Privacy policy
Privacy policy
Below we inform you about the type, scope and purpose of the processing of your personal data when using our store at the address "www.ecardilly.com". Personal data is any information relating to an identified or identifiable natural person.
1. Responsible
The controller within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. For the personal data processed in this store, the controller within the meaning of the DSGVO is: Anja Wagner - ZWEIPUNKTNEUN, An der Pfaffenmauer 37, 60388 Frankfurt, Germany, telephone 06109249212, e-mail wagner@zweipunktneun.de (hereinafter "we").
2. When you visit our website
When you visit our website, our server collects the following information from your end device: browser type and version, operating system, the previously visited website ("referrer"), IP address and time of the page request.
We collect and process this data in order to ensure the trouble-free operation of our website and to be able to recognize, ward off and pursue any misuse of our services. Furthermore, we use the collected data for statistical purposes, for example to evaluate which end devices and browsers are used to access our store, in order to continuously adapt and improve our offer to the needs of the users on this basis. This data processing is based on Article 6(1)(f) DSGVO.
We delete all of the above-mentioned personal data no later than twelve months after it has been collected.
3. When you order from us
When you place an order in our store, we process your name, delivery address and e-mail address as you provide them during the ordering process. If you voluntarily provide additional data when placing your order (e.g. a different billing address or a telephone number), we also process this data.
We process this data electronically for the proper fulfillment of the contract, in particular for delivery, invoicing, posting payments and processing returns and complaints. If we are obliged to provide you with updates for a digital product or for a product with digital elements, we process your contact data for this purpose as well. This data processing is based on Article 6(1)(b) DSGVO.
We keep this data until all mutual claims arising from the respective contractual relationship with you have been settled in full and the retention periods under commercial and tax law to which we are subject have expired.
For a contract to be concluded between you and us, it is necessary that we receive your name, delivery address and e-mail address. The necessity of providing this data results from legal regulations (such as § 312i para. 1 item 3 BGB, § 14 para. 4 UStG). Without providing this data, you can therefore not conclude a contract with us.
When deciding on the conclusion of a contract, we refrain from automated decision-making and profiling.
4. Customer account
You can optionally create a customer account in our online store. The data required for this and processed by us result from the input mask for opening the customer account. The customer account is set up exclusively at your request. The legal basis is therefore your consent pursuant to Article 6(1)(a) DSGVO. We keep the personal data associated with the customer account stored until you delete the customer account or you ask us to delete it. For personal data from contracts already concluded, the retention periods as set out in the section "When you order from us" apply, regardless of the existence of the customer account.
5. Delivery and payment
Insofar as we send physical goods on the basis of the purchase contract, we transmit the name and address of the recipient and, insofar as you have consented thereto, your e-mail address, to the shipping service provider commissioned by us for the purpose of delivering the shipment, including, if applicable, prior e-mail notification of the expected time of delivery, and for the purpose of any return of your shipment to us on the basis of Article 6(1)(b) DSGVO.
For the payment of your purchase, the payment service provider selected by you collects and processes your name, e-mail address, card or account number and/or other data, to the extent necessary for the payment method selected by you in each case. In this respect, the contract and data protection provisions of the payment service provider selected by you shall apply in addition.
When receiving a payment, we process those data that the payment service provider transmits to us.
The processing is based on Article 6(1)(b) DSGVO. We keep this data stored until all mutual claims arising from the respective contractual relationship with you have been settled in full and the retention periods under commercial and tax law to which we are subject have expired.
6. Processor
For the operation of our website on the Internet, we use the technical services of Shopify (Shopify International Limited, Dublin 4, D04 XN32, Ireland) as a processor pursuant to Article 28 DSGVO.
7. Contact
If you send us a message by e-mail, we store your message with the sender data transmitted with it (name, e-mail address and, if applicable, further information added by your e-mail program and the transmitting servers). For the receipt, storage and sending of e-mails, we use an e-mail provider that acts for us as a processor in accordance with Article 28 DSGVO.
The legal basis for this data processing is our legitimate interest in answering your message and also being able to respond to any follow-up questions from you (Article 6(1)(f) DSGVO). We will delete the data collected with your message no later than twelve months after the last communication with you regarding your request, subject to the provision in the following paragraph.
If you send us a legally relevant statement regarding the contractual relationship (e.g. a revocation or a complaint), the legal basis for the processing, regardless of the transmission channel, is also Article 6(1)(b) DSGVO. In such a case, we will delete the data related to your declaration as soon as all mutual claims arising from the contractual relationship have been finally settled and the retention periods under commercial and tax law have expired.
8. Newsletter
If you have subscribed to our newsletter, we will inform you by e-mail about new offers and features of our store. You will not receive more than one newsletter per week. You can informally object to the use of your e-mail address for advertising purposes at any time without incurring any costs other than the transmission costs according to the prime rates.
This data processing is based on your consent in accordance with Article 6(1)(a) DSGVO. If you revoke your consent to the use of your e-mail address for advertising purposes, we will delete your e-mail address from our newsletter distribution list.
As a technical service provider for the dispatch of our newsletter, we use the service of the company ActiveCampaign (processor pursuant to Article 28 DSGVO).
9. Google-Services
We use certain services of Google for our store. If you visit our store from a location in the European Union, Norway, Iceland, Liechtenstein or Switzerland, "Google" is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, otherwise Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Insofar as services are provided by Google LLC in the USA, Google has undertaken under the EU-US Privacy Shield Agreement to comply with the data protection law of the European Union.
General information on data use by Google can be found at Google at https://policies.google.com/technologies/partner-sites ("How we use data from websites or apps on or in which our services are used").
10. Google Analytics
We use Google Analytics, a web analytics service provided by Google. Google places cookies on your terminal device. With these cookies, Google can collect information about how you use our website. This information is transferred to a Google server, evaluated there and made available to us. The legal basis is Article 6(1)(f) DSGVO, namely our legitimate interest in evaluating and optimizing our website.
We compose Google Analytics with activated IP anonymization. This means that your IP address is usually shortened within the scope of the DSGVO in such a way that it is no longer possible to draw conclusions about you from the IP. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser will not be merged with other data from Google. You can prevent the storage of cookies by selecting the appropriate settings on your browser software.
11. Google Maps
Our website uses "Google Maps", a function from Google for displaying street maps and aerial images. The image data for displaying "Google Maps" are downloaded directly from Google by your terminal device when you call up a page that contains such street maps or aerial images. Google thereby learns your IP address, your operating system, your browser type, its version and, if applicable, your location and evaluates this data for its own business purposes.
12. Facebook Pixel, Custom Audience, Conversion Tracking
On our website, we compose the service "Facebook Pixel" from Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, or, if you are a resident of the USA or Canada: Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA). The technology makes it possible to define you and other visitors to our website as a target group ("Custom Audience") for advertisements delivered by Facebook ("Facebook Ads"). To do this, Facebook analyzes your user behavior with the help of an invisible graphic file that we integrate into our website and derives products or topics in which you are interested. Facebook Pixel also allows us to determine the effectiveness of Facebook Ads, namely whether and how you respond to an advertisement from us ("Conversion Tracking").
This data processing is carried out on the basis of Article 6(1)(f) DSGVO, namely in our legitimate interest to advertise our offers primarily to such groups of people who are likely to be interested in our products and to analyze the efficiency of the online advertising we use.
Meta Platforms Inc. has committed to comply with European Union data protection law under the EU-US Privacy Shield Agreement.
13. Social Media
Social media buttons may be displayed in our store; they can be recognized by the logos of the social media platforms (hereinafter "platforms") (Facebook: "f" logo, Instagram: square camera, Pinterest: "p"). These are links to the respective platforms based in the USA. A click on such a link calls up the website of the respective platform, whereby the IP address of the calling up end device as well as the address of the page from which the link is made ("referrer") are transmitted to the called up platform in the USA. However, no data is collected or processed by us in connection with the social media buttons.
14. Your rights
You have the following rights in relation to the personal data we process about you:
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, we will inform you of the personal data stored about you and the further information pursuant to Article 15 (1) and (2) DSGVO.
You have the right to have inaccurate personal data concerning you corrected without delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
You may request from us the immediate deletion of the personal data concerning you under the conditions of Article 17(1) of the GDPR, insofar as its processing is not necessary pursuant to Article 17(3) of the GDPR.
You may request us to restrict the processing of your data if one of the conditions of Article 18(1) DSGVO applies. In particular, you may request the restriction instead of deletion.
We will notify any rectification or erasure of your personal data and any restriction of processing to all recipients to whom we have disclosed personal data relating to you, unless this proves impossible or involves a disproportionate effort. We will also inform you about these recipients if you so request.
You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format, and may request that we transfer this data to another controller without hindrance, insofar as this is technically possible.
Insofar as data processing is based on your consent, you have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the data processing that took place until your revocation.
RIGHT TO OBJECT: FOR REASONS ARISING OUT OF YOUR PARTICULAR SITUATION, YOU MAY OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU; this right to object exists in relation to that data processing which is carried out on the basis of Article 6(1)(f) of the GDPR for the protection of legitimate interests on our part or on the part of a third party, unless your interests or fundamental rights and freedoms requiring the protection of personal data are overridden. If you exercise your right to object, we will no longer process the data concerned unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you, or for the establishment, exercise or defense of legal claims.
IN THE EVENT THAT WE PROCESS PERSONAL DATA FOR DIRECT MARKETING (E.G. NEWSLETTER), YOU MAY OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING, WITH THE CONSEQUENCE THAT WE WILL NO LONGER PROCESS YOUR DATA FOR SUCH PURPOSES.
If you consider that the processing of your personal data infringes the GDPR, you may lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement. This does not preclude other administrative or judicial remedies.