Privacy Policy

Data protection declaration in accordance with the requirements of the GDPR

 

I. Responsible person

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

 

Joshua Rakowski
Marktstraße 5

45964 Gladbeck
 Germany

 Telephone: +49 173 4061778
 Email: shop@mirageessence.de

Web: https://www.mirageessence.de

II. General information on data processing / Legal basis

We generally only collect and use your personal data to the extent necessary to provide a functional website and the content and services contained therein .

You can use the website without providing any personal information . If you wish to use special features of our website (such as the online shop or our contact form ), the processing of personal data will be necessary.

 

Insofar as the collection and use of your personal data is necessary, this processing is always based on a legal basis or we obtain your consent.

 

Your personal data will be deleted as soon as the purpose for which it was stored no longer applies.

Data may also be stored if this is provided for by European or national legislation in Union regulations, laws or other provisions to which we are subject , or if you have given us your consent.

Data will also be deleted when a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

 

Insofar as we obtain your consent as a data subject for processing personal data , Article 6 ( 1 ) (a) GDPR serves as the legal basis for the processing of personal data .

When processing personal data that is necessary for the performance of a contract to which you, as the data subject, are a party , Article 6 (1 ) sentence 1 serves as the legal basis. Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for compliance with a legal obligation, the We are subject to Article 6, paragraph 1, sentence 1. lit. c GDPR as the legal basis.

In the event that the processing of personal data is necessary to protect the vital interests of you as the data subject or of another natural person, Article 6 ( 1 ) (d) GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, and the interests or fundamental rights and freedoms of the data subject do not override those interests, then Article 6( 1 ) (1) of the GDPR serves as the legal basis. Article 6 (1)(f) GDPR as the legal basis for processing.

 

We currently maintain technical measures to ensure the protection of your personal data. These are continuously updated to reflect the latest technological advancements.

III. Provision of the website and creation of log files

We operate our website via the online shopping platform Shopify. You can find more information about this in section IV of this statement.

 

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or inquiries that you send to us. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock icon in your browser's address bar.

When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

 

Each time our website is accessed, the system automatically collects data and information from the computer system of the accessing computer.

Included The following data may be collected: (1) information about the browser type and version used , (2) the user's operating system , (3) the user's internet service provider , (4) the user's IP address , (5) the date and time of access , (6) websites from which the user's system accessed our website , (7) websites accessed by the user's system via our website .

 

The data is stored in our system's log files. This data is not stored together with other personal data of the user. Therefore, no conclusions can be drawn about the individual concerned.

 

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

The data is stored in log files to ensure the website's functionality. We also use the data to optimize the website and to ensure the security of our IT systems. The data is not used for marketing purposes.

These purposes constitute our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR, which also forms the legal basis for the temporary storage of the data and log files.

 

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended.

 

Since the collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website, you have no right to object.

IV. Service providers used

We sometimes use external service providers to process your data. For example, our shop is operated via the e-commerce platform Shopify . This service is subject to EU regulations. the Shopify International Limited , Victoria Buildings, 2nd floor
1-2 Haddington Road , Dublin 4, D04 XN32, Ireland is responsible.


 The data collected via Shopify may be stored on various servers worldwide. Shopify 's servers are located, among other places, in the USA.

Further details are governed by Shopify 's privacy policy , which you can find at
https://www.shopify.com/de/legal/datenschutz can view . According to Shopify, data transfers to the USA and other third countries are based on the EU Commission's Standard Contractual Clauses or comparable safeguards pursuant to Article 46 GDPR. Details can be found, for example, here: https://www.shopify.com/de/legal/privacy/app-users .

 

We use Shopify processes data based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

 

We have entered into a data processing agreement (DPA) with Shopify . This ensures that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR .

V. Use of cookies , Webeacons and Local Storage

Our website uses cookies and similar tracking technologies (web beacons, "local storage") .

Cookies are text files that are stored in or by the web browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a unique string of characters that allows the browser to be uniquely identified when the website is visited again.

Web beacons are a technology that allows us to determine whether a user has accessed certain content on our website or in an email.

Furthermore, we use so-called "local storage" technology, meaning we utilize the ability to store data in your browser. Unlike session storage technology, locally stored data is not deleted when the browser window is closed. Third parties cannot access this data, and we do not share it with third parties. This data is not combined with other data.

We use the described technologies via Shopify to ensure the website functions correctly and is secure. These technologies store and transmit information such as the devices you use, visitor sources, the region of website visitors, visitor numbers, and information about your consent to the use of cookies.

In addition, we also use cookies via Shopify on our website , which enable an analysis of your browsing behavior.

For more details about the cookies and similar tracking technologies used by Shopify , please see Shopify's Cookie Policy, which can be accessed at https://www.shopify.com/de/legal/cookies .

The data collected in this way is pseudonymized through technical measures. Therefore, it is no longer possible to link the data to the user who accessed it without disproportionate effort. The data is not stored together with other personal data.

 

The purpose of using technically necessary cookies is to simplify your use of our websites and to enable you to browse as safely and comfortably as possible.

 

Some features of our website cannot be offered without the use of cookies. For these features, it is necessary that the browser is recognized even after a page change. The user data collected in this way will not be used to create user profiles.

 

Our legitimate interest in processing personal data pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR lies in the aforementioned purposes, which also constitutes the legal basis for processing personal data using technically necessary cookies.

Furthermore, we obtain your consent via the cookie banner for the possible use of cookies that are not technically necessary. The legal basis for the processing of personal data in this respect is Article 6(1)(a) GDPR.

Cookies are stored on your computer and transmitted from there to our website. Therefore, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies.

 

If our cookies are stored, this is done for a maximum period of 13 months. So-called session cookies are automatically deleted as soon as the "session," i.e., the website visit, ends. All other stored cookies can be deleted at any time.

If cookies are disabled for our website, it may no longer be possible to fully use all of the website's functions.

Any consent you may have given will be requested again each time you visit our website, so you can revoke it at any time by closing the browser window or choose not to grant it when registering for the first time. You can also adjust your consent at any time via the "Cookie Settings" link in the footer of our website .

VI. Online Shop – Ordering or Creating a Customer Account

On our website we offer you the opportunity To purchase goods via the Shopify e-commerce platform , you must enter personal data . This data is entered into an input form and transmitted to and stored by Shopify . The data collected during the order process... The results will be determined by the respective input mask used for the survey.

You have the option of creating a customer account. The data you enter will be permanently saved, so the system can recognize you and access your saved information when you place another order.

 

Providing your data is necessary for the performance of a contract with you or for taking steps prior to entering into a contract. Your consent will be obtained before a customer account is created. The personal data you enter will only be processed internally by us or Shopify for the purpose of fulfilling the contract.

 

For the purpose of contract processing, personal data may be passed on to third parties, such as parcel carriers or payment service providers; this only happens to the extent necessary for the delivery of the goods or the processing of the payment.

 

As part of the contract processing, we offer the option of making payments via PayPal or ShopPay (Shopify's internal payment provider) . Further information on how we handle your data and the payment processing can be found here . https://www.paypal.com/de/legalhub/paypal/privacy-full (PayPal) or https://shop.app/shop-pay (ShopPay) . By using PayPal or ShopPay , you agree to the above information and the use of your personal data and acknowledge the respective privacy policies of these payment service providers.

 

When you register on our website, we also store the IP address assigned to you by your internet service provider, as well as the date and time of registration. The purpose of this storage is to prevent misuse of our services and to potentially aid in the investigation of criminal offenses. This data will not be shared with third parties unless there is a legal obligation to do so or the disclosure is necessary for law enforcement purposes.

 

The legal basis for processing the data collected during registration is, if your consent is given, Art. 6 para. 1 lit. a GDPR.

Insofar as the registration is for the performance of a contract to which you are a party or for the implementation of pre-contractual measures If the data is processed in accordance with the GDPR, the additional legal basis for processing the data is Art. 6 para. 1 lit. b GDPR.

Insofar as we prevent or investigate misuse of our systems, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

 

The data will be deleted as soon as it is no longer needed to achieve its purpose. their collection, i.e., the creation or operation of a customer account, is no longer necessary.

Even after your customer account has been closed, it may be necessary to store your personal data in order to comply with contractual or legal obligations.

 

You can cancel your registration at any time by following the steps provided in your customer account . The account created for you will then be deleted immediately.

Login details For your account and/or other personal information, you can change, add to or delete the data stored about you at any time in your account.

However, premature deletion of the data is only possible if no contractual or legal obligations (e.g. retention obligations on our part) preclude deletion.

VII. Contact form and email contact

Our website includes a contact form which can be used for electronic communication.

 

If you contact us in this way, the data you enter in the input form will be transmitted to us and stored. We collect data as sparingly as possible. Therefore, you only need to provide your name and email address and describe your request. In addition, your IP address and the date and time of your request will be stored.

Alternatively, you can contact us via the provided email address. In this case, your personal data transmitted with the email will be stored.

 

The data you voluntarily provide to us will be used exclusively for processing the conversation . The legal basis for processing data transmitted via email or the contact form is Article 6(1)(f) GDPR. If your email contact aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

 

The processing of personal data from the input form serves solely to process your contact request. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from the contact form and data transmitted by email, this is the case when the respective conversation with the user has ended. A conversation is considered ended when it is clear from the circumstances that the matter in question has been resolved.

 

You have the right to object to the storage of your personal data submitted via the contact form or email at any time by informing us of your request by telephone, email, or post. In such a case, the conversation cannot be continued.

All personal data stored during the contact process will be deleted in this case.

VIII. Newsletter

You can subscribe to a free newsletter on our website.

When you subscribe to our newsletter, the data from the input form is transmitted to us. For data minimization reasons, this only includes your email address.

In addition, the IP address of the requesting computer as well as the date and time of registration are collected during login.

 

Your consent for the processing of your data will be obtained during the registration process, and you will be referred to this privacy policy.

In connection with data processing for sending newsletters, no data is shared with third parties. The data is used exclusively for sending the newsletter.

Your email address is collected for the purpose of sending you the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

 

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. The data you enter will therefore be stored for as long as your newsletter subscription is active. Other personal data collected during the registration process will generally be deleted after seven days.

 

Data processing for the purpose of sending the newsletter is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your freely given consent via the so-called double opt-in procedure. The email address will be used and stored for this purpose until you revoke your consent or unsubscribe from receiving the newsletter.

 

You can unsubscribe from the respective newsletter at any time. Each digital newsletter contains a corresponding link that allows you to remove your email address from the mailing list. This also revokes your consent to the storage of the personal data collected during the registration process.

IX. Rights of the data subject

If and to the extent that we process personal data from you , you are a data subject within the meaning of the GDPR and you have the following rights against us as the controller:

1. Right to information

If your personal data is being processed, you have the right, pursuant to Article 15 of the GDPR, to request confirmation of this processing, information about the purposes for which the personal data is being processed, the categories of personal data being processed, the recipients or categories of recipients to whom your personal data has been or will be disclosed, the planned duration for which your personal data will be stored or, if this is not possible, the criteria used to determine that period, the existence of the right to request from the controller rectification or erasure of your personal data, the right to request restriction of processing of your personal data or to object to such processing, the right to lodge a complaint with a supervisory authority, and all available information about the source of the data if the personal data is not collected from you. You also have the right to request information as to whether your personal data is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.

2. Right to rectification

According to Article 16 of the GDPR, you have the right to rectification and/or completion if the processed personal data concerning you is inaccurate or incomplete. The rectification must be carried out without undue delay.

3. Right to erasure

Pursuant to Article 17 of the GDPR, you have the right to request that your personal data be erased without undue delay. This right to erasure does not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest, or for the establishment, exercise, or defense of legal claims.

4. Right to restriction of processing

You can request the restriction of the processing of your personal data pursuant to Article 18 GDPR if you contest its accuracy, the processing is unlawful, the personal data are no longer needed for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or you have objected to the processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

5. Right to information

If you have asserted your right to rectification, erasure, or restriction of processing, all recipients to whom your personal data have been disclosed must be notified of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

6. Right to data portability

According to Article 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another controller, provided that the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest.

7. Right to object

Pursuant to Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR.

You can submit your objection to the data controller by email, fax, or letter (see section 10.1). In the event of an objection, the data controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the purpose of establishing, exercising, or defending legal claims.

8. Right to withdraw consent under data protection law

Pursuant to Article 7(3) of the GDPR, you have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal; however, no further processing will take place in the future.

9. Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into, or performing, a contract between you and the controller. is permitted under Union or Member State law to which the controller is subject and which contains appropriate measures to safeguard your rights and freedoms and legitimate interests or This is done with your explicit consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9 ( 1) GDPR , unless Article 9 ( 2 ) (a) or (g) applies and appropriate measures to protect your rights and freedoms and legitimate interests have been taken.

With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement , if you consider that the processing of personal data relating to you infringes the GDPR .

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR .

Our supervisory authority responsible for data protection matters is:

 

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
 Cavalry Street 2-4
40213 Düsseldorf

Telephone: 0211/38424-0
 Fax: 0211/38424-10
 Email: poststelle@ldi.nrw.de