Privacy Policy
This Privacy Policy applies to the Website www.cinnamonandvanilla.com
Data controller:
Cemre Yurdakul
c/o RA Matutis
Berliner Str 57
14467 Potsdam
Germany
Processing of Personal Data
In the context of our website, we process your personal data in, among others, the following ways (for other processing of personal data collected on our website, please refer to the following clauses of this privacy policy):
Logfiles when you visit our website
When visiting our website, our host provider protocols, for every access to its servers, so-called “logfile” data such as the name of the retrieved website, the previously visited website (“referrer” URL), product and version information of the used browser and operating system, the retrieving provider, date and time of access, used search engines, country of access, transferred data volume, name of downloaded files, and the IP address.
Legal basis for the respective processing of data is Article 6 (1) f) General Data Protection Regulation (GDPR). Our legitimate interest in the storage of logfile data is based on the provision of system security including the clarification of cases of data abuse. The IP address will be deleted within max. 7 days unless it is required for a longer period of time due to a security related event, e.g. for purposes of clarification or proof.
Contact Enquiries
When you send us a contact enquiry, we process the personal data that we need to respond to your enquiry, such as your name, postal address, email address, phone number etc.
The legal basis for processing your personal data in connection with contact enquiries is Article 6 (1) b) General Data Protection Regulation (GDPR).
In conjunction with contact requests, we store your personal data for as long as is necessary to process your request, including an appropriate retention period for follow-up questions.
The provision of this personal data is not prescribed by law or contract, and it is not necessary for the purpose of entering into a contract. However, if you decide not to disclose this data to us, we will not be able to respond to your contact enquiry or – if you have provided only limited contact details – we will not be able to respond to it via all available communication channels.
Registrations/ Orders
When you register or place an order with us we process the personal data that we need to perform a contract with you, or to take steps at your request prior to entering into the contract, such as name, address, e-mail address, phone number, date of birth, chosen user name and payment details.
Personal data which is collected during the registration or order process is stored for as long as it takes to perform the contract (where applicable including the provision of a customer account), and/or to take steps at your request prior to entering into the contract, and/or to meet warranty, guarantee or similar obligations, and/or to comply with statutory archiving requirements.
The legal bases for processing the personal data collected in connection with registrations or orders are Article 6 (1) b) and Article 6 (1) c) of the General Data Protection Regulation.
The provision of this personal data is not prescribed by law or contract. However, it is necessary to enter into the contract, i.e. to complete the registration or order, if the data is mandatory (as opposed to voluntarily) in the registration/ order process.
Newsletter
When you subscribe to our newsletter, we process data to enable us to send the newsletter to you, such as your email address and name.
If and to the extent that the processing of data for the aforesaid purposes is made with your consent, the legal basis is Article 6 1 a) of the GDPR (Consent). Otherwise the data is processed on the legal basis of Article 6 1 f) of the GDPR (“legitimate interests”), with the legitimate interests in question being the purposes mentioned above.
We store the personal data that we need to send the newsletter for as long as we need it for this purpose or until you revoke your consent to receive the newsletter. Any legitimate continued storage for other purposes (e.g. customer communication) remains unaffected.
Use of Cookies
This section informs you about how we use cookies on our website.
Description and Functionality
Cookies are small text files which are saved on your computer and enable an analysis of your use of the website.
Own Cookies
We use cookies on our website to optimise the user experience and to provide certain functions.
The legal basis for the processing of personal data by us in connection with the use of cookies is Article 6 (1) f) of the General Data Protection Regulation (”legitimate interest”). The legitimate interest ensues from the above-mentioned purposes.
When cookies are used, we store your personal data for as long as necessary to optimise your user experience on the website.
Third Party Cookies
Third party cookies may also be used on the website to collect information about our website and other sites on the internet. This information is then used for services such as web tracking, analyses or target audience-specific advertising.
Personal data is stored in conjunction with the use of cookies for as long as is necessary for the purposes described above.
If and to the extent that the processing of data for the aforesaid purposes is made with your consent, the legal basis is Article 6 1 a) of the GDPR (Consent). Otherwise the data is processed on the legal basis of Article 6 1 f) of the GDPR (“legitimate interests”), with the legitimate interests in question being the purposes mentioned above
Revocation/ Objection/ Settings
You can revoke your consent to accept cookies or for data to be processed by cookies at any time by changing your browser’s cookie settings.
You can also set your browser to only accept cookies if you agree to it.
You can manage and/or block many advertisement cookies via the following services:
www.aboutads.info/choices/
www.youronlinechoices.com/uk/your-ad-choices/
www.networkadvertising.org/managing/opt_out.asp
However, if your browser is configured to reject all cookies you may not be able to use some of the website’s functions, services, applications or tools.
Google Analytics
This Website uses Google Analytics, einen web analytics service der Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies (small text files) which are saved on your computer and enable an analysis of your use of the website. The cookie-generated information about your use of this website is transferred to a Google server in the USA and stored there. Google bases such aforesaid transfer on the EU Standard Contractual Clauses
IIn the event of activation of IP anonymisation on this website your IP address will be shortened by Google before such transmission within member states of the European Union or other countries adhering to the treaty on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and truncated there in specific, exceptional cases. At the request of the operator of this website, Google will use this information to evaluate the way you use this website, to compile reports on website activity, and to provide additional services connected to website use and Internet use to the website operator. The IP-address transferred by your browser under Google Analytics will not be brought together with other data of Google. Where cookies on the website do not require your active consent anyway, you can set your browser to prevent it from saving cookies, but we would like to point out that if you do this, you may not be able to use all the functions of this website to their full extent.
Data processed in connection with the use of Google Analytics is automatically deleted after 26 month.
If and to the extent that the processing of data for the aforesaid purposes is made with your consent, the legal basis is Article 6 1 a) of the General Data Protection Regulation, abbr. ‘GDPR’) (Consent). Otherwise the data is processed on the legal basis of Article 6 1 f) of the GDPR (“legitimate interests”), with the legitimate interests in question being the purposes mentioned above.
You can also download and install the browser plugin available at the following link to prevent the cookie-generated data that discloses your use of the website (including your IP address) from being collected and transmitted to Google and prevent Google from processing this data.
https://tools.google.com/dlpage/gaoptout?hl=en
Rights of Data Subjects
Under Article 15 GDPR, you have the right to obtain information on the processing of your personal data (“Right of access by the data subject”).
Under Article 16 GDPR, you have the right to rectification of incorrect personal data and deletion of personal data concerning you (“Right to rectification”).
Under Article 17 GDPR, you can demand the deletion of personal data concerning you if one of the listed grounds applies (“Right to erasure/ Right to be forgotten”).
You also have the right, under Article 18 GDPR, to restrict the processing of personal data concerning you if one of the listed grounds applies (“Right to restriction of processing”).
Under Article 20 GDPR, you have the right to receive the personal data concerning you and to transmit that data to another controller (“Right to data portability”).
Revocation of consent: Refer to the section entitled “Right of Revocation” in this Privacy Policy.
Right of Revocation Refer to the section entitled “Right of Revocation” in this Privacy Policy.
You have the right to lodge a complaint with the relevant supervisory authority. The relevant supervisory authority is
Die Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Telefon 0211/38424-0
Telefax 0211/38424-10
Email [email protected]
Internet www.ldi.nrw.de
Right of Revocation
You can revoke your consent to the processing of your personal data, where such consent has been given, at any time, e.g. by way of email to our email address indicated first above. This does not affect the lawfulness of processing up to the time of consent revocation.
Right to Object
If we process data on the basis of Article 6, section 1 f) GDPR (“legitimate interests“), you are accorded the right under Article 21 GDPR to object to the processing of your personal data.
Disclosure of Your Data
Where not already stated elsewhere in this Privacy Policy, we pass on your personal data to the following further recipients respectively recipient categories:
Payment Service:
– PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg
– Stripe, Inc.
510,Townsend St.
San Francisco, CA 94103
USA
Form builder:
– Typeform
Barcelona Spain
Appointment Scheduling Software:
– Calendly
Atlanta, GA, US (HQ)
BB&T Tower, 271 17th St NW
E-Mail Marketing Service:
– The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA
Unless already stated above, we intend to pass on your personal data to the following third country or the following international organisations.
Payment Service:
– Stripe, Inc.
510,Townsend St.
an Francisco, CA 94103
USA
Appointment Scheduling Software:
– Calendly
Atlanta, GA, US (HQ)
BB&T Tower, 271 17th St NW
E-Mail Marketing Service:
– The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA