using information society services. Or she uses the technical specifications to raise objections in an automated manner.
h) Automated personal decision-making, including profiling
Each data subject should be granted the rights granted by the British legislator and not be affected by the ruling based solely on automated processing (including profiling), which will have legal effect on him or her, or similarly as long as item (1) is It is not necessary to sign or perform a contract between the data subject and the data controller, or (2) The controller has to influence him or her without the authorization of the laws of the Union or the member country. The controller must obey this, and also provides for appropriate Measures to safeguard the rights, freedoms and legal rights of the data subject, or (3) not based on the express consent of the data subject.
If the decision (1) is necessary for the conclusion or performance of the contract between the data subject and the data controller, or (2) the decision is based on the data subject ’s explicit consent, Marfuny should take appropriate measures to protect the data subject ’s rights , Freedom and legal rights, at least the right of the controller to obtain human intervention, express his views and question the decision.
If the data subject wishes to exercise his rights regarding automatic personal decision-making, he or she can contact any Marfuny employee at any time.
i) Right to withdraw data protection consent
Each data subject should have the right granted by the British legislator to withdraw their consent to process their personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, he or she can contact any Marfuny employee at any time.
On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.
A social network is a place for social meetings on the Internet (an online community), usually allowing users to communicate with each other and interact in a virtual space. Social networks can serve as a platform to exchange opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to create private profiles, upload photos, and make network connections through friend requests.
Facebook's operating company is Facebook Inc., located at No. 1 Hacker Way in Menlo Park, California 94025. If someone lives outside the United States or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Plaza, 2 Grand Canal Port, Dublin, Ireland.
Each time one of the various pages of this Internet website is called, the page is operated by the controller and integrates the Facebook component (Facebook plug-in), therefore, the web browser on the data subject information technology system becomes automatically prompt you to use Facebook components from Facebook Download the display of the corresponding Facebook component. An overview of all Facebook plugins can be accessed under https://developers.facebook.com/docs/plugins/. During this technical process, Facebook was informed which specific sub-site of our website the data subject visited.
If the data subject is logged in on Facebook at the same time, Facebook will detect the data subject each time we call our website-and during the entire process of their visit to our Internet site-which specific subsite data subject of our Internet visited the page . This information is collected through the Facebook component and is associated with the corresponding Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated into our website (such as the "Like" button), or if the data subject submits a comment, Facebook will match this information with the data subject's personal Facebook user account and store the profile.
Whenever the data subject logs in on Facebook while calling our website, Facebook always receives information about the data subject's access to our website through the Facebook component. This happens regardless of whether the data subject clicks on the Facebook component. If the data subject does not wish to transmit such information to Facebook, he or she can prevent this by logging out of his Facebook account before calling our website.
The data protection guide published by Facebook (available from https://facebook.com/about/privacy/) provides information about Facebook ’s collection, processing and use of personal data. In addition, it explains what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are provided to eliminate data transfer to Facebook. Data subjects can use these applications to eliminate data transfer to Facebook.
The controller has integrated Google remarketing services on this site. Google remarketing is a feature of Google AdWords, which allows companies to display advertisements to Internet users who previously resided on corporate Internet sites. Therefore, the integration of Google Remarketing allows companies to create user-based advertisements to display relevant advertisements to interested Internet users.
The purpose of Google remarketing is to insert interest-related ads. Through Google remarketing, we can display advertisements on the Google network or other websites according to personal needs and in line with the interests of Internet users.
Google Remarketing sets cookies on the data subject ’s information technology system. The definition of cookies is explained above. Through the setting of cookies, if Google calls a continuous web page (also a member of the Google advertising network), then Google can recognize visitors to our website. Each time the service is integrated into an Internet site through Google Remarketing, the web browser of the data subject is automatically identified with Google. In the course of this technical process, Google will receive personal information, such as IP address or user's online behavior, and Google will use it specifically to insert interest-related advertisements.
Cookies are used to store personal information, for example, Internet pages accessed by data subjects. Every time we visit an Internet page, personal data (including the IP address used by the data subject for Internet access) is transmitted to Google in the United States. This personal data is stored by Google in the United States. Google may pass these personal data collected through technical procedures to third parties.
As mentioned above, the data subject can prevent the setting of cookies through our website at any time by making appropriate adjustments to the web browser used, thereby permanently refusing to set cookies. This adjustment to the Internet browser used will also prevent Google from setting cookies on the information technology system of the data subject. In addition, cookies already used by Google can be deleted at any time through a web browser or other software programs.
In addition, data subjects may oppose Google ’s interest-based advertising. To this end, the data subject must call the link www.google.de/settings/ads and make the required settings on each Internet browser used by the data subject.
For more information about Google and actual data protection regulations, please visit https://www.google.com/intl/zh-CN/policies/privacy/.
The controller has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads on Google search engine results and the Google advertising network. When users use search engines to retrieve search results related to keywords, Google AdWords allows advertisers to pre-define specific keywords before displaying ads in Google ’s search results. In the Google advertising network, taking into account the previously defined keywords, ads will be distributed on relevant pages using automatic algorithms.
The purpose of Google AdWords is to promote our website by including relevant advertisements on third-party websites and search engine Google ’s search engine results, and inserting third-party advertisements on our website.
If the data subject reaches our website via Google ads, the conversion cookie will be submitted to the data subject ’s information technology system via Google. The definition of cookies is explained above. The conversion cookie will expire after 30 days, so it cannot be used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain subpages are called on our website, for example, a shopping cart from an online store system. By converting cookies, both Google and the controller can understand whether the users who placed AdWords ads on our website generated sales, that is, executed or cancelled the sale of goods.
The data and information collected by Google using conversion cookies is used to create visit statistics for our website. Use these visit statistics to determine the total number of users served through AdWords ads, to determine the success or failure of each AdWords ad, and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that identifies the data subject.
Conversion cookies store personal information, for example, Internet pages visited by data subjects. Every time we visit an Internet page, personal data (including the IP address used by the data subject for Internet access) is transmitted to Google in the United States. This personal data is stored by Google in the United States. Google may pass these personal data collected through technical procedures to third parties.
As mentioned above, the data subject can prevent our website from setting cookies through the corresponding settings of the Internet browser used, thereby permanently refusing to set cookies. This setting of the Internet browser used will also prevent Google from placing the conversion cookie on the data subject's information technology system. In addition, cookies set by Google AdWords can be deleted at any time through an Internet browser or other software program.
Data subjects may oppose Google ’s interest-based advertising. Therefore, the data subject must use the link www.google.de/settings/ads to access and set the required settings from each browser.
For more information about Google and applicable data protection regulations, please visit https://www.google.com/intl/zh-CN/policies/privacy/.
On this website, the controller has integrated components of the Instagram service. Instagram is a service that can be regarded as an audiovisual platform, which allows users to share photos and videos, as well as to spread such data in other social networks.
Each time one of the various pages of this Internet website is called, the page is operated by the controller, and the Instagram component (Insta button) is integrated, which will automatically prompt the Internet browser on the data subject information technology system to download the corresponding Instagram component of Instagram display. During this technical process, Instagram knows which specific subpage of our website the data subject visited.
If the data subject is logged in on Instagram at the same time, Instagram will detect that the data subject (during the entire process of their visit to our internet site) the data subject visited the page every time the data subject visited our website. This information is collected through the Instagram component and associated with the corresponding Instagram account of the data subject. If the data subject clicks one of the Instagram buttons integrated on our website, Instagram will match this information with the data subject's personal Instagram user account and store personal data.
Instagram will receive the information that the data subject has visited our website through the Instagram component, provided that the data subject has logged in on Instagram when calling our website. This happens regardless of whether the user clicks the Instagram button. If the data subject does not wish to transfer such information to Instagram, he or she can prevent this by logging out of his Instagram account before calling our website.
For more information about Instagram and applicable data protection regulations, please visit https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
On this site, the controller integrates components of Pinterest Inc. Pinterest is a so-called social network. A social network is an Internet social gathering place and an online community that allows users to communicate and interact with each other in a virtual space. Social networks can serve as a platform for exchanging opinions and experiences, or allow the Internet community to provide information about individuals or companies. Pinterest enables users of social networks to post photo collections and personal pictures, as well as descriptions on a virtual keyboard (so-called pins), which can then be shared (called "re-pin") or commented by other users.
Each time one of the pages of this Internet website is called, the page is operated by the controller and integrated with the Pinterest component (Pinterest plug-in). The Internet browser on the data subject information technology system automatically prompts to download the corresponding Pinterest through the corresponding Pinterest component The display of the component. For more information about Pinterest, please visit https://pinterest.com/. During this technical process, Pinterest can learn which specific subpage of our website the data subject visited.
If the data subject is logged in on Pinterest at the same time, Pinterest will detect the data subject each time we call our website-and during the entire process of their visit to our Internet site-which subpage data subject of our Internet visited the page. This information is collected through the Pinterest component and associated with the corresponding Pinterest account of the data subject. If the data subject clicks one of the Pinterest buttons integrated on our website, Pinterest will assign this information to the data subject's personal Pinterest user account and store personal data.
Pinterest receives information that the data subject has visited our website through the Pinterest component, provided that the data subject has logged in on Pinterest when calling our website. This happens regardless of whether the user clicks on the Pinterest component. If the data subject does not wish to transmit such information to Pinterest, he or she can prevent this by logging out of their Pinterest account before calling our website.
The data protection guide published by Pinterest can be found under https://about.pinterest.com/privacy-policy, which provides information about Pinterest's collection, processing and use of personal data.
On this website, the controller integrates PayPal components. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which represent virtual private accounts or corporate accounts. When the user does not have a PayPal account, PayPal can also process virtual payments through credit cards. PayPal accounts are managed by email address, which is why there is no classic account. Through PayPal, you can trigger online payments to third parties or receive payments. PayPal also accepts trustee functions and provides buyer protection services.
If the data subject selects "PayPal" as the payment option in the online store during the order process, we will automatically transfer the data subject's data to PayPal. By selecting this payment method, the data subject agrees to the transfer of personal data required for payment processing.
The personal data transferred to PayPal is usually the first name, last name, address, email address, IP address, phone number, mobile phone number or other data required for payment processing. The processing of purchase contracts also requires these personal data, which are related to the corresponding orders.
The transmission of data is aimed at payment processing and fraud prevention. The controller will transfer personal data to PayPal, especially if it has a legitimate interest in the transmission. The personal data exchanged between PayPal and the controller for processing data will be transmitted by PayPal to the economic credit institution. This transmission is used for identity and reputation checks.
If necessary, PayPal will transfer personal data to affiliated companies, service providers or subcontractors to fulfill contractual obligations or process data on order.
The data subject may withdraw consent to the processing of personal data from PayPal at any time. Revocation must not affect personal data that must be processed, used or transmitted in accordance with the (contract) payment processing method.
PayPal's applicable data protection regulations can be retrieved under https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
art. 6 (1) lights up. The GDPR is the legal basis of the processing business that we have agreed to for specific processing purposes. For example, if personal data must be processed in order to fulfill a contract to which the data subject participates, for example, when performing processing operations required for the supply of goods or the provision of any other services, the processing is in accordance with Article 6 (1). b GDPR. The same situation also applies to such processing operations necessary to implement pre-contract measures, such as when inquiring about our products or services. Does our company have a legal obligation to process personal data, for example, to fulfill tax obligations, the processing is based on Art. 6 (1) lights up. c GDPR. In rare cases, personal data may need to be processed in order to protect the vital interests of the data subject or another natural person. For example, if a visitor is injured in our company and must pass on his name, age, health insurance data, or other important information to a doctor, hospital, or other third party, this is the case. Then, the process will be based on Art. 6 (1) lights up. d GDPR. Finally, the processing operation can be based on Article 6, paragraph 1. f GDPR. If processing is necessary for the purpose of the legitimate interests pursued by the company or a third party, this legal basis is used for processing operations that are not covered by any of the above legal bases, unless these interests are those of the data subject who needs to protect personal data Or beyond basic rights and freedoms. Such processing operations are particularly allowed because British legislators have specifically mentioned them. He believes that if the data subject is a customer of the controller, it can be assumed to have a legitimate interest (Sentence 47, second GDPR).
Where personal data is processed in accordance with Article 6, paragraph 1. f GDPR Our legitimate interest is to conduct business to benefit the well-being of all employees and shareholders.
The standard for determining the storage period of personal data is the corresponding legal retention period. After this period expires, as long as it is no longer necessary to perform the contract or start the contract, the corresponding data will be deleted accordingly.
necessary conditions for the conclusion of a contract; data subjects are obliged to provide personal data; possible consequences of failure to provide such data
We clarified that the provision of personal data is partly required by law (for example, tax regulations), or it may be the result of contract terms (for example, information about contract partners). Sometimes it may be necessary to sign a contract that requires the data subject to provide us with personal data, which we must then process. For example, when our company signs a contract with him or her, the data subject is obliged to provide us with personal data. Failure to provide personal data will result in the inability to sign contracts with data subjects. Before the data subject provides personal data, the data subject must contact any employee.
As a responsible company, we do not use automated decision-making or analysis.