PRIVACY POLICY

1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTROLLER CONTACT DETAILS

1.1 Thank you for visiting our website and for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data means any data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Bendigo-Boutique. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the character string “https://” and the padlock symbol in your browser bar.

2) DATA COLLECTION WHEN VISITING OUR WEBSITE

If you use our website for information purposes only, i.e. if you do not register or otherwise provide information to us, we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data which is technically necessary to display the website:

• The website visited

• Date and time of access

• Amount of data sent in bytes

• Source/referrer from which you accessed the page

• Browser used

• Operating system used

• IP address used (where applicable, in anonymised form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not disclosed or otherwise used. However, we reserve the right to check the server log files retrospectively if there are specific indications of unlawful use.

3) COOKIES

To make your visit to our website attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files stored on your device. Some cookies are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). When cookies are set, certain user information such as browser and location data as well as IP addresses may be collected and processed to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping basket for a later visit). Where personal data is also processed by individual cookies that we use, processing is carried out either pursuant to Art. 6(1)(b) GDPR for the performance of a contract, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit. We may cooperate with advertising partners who help make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we work with such advertising partners, you will be informed individually and separately below about the use of such cookies and the scope of the information collected in each case.

Please note that you can set your browser to inform you about the setting of cookies and to decide individually whether to accept them, or to exclude the acceptance of cookies for certain cases or in general. Each browser manages cookie settings differently. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find these for the respective browsers at the following links:

• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

• Chrome: https://support.google.com/chrome/answer/95647?hl=de

• Safari: https://support.apple.com/kb/ph21411?locale=de_DE

• Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) CONTACTING US

Personal data is collected when you contact us (e.g. via the contact form or by e-mail). The specific data collected in the case of a contact form can be seen from the respective contact form. This data is stored and used solely for the purpose of responding to your enquiry or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your enquiry pursuant to Art. 6(1)(f) GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after final processing of your enquiry; this is the case when it can be inferred from the circumstances that the matter has been conclusively resolved and there are no statutory retention obligations.

5) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING

Pursuant to Art. 6(1)(b) GDPR, personal data is further collected and processed if you provide it to us for the performance of a contract or when opening a customer account. The data collected can be seen from the respective input forms. You can delete your customer account at any time by sending a message to the controller’s address mentioned above. We store and use the data provided by you for contract performance. After completion of the contract or deletion of your customer account, your data will be blocked with regard to retention periods under tax and commercial law and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further legally permitted use of data, about which we inform you below.

6) USE OF YOUR DATA FOR DIRECT ADVERTISING

6.1 Subscribing to our e-mail newsletter
If you subscribe to our e-mail newsletter, you will regularly receive information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and is used to address you personally. We use the double opt-in procedure. This means we will only send you an e-mail newsletter if you have expressly confirmed that you agree to receive the newsletter. We will then send you a confirmation e-mail requesting you to confirm your wish to receive the newsletter in the future by clicking on a corresponding link.

By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6(1)(a) GDPR. When registering for the newsletter, we store the IP address assigned by your Internet service provider (ISP) as well as the date and time of registration, in order to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter will be used exclusively for the purpose of advertising by way of the newsletter. You can unsubscribe at any time via the link provided in the newsletter or by notifying the controller mentioned at the beginning. After unsubscribing, your e-mail address will be promptly removed from our newsletter mailing list, unless you have expressly consented to further use of your data or we reserve the right to further use of data as permitted by law and about which we inform you in this policy.

6.2 E-mail newsletter to existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by e-mail. For this we do not require separate consent. In this case, data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your e-mail address for this purpose, we will not send e-mails. You may object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller mentioned above. You will only incur transmission costs according to the basic tariffs. Upon receipt of your objection, the use of your e-mail address for advertising purposes will be stopped immediately.

7) DATA PROCESSING FOR ORDER FULFILMENT

7.1 The personal data collected by us will be passed on to the transport company commissioned with the delivery to the extent necessary for the delivery of the goods. We pass on your payment data to the credit institution commissioned with processing payments to the extent necessary for payment processing. If payment service providers are used, we inform you explicitly below. The legal basis for data transmission is Art. 6(1)(b) GDPR.

7.2 Use of payment service providers (payment services)

PayPal
If you choose payment via PayPal, credit card via PayPal, direct debit via PayPal or—where offered—“purchase on account” or “instalment payment” via PayPal, we transmit your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) for payment processing, pursuant to Art. 6(1)(b) GDPR and only to the extent required.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or—where offered—“purchase on account” or “instalment payment” via PayPal. For this purpose, your payment data may be transmitted to credit agencies pursuant to Art. 6(1)(f) GDPR based on PayPal’s legitimate interest in determining your solvency. The result of the credit check with regard to the statistical probability of default is used by PayPal for the decision on the provision of the respective payment method. The credit report may contain probability values (so-called score values) calculated on the basis of a scientifically recognised mathematical-statistical procedure; address data, among other data, is included in the calculation. Further data protection information, including information on the credit agencies used, can be found in PayPal’s Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

SOFORT
If you select the “SOFORT” payment method, payment is processed via SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (“SOFORT”), to whom we pass on the information you provided during the ordering process as well as information about your order pursuant to Art. 6(1)(b) GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is transmitted solely for the purpose of payment processing with SOFORT and only to the extent necessary. Further information on SOFORT’s data protection provisions can be found at: https://www.klarna.com/sofort/datenschutz

8) CONTACT FOR REVIEW REMINDERS

Own review reminder (not sent via a customer review system)
We use your e-mail address as a one-time reminder to submit a review of your order for the review system we use, provided that you have expressly consented to this during or after your order pursuant to Art. 6(1)(a) GDPR.
You may withdraw your consent at any time by notifying the controller.

9) USE OF SOCIAL MEDIA: SOCIAL PLUG-INS

9.1 Facebook plug-ins with Shariff solution
Special additional customs clearance charges and/or import duties are not included in the price and are the responsibility of the customer.
Our website uses social plug-ins (“plug-ins”) of the social network Facebook operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”).
To increase the protection of your data when visiting our website, these buttons are not fully integrated as plug-ins, but only as HTML links. This ensures that when a page of our website containing such buttons is accessed, no connection is made to Facebook’s servers. If you click the button, a new browser window opens and the Facebook page is called up, where you can interact with the plug-ins (after logging in, if necessary).
Facebook Inc., based in the USA, is certified under the EU-US “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.
For information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and settings options to protect your privacy, please refer to Facebook’s data policy: https://www.facebook.com/policy.php

9.2 Google+ plug-ins with Shariff solution
Our website uses social plug-ins (“plug-ins”) of the social network Google+, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
As above, buttons are integrated only as HTML links.
Google LLC, based in the USA, is certified under the EU-US “Privacy Shield”.
Further information: https://www.google.com/intl/de/policies/privacy/

9.3 Instagram plug-in with Shariff solution
Our website uses social plug-ins (“plug-ins”) of Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”).
Buttons are integrated only as HTML links.
Instagram LLC, based in the USA, is certified under the EU-US “Privacy Shield”.
Further information: https://help.instagram.com/155833707900388/

10) ONLINE MARKETING

10.1 DoubleClick by Google
This website uses the online marketing tool DoubleClick by Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“DoubleClick”).
DoubleClick uses cookies to display adverts relevant to users, to improve campaign performance reports or to prevent a user from seeing the same adverts multiple times. Google uses a cookie ID to record which adverts are displayed in which browser and can thus prevent them from being shown multiple times. Processing is based on our legitimate interest in the optimal marketing of our website pursuant to Art. 6(1)(f) GDPR.
DoubleClick may also use cookies to record conversions related to ad requests. According to Google, DoubleClick cookies contain no personal information.
Your browser automatically establishes a direct connection to Google’s server. We have no influence on the extent and further use of the data collected by Google. If you wish to object to tracking, you can disable cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com (https://www.google.de/settings/ads). This setting is deleted when you delete your cookies. Alternatively, visit www.aboutads.info for cookie settings. You can also set your browser to inform you about the setting of cookies and decide individually on their acceptance. If you do not accept cookies, the functionality of our website may be limited.
Google LLC, based in the USA, is certified under the EU-US “Privacy Shield”.
Further information: https://www.google.de/policies/privacy/

10.2 Use of Google Ads conversion tracking
This website uses the online advertising programme “Google Ads” and, within Google Ads, the conversion tracking of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use Google Ads to draw attention to our offers on external websites with advertising materials (Google Ads). We can assess the success of individual advertising measures. Our aim is to show you adverts that are of interest to you, to make our website more interesting and to achieve a fair calculation of advertising costs.
A cookie for conversion tracking is set when a user clicks on a Google Ads ad. These cookies generally expire after 30 days and are not used for personal identification. Each Google Ads customer receives a different cookie. The information obtained is used to compile conversion statistics. No information is provided that personally identifies users.
If you do not wish to participate in tracking, you can deactivate the Google conversion tracking cookie via your browser settings. We use Google Ads on the basis of our legitimate interest in targeted advertising pursuant to Art. 6(1)(f) GDPR.
Google LLC is certified under the EU-US “Privacy Shield”.
Further information: https://www.google.de/policies/privacy/
You can permanently prevent cookies for ad preferences by installing the browser plug-in available at: https://www.google.com/settings/ads/plugin?hl=de
Please note that certain functions of this website may not be available or may be limited if you disable cookies.

11) WEB ANALYTICS SERVICES

Google (Universal) Analytics
This website uses Google Analytics, a web analytics service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies to analyse how users use the site. The information generated (including the truncated IP address) is generally transmitted to a Google server in the USA and stored there.
This website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which ensures anonymisation of the IP address by truncation and excludes a direct personal reference. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. In such cases, processing is based on our legitimate interest in statistical analysis of user behaviour for optimisation and marketing purposes pursuant to Art. 6(1)(f) GDPR.
Google will use this information on our behalf to analyse website use, compile reports and provide further services relating to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can refuse the use of cookies via your browser settings; this may limit website functionality. You can also prevent the collection and processing of data by Google by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, you can set an opt-out cookie to prevent future data collection by Google Analytics on this website (works only in this browser and only for this domain; if you delete your cookies, you must click the link again): Disable Google Analytics.
Google LLC is certified under the EU-US “Privacy Shield”.
This website also uses Google Analytics for cross-device analysis via a user ID. When a page is first accessed, a unique, permanent and anonymised ID is assigned and set across devices. Interaction data from different devices and sessions can thus be assigned to one user. The user ID contains no personal data and does not transmit such data to Google.
You can object to collection and storage via the user ID at any time with effect for the future. You must disable Google Analytics on all systems you use (e.g. in another browser or on your mobile device).
Further information on Universal Analytics: https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376

12) RETARGETING/REMARKETING/REFERENCE ADVERTISING

Facebook Custom Audience via the Pixel method
This website uses the “Facebook Pixel” of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). With explicit consent, this enables the tracking of user behaviour after they have seen or clicked on a Facebook advert. This is used to evaluate the effectiveness of Facebook advertising for statistical and market research purposes and to optimise future advertising measures.
The data collected is anonymous to us; however, it is stored and processed by Facebook and may be linked to the respective user profile. Facebook may use the data for its own advertising purposes in accordance with Facebook’s Data Policy (https://www.facebook.com/about/privacy/). A cookie may also be stored on your computer. Processing takes place only with your explicit consent pursuant to Art. 6(1)(a) GDPR.
Consent to use the Facebook Pixel may only be given by users over 13 years of age. If you are younger, please ask your legal guardian for permission.
Facebook Inc. is certified under the EU-US “Privacy Shield”.
To disable cookies on your computer, you can set your internet browser to prevent cookies from being stored or to delete stored cookies. Disabling all cookies may limit certain functions. You can also disable the use of cookies by third parties such as Facebook at: https://www.aboutads.info/choices/

Google Ads Remarketing
Our website uses Google Ads Remarketing features to advertise this website in Google search results and on third-party websites. Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google sets a cookie in your browser that enables interest-based advertising via a pseudonymous cookie ID and based on the pages you visit. Processing is based on our legitimate interest in the optimal marketing of our website pursuant to Art. 6(1)(f) GDPR.
Further processing occurs only if you have consented to Google linking your web and app browsing history to your Google account and using information from your Google account to personalise ads. In this case, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.
You can permanently prevent cookies for ad preferences by installing the browser plug-in at: https://www.google.com/settings/ads/onweb/
Alternatively, visit www.aboutads.info to learn more and set preferences. If you do not accept cookies, website functionality may be limited.
Google LLC is certified under the EU-US “Privacy Shield”. Further information: https://www.google.com/policies/technologies/ads/

13) DATA SUBJECT RIGHTS

13.1 Applicable data protection law grants you comprehensive rights vis-à-vis the controller regarding the processing of your personal data.

Rights of the data subject (rights to information and intervention) include:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to object (Art. 21 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to withdraw consent (Art. 7(3) GDPR)

• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

13.2 RIGHT TO OBJECT
WHERE WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS PURSUANT TO OUR OVERRIDING LEGITIMATE INTERESTS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL NO LONGER PROCESS THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
WHERE YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA FOR SUCH MARKETING. YOU MAY EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL NO LONGER PROCESS THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

14) DURATION OF STORAGE OF PERSONAL DATA

The duration of storage of personal data is determined by the respective statutory retention periods (e.g. retention periods under commercial and tax law). After expiry of the period, the corresponding data is routinely deleted, provided it is no longer required for contract performance or contract initiation and/or we have no legitimate interest in further storage.