data privacy statement

1. data privacy

General information

This is a lovingly operated, small shop site. We are not interested in generating a possible profit from the senseless accumulation of user data.

We are legally obliged to explain these data protection provisions. If you do not want to agree to these declarations, which we have made in writing, regarding our use of the personal data you have provided, you can unfortunately not use our site. We are legally obliged to present these things and to obtain your consent. Unfortunately, it is not legally possible to use the site while rejecting the terms of use.

The following information provides a simple overview of what happens to your personal data when you visit and use this website. Personal data is all data with which you can be personally identified. You can find detailed information on the subject of data protection in our data protection declaration below this text.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.

How do we collect your data?

On the one hand, your data is collected by you communicating it to us. This can be e.g. For example, this is data that you enter in a contact form.

Other data is collected automatically or with your consent when you visit our website through our IT systems. This is primarily technical data (e.g. internet browser, operating system or time of page access). This data is recorded automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure that the website is provided correctly. Other data can be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request that this data be corrected or deleted. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request that the processing of your personal data be restricted in certain circumstances. You also have the right to lodge a complaint with the responsible supervisory authority.

You can contact us at any time at the address given in the imprint if you have any further questions about data protection.

Analysis tools and third party tools

When you visit this website, your surfing behavior can be statistically evaluated. This happens primarily with cookies and with so-called analysis programs.

Detailed information on these analysis programs can be found in the following data protection declaration.

2. Hosting and Content Delivery Networks (CDN)

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This can be v. a. are IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data that are generated via a website.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 b GDPR) and in the interest of a safe, fast and efficient provision of our online offer by a professional provider(Art. 6 Abs. 1 lit. f DSGVO).

Our hoster will only process your data to the extent necessary to fulfill its performance obligations and to follow our instructions in relation to this data.

Conclusion of a contract for order processing

In order to ensure data protection-compliant processing, we have concluded a contract for order processing with our host.

3. General information and mandatory information

privacy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. It is not possible to completely protect data from third-party access.

Information about the responsible body

The responsible body for data processing on this website is:
Ana Orias Balderas, Wiesenstraße 39, 65627 Elbtal
+491629406010
E-Mail: ana@twohandsmedia.com

The responsible body is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, email addresses or similar).

Data protection officer required by law

Our data protection officer is the site operator:
Ana Orias Balderas, Wiesenstraße 39, 65627 Elbtal +491629406010 E-Mail: ana@twohandsmedia.com

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. All you need to do is send an informal email to us. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and direct advertising (Art. 21 DSGVO)

IF DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS FOR YOUR SPECIAL SITUATION; THIS IS ALSO APPLICABLE TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS ON WHICH PROCESSING IS BASED IS TAKEN FROM THIS PRIVACY STATEMENT. IF YOU SUBJECT, WE WILL NO LESS PROCESS YOUR PERSONAL DATA, BECAUSE WE CAN PROVIDE OBLIGATORY PROTECTIVE REASONS FOR PROCESSING THAT PROVIDES YOUR INTEREST, RIGHTS AND DISCLOSURE OF THE PROPERTY. OPPOSITION UNDER ART. 21 (1) GDPR

IF YOUR PERSONAL DATA IS PROCESSED TO OPERATE DIRECT ADVERTISEMENT, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESS YOUR PERSONAL DATA FOR THIS ADVERTISEMENT. This also applies to the creation of a profile, provided that it is linked to such direct advertising. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT ADVERTISING (OBLIGATION PURSUANT TO ART. 21 (2) GDPR)

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only take place if it is technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this page uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Encrypted payments on this website

If, after the conclusion of a fee-based contract, there is an obligation to provide us with your payment details (e.g. account number for direct debit authorization), this data is required for payment processing.

Payment transactions via the common means of payment (Visa / MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, the right to correct or delete this data. You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of personal data.

Right to restriction of processing

You have the right to request that the processing of your personal data be restricted. You can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases:

  • If you contest the accuracy of your personal data stored with us, we usually need time to check this. For the duration of the examination, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data happened / happens unlawfully, you can request the restriction of the data processing instead of the deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of being deleted.
  • If you have filed an objection in accordance with Art. 21 Para. 1 GDPR, you and our interests must be weighed up. As long as it is not clear whose interests outweigh the rights, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be obtained with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest the European Union or a Member State.

Objection to advertising emails

We hereby object to the use of contact data published within the scope of the imprint obligation for sending unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam e-mails.

4. Data collection on this website

Cookies

Our website uses so-called “cookies”. Cookies are small text files and do no damage to your device. They are either stored temporarily on your device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or an automatic solution is carried out by your web browser.

In some cases, third-party cookies can also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertisements.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you require (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) on the basis of Art. 6 para. 1 lit. f GDPR saved, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If a consent to the storage of cookies has been requested, the storage of the relevant cookies takes place exclusively on the basis of this consent (Art. 6 Para. 1 lit. a GDPR); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

Insofar as cookies from third-party companies or for analysis purposes are used, we will inform you separately in the context of this data protection declaration and, if necessary, ask for your consent.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – the server log files must be recorded for this.

contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit. GDPR) or on your consent (Art. 6 Para. 1 lit. was queried.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

Request by email, phone or fax

If you contact us by email, phone or fax, your request, including all personal data resulting from it (name, request), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit. GDPR) or on your consent (Art. 6 Para. 1 lit. was queried.

The data you send to us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

Registration on this website

You can register on this website to use additional functions on the site. We only use the data entered for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be given in full. Otherwise we will reject the registration.

For important changes, such as the scope of the offer or for technically necessary changes, we use the email address provided during registration to inform you in this way.

The data entered during registration is processed for the purpose of implementing the usage relationship established by the registration and, if necessary, for initiating further contracts (Art. 6 Para. 1 lit. b GDPR).

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

5. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that enables us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter . No further data is collected, or only on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form will only be processed on the basis of your consent (Art. 6 Para. 1 a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing that has already taken place remains unaffected by the revocation.

The data stored by us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after unsubscribing from the newsletter. Data that we have stored for other purposes remain unaffected.

After you have unsubscribed from the newsletter distribution list, your e-mail address may be saved in a blacklist with us or the newsletter service provider to prevent future mailings. The data from the blacklist are only used for this purpose and are not combined with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Article 6 (1) (f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests.

6. Plugins and tools

Google Analytics

If you have given your consent, Google Analytics, a web analysis service of Google Ireland Limited ("Google") is used on this website. The use includes the "Universal Analytics" operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices.

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.

Purposes of the Processing

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.

Legal Basis

The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Recipients or Categories of Recipients

The recipient of the collected data is Google.

Transfer to Third Countries

Personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission’s adequacy decision. You can download the certificate here.

Duration of Data Storage

The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

Rights of the Persons affected

You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Browser Add-on. Opt-out cookies will prevent future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: Disable Google Analytics

Google Web Fonts 

This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that this website was accessed via your IP address. Google WebFonts are used on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform representation of the typeface on his website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time.

If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google Maps

This site uses the Google Maps map service via an API. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this page has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easier to find the places we have indicated on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time.

You can find more information on handling user data in Google's data protection declaration: https://policies.google.com/privacy?hl=de.

 

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

ReCAPTCHA is intended to check whether the data entry on this website (e.g. in a contact form) is carried out by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, length of time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis are forwarded to Google.

The reCAPTCHA analyzes run completely in the background. Website visitors are not advised that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings against abusive automated spying and against SPAM. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time.

Further information on Google reCAPTCHA can be found in the Google data protection regulations and the Google terms of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de .

7. eCommerce and payment providers

Processing data (customer and contract data)

We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship (inventory data). This is done on the basis of Art. 6 Para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. We only collect, process and use personal data about the use of this website (usage data) insofar as this is necessary to enable or bill the user for the use of the service.

The customer data collected will be deleted after the order has been completed or the business relationship has ended. Statutory retention periods remain unaffected.

Data transmission when concluding a contract for online shops, retailers and shipping of goods

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with the payment processing. A further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without express consent, for example for advertising purposes.

The basis for data processing is Art. 6 Para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.

Data transmission when concluding a contract for services and digital content

We only transfer personal data to third parties if this is necessary as part of the contract processing, for example to the credit institution commissioned with the payment processing.

A further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without express consent, for example for advertising purposes.

The basis for data processing is Art. 6 Para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.

Stripe

On this website we offer i.a. payment with Stripe’s services. The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).

If you pay via Stripe, your payment details will be forwarded to Stripe via an interface on our website to make the payment. You can find details on this in Stripe's data protection declaration at the following link: https://stripe.com/de/privacy.

Your data is transmitted to Stripe on the basis of Art. 6 Para. 1 lit. b GDPR (contract processing) and on the basis of our legitimate interest in the use of reliable and secure payment processes (Art. 6 Para. 1 lit.

PayPal

On this website we offer i.a. payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

If you select payment via PayPal, the payment data you have entered will be transmitted to PayPal.

The transmission of your data to PayPal is based on Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.

Facebook

Facebook, custom audiences and Facebook marketing services

Due to our legitimate interests in analysis, optimization and
economic operation of our online offer and for these purposes the so-called "Facebook pixel" of the social network
Facebook, which is owned by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU,
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.

 

With the help of the Facebook pixel, Facebook is able, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to only display the Facebook ads we have placed to those Facebook users who are also interested in ours
Have shown online offer or have certain characteristics (e.g. interests in certain topics or products that are determined based on the websites visited) that we transmit to Facebook (so-called "Custom Audiences").
With the help of the Facebook pixel, we would also like to ensure that our Facebook ads correspond to the potential interest of the users and do not have a nuisance. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook advertisements for statistical and market research purposes, by seeing whether users were forwarded to our website after clicking on a Facebook advertisement (so-called "conversion").

The Facebook pixel is directly integrated by Facebook when you visit our website and can save a so-called cookie on your device. If you then log in to Facebook or visit Facebook while logged in, your visit to our online offering will be noted in your profile. The data collected about you is anonymous to us, so it does not provide us with any conclusions about the identity of the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we should transmit data to Facebook for comparison purposes, it is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of a comparison with the same through Facebook
encrypted data.

Furthermore, when using the Facebook pixel, we use the additional function "extended comparison"
transmitted encrypted to Facebook for the formation of target groups ("Custom Audiences" or "Look Alike Audiences").
More information.

We also use the "Custom Audiences from File" procedure of the social network Facebook, Inc. In this case, the email addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload only serves to determine the recipients of our Facebook ads. We want to ensure that the ads are only shown to users who are interested in our information and services.

The processing of the data by Facebook takes place within the framework of Facebook's data usage guidelines. You can find special information and details about the Facebook pixel and how it works in the Facebook help section.

You can object to the recording by the Facebook pixel and the use of your data to display Facebook ads. To set which types of advertisements are displayed to you on Facebook, you can call up the page set up by Facebook and there the information on the settings for usage-based advertising
follow. The settings are platform-independent (desktop or mobile). You can also object to the use of cookies, which are used for range measurement and advertising purposes, via the deactivation page of the network advertising initiative and additionally the US website or the European website.