Data Policy

The purpose of this data privacy statement is to inform you, as the user, about the gathering of personal data on this website. We therefore place great value on all the essential information concerning the protection of your data being presented in the most transparent way possible. Should anything nonetheless be unclear to you, or should you have any questions, and thus a need for clarification, please do not hesitate to contact us.

A. CONTROLLER

The Controller, within the meaning of the General Data Protection Regulation (Art. 4(7) GDPR) and the other national data privacy laws, as well as any other provisions under data protection law, is:

AMAATA

Theonitsa Megarisiotou

Südliche Münchner Str. 10

82031 Grünwald/München

Germany

hello@amaata-official.com

Full provider details: www.amaata-official.com/imprint

These contact details are thus relevant for all matters of a data privacy nature relating to this website, as well as any claims on your part under data privacy law.

B. GATHERING AND STORING OF PERSONAL DATA WHEN VISITING OUR WEBSITE

We are informing you below about the procedures that take place when accessing our website that are relevant under data protection law.

1. Logfiles

Every time you access our website, we automatically gather data and information from the computer system that you use to access the website.

In the process, the following data is gathered:

(1) Information on your browser type and the browser version used

(2) Information on your operating system

(3) Information on your Internet Service Provider

(4) The date and time of your access

(5) Websites from which your system accesses our website

(6) Websites that are accessed by your system via our website

The data is stored in the log files of our system. Not affected by this are your IP address or other data which enable the data to be assigned to you. This data is not stored together with other personal data of yours. The legal basis for the temporary storage of this data is Art. 6(1)(f) GDPR.

Both the gathering of data and the saving of data in log files are absolutely necessary for the provision and operation of our website. Therefore, you do not have the option to object.

2. Cookies

We deploy so-called “cookies” on our website. These are small files that your browser creates automatically and which are stored on your computer system if you visit our site. Cookies do not harm your computer system, and do not contain any viruses, Trojan horses or other malware.

We deploy cookies in order to improve our website, thus, for example, to design it to be more user-friendly and adapt it to users’ interests.

In that respect, the following data is stored in the cookies and transmitted:

(1) Language settings

(2) Login details

(3) Making use of website functions

The data gathered in this way is pseudonymised by means of technical precautions. It is therefore not possible to allocate the data to you. The data is not stored together with any other personal data.

The data processed by cookies is necessary for the purposes mentioned, in order to protect our legitimate interests, as well as those of third parties, pursuant to Art. 6(1)(1)(f) GDPR.

Most browsers accept cookies automatically. In order to prevent this, you may, however, configure your browser in such a way that no cookies are stored on your computer system, or that a notice always appears before a new cookie is placed. Completely deactivating cookies may, however, lead to you not being able to use all the functions of our website.

C. TAKING UP CONTACT

You can get in touch with us electronically by e-mail. In this case, the data that you send us by e-mail will be transmitted to us and saved by us.

This concerns the following:

(1) Your name

(2) Date of taking up contact

(3) Your e-mail address

(4) Any further data, provided by you

If you write us an e-mail and are interested in our services, the legal basis for the data processing is Art. 6(1)(b) GDPR.

This data, transmitted to us, will only be used for handling the conversation, and not passed on to third parties.

We will delete this data once it is no longer required for the respective purpose. In other words, if the e-mail exchange with you has been terminated and we have addressed your concern in full.

You at any time can revoke the consent to the processing of your data. For this purpose, please contact us using the above-mentioned options. In the event of a revocation, all your personal data that has been stored for the purpose of taking up contact with you will be deleted.

D. Newsletter

We offer to send a newsletter, in which we inform the recipients about our services (newsletter subscription). In order to receive this newsletter, you need to register on our website for it. The data entered by you within the context of registering will be transmitted to us and only used in order to send you the newsletter.

This concerns the following:

(1) The e-mail address specified by you

(2) The IP address of the computer system used by you

(3) The date and time of the registration

We need your e-mail address to deliver the newsletter to you. The remaining information is necessary to prevent abuse of our services, but also of the e-mail address specified.

Further voluntary details include:

(4) Your sex

(5) Your date of birth

(6) Your place of residence

The voluntary details serve the purpose of being able to inform you more precisely about our website. These details are, however, not necessary for the newsletter to be sent.

Before the registration to receive our newsletter is despatched, your consent will be obtained and reference is made to this data privacy statement (Art. 6)(1)(a) GDPR).

It is possible to terminate the subscription at any time, which is equivalent to an objection to the data processing and option to have the data removed. For this purpose, a corresponding unsubscribe link is to be found in every newsletter sent by e-mail.

E. CONSENT WITH COMPLIANZ

Our website uses Complianz’s consent technology to obtain your consent to store certain cookies on your device or for the use of certain technologies and to document this consent in a manner compliant with data protection regulations. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, the Netherlands (hereinafter “Complianz”).

Complianz is hosted on our servers, so no connection to the servers of the provider of Complianz is established. Complianz stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Complianz cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Complianz serves to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.

F. SERVER LOG FILES

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:

  • The type and version of browser used
  • The used operating system
  • Referrer URL
  • The hostname of the accessing computer
  • The time of the server inquiry
  • The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

G. GOOGLE TAG MANAGER

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

H. META PIXEL (FORMERLY FACBOOK PIXEL)

To measure conversion rates, this website uses the visitor activity pixel of Facebook/Meta. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.

This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.

For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/). This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.

Within the meta pixel, we are using the expanded alignment function.

The expanded alignment allows us to transfer to Meta (Facebook) different types of data (e.g., place of residence, federal state, zip code, hashed email addresses, names, gender, date of birth or phone number) of our customers and prospects we collect through our website. As a result of this activation, we can tailor the offers presented in our advertising campaigns on Facebook to individuals interested in what we offer even more precisely. Moreover, this expanded alignment optimizes the allocation of website conversions and expands custom audiences.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/about/privacy/.

You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook.

If you do not have a Facebook account, you can deactivate any user-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

I. CONCLUSION OF THE AGREEMENT AT THE WEB SHOP

The following information relates to handling your data in connection with an order from the web shop on our website.

(1) Ordering

Should you place an order on our website, we will use the data provided by you to process the order and fulfil our contractual obligations.

The following data, which is necessary to fulfil the contract, is saved when you order.

(1) Your IP address

(2) Date and time of the registration

(3) Your name

(4) Your address

(5) Your e-mail address

The legal basis for the processing of this data results from Art. 6(1) b GDPR.

(2) Payment transaction

To carry out the payment transaction, we use third party payment provider. Besides the payment data (your bank details for the direct debit or your credit card details), the following data is also processed:

(1) Your name

(2) Your address

(3) Your e-mail address

(4) IP address

The specified payment data and the other data will not be passed on by us or the payment provider to third parties who are not involved in the performance of the contract and the processing of the payment. Please note that payment providers can work with credit reporting agencies. It is therefore possible that your data will be transmitted to the companies named by the payment providers in their privacy policy.

The legal basis for the storage and processing of this data follows based on the concluded contract from Art. 6 Paragraph 1 lit. b GDPR.

You have the option to object to the processing of your data at any time. Please use the contact options mentioned above. In the event of an objection, all of your personal data will be deleted, unless there is a statutory retention period to the contrary.

The following payment providers can be used:

PayPal: This is a service provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. You can view PayPal’s data protection declaration here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE

Shopify Payments: This is a service of Shopify Inc, 126 York Street, Suite 200, Ottawa, Canada, K1N 5T5. You can view Shopify’s privacy policy here: https://www.shopify.de/legal/datenschutz

(3) Shipment service provider

The goods ordered are shipped via the company named on the website. We pass on the following data to the shipment service provider for this purpose:

(1) Your name

(2) Your address

The legal basis for the storage and processing of this data results from Art. 6(1)(b) GDPR.

You at any time can revoke the consent to the processing of your data. Please, for this purpose, contact us using the above-mentioned options. In the event of a revocation, all your personal data will be deleted, if no statutory archival period prevents it.

J. PROCESSING IN THIRD COUNTRIES IN GENERAL

Insofar as and unless otherwise stated above, your personal data will be processed in countries outside the European Union (EU) or the European Economic Area (EEA) exclusively based on the legal requirements according to Art. 44 GDPR. In the present case, this is exclusively the case either based on an adequacy decision by the European Commission (Art. 45 GDPR) and / or on the basis of suitable guarantees (Art. 46 GDPR).

K. GENERAL RETENTION PERIOD

In general, personal data is only stored for as long as it is necessary to fulfil the purpose of data collection or to comply with the respective statutory retention period. After the purpose no longer applies or the deadline has expired, the data will be deleted.

L. RIGHTS OF DATA SUBJECTS

In so far as we have processed personal data of yours, you are the data subject within the meaning of the GDPR, and you have the following rights in relation to us:

(1) Art. 15 GDPR – You can request information about your personal data processed by us. You can in particular request information about the purposes of the processing, the category of personal data, the category of recipients to who your data has been or will be disclosed, the scheduled duration of storage, the existence of a right of correction, deletion, limitation of the processing or opposition, the existing of a right of appeal, the origin of your data, in so far as it was not gathered by us, and also the existence of automated decision-making, including profiling and any meaningful information on the details of the latter;

(2) Art. 16 GDPR – you may request the immediate correction of incorrect data or completion of your personal data stored with us.

(3) Art. 17 GDPR – you may request the deletion of your personal data stored with us, unless the processing is necessary in order to exercise the right of freedom of expression and information, for fulfilling a legal obligation, on grounds of the public interest or in order to assert, exercise or defend legal claims.

(4) Art . 18 GDPR- you may request that the processing of your personal data to be limited,

  • in so far as the accuracy of the data is disputed by you,
  • the processing is illegitimate, however you refuse to have it deleted and we no longer need the data,
  • however you need it to assert,
  • exercise or defend legal claims or you have filed an objection to the processing under Art. 21 GDPR;

(5) Art. 20 GDPR – you may obtain your personal data that you have provided us with in a structured, prevalent and machine-readable format, or to request the transmission of it to another officer.

(6) Art. 7(3) GDPR – you may revoke your consent, previously granted to us, at any time. The consequence of this is that we can no longer, in the future, continue the data processing that was based on such consent.

(7) Art. 77 GDPR – You may complain to a supervisory authority. You can usually, for this purpose, contact the supervisory authority at your usual place of residence or place of work or our place of business.

M. THE RIGHT OF OPPOSITION

Should your personal data be processed on the basis of justified interests pursuant to Art. 6(1)(1)(f) GDPR, you are entitled, under Art. 21 GDPR, to file an objection to the processing of your personal data, in so far as grounds exist for the latter which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without details of any special situation.

If you wish to make use of your right of revocation or right of objection, it is sufficient to send an e-mail to the above-mentioned e-mail address.