Privacy policy

Privacy Policy

Thank you for your interest in our company. We take data protection seriously.

You can generally use our website without providing any personal data. However, if a data subject wishes to use services provided by our company through our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we always obtain the consent of the data subject.

The processing of personal data (e.g., name, address, email address, or telephone number of a data subject) is always carried out in accordance with the General Data Protection Regulation (GDPR) and with the country-specific data protection regulations applicable to us.

With the following privacy policy, we would like to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects about the rights to which they are entitled.

As the controller responsible for processing, we have implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed through our website. However, data transmissions over the internet may generally contain security vulnerabilities. Therefore, a 100% guarantee of protection cannot be ensured. For this reason, every data subject can of course also transmit personal data to us by alternative means, such as by telephone.

Definitions

This privacy policy is based on the terms used by the European legislator for directives and regulations when issuing the GDPR (Article 4 GDPR). Our privacy policy is intended to be easy to read and understandable for the public, as well as for our customers and business partners. To ensure this, we would first like to explain the terminology used.

In this privacy policy, we use, among other things, the following terms:

“Personal data”
All information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Data subject”
Any identified or identifiable natural person whose personal data is processed by the controller responsible for processing.

“Processing”
Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Restriction of processing”
The marking of stored personal data with the aim of limiting its future processing.

“Profiling”
Any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

“Controller”
A natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for their nomination may be provided for by Union or Member State law.

“Recipient”
A natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the course of a particular inquiry under Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

“Third party”
A natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

“Consent”
Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Name and Contact Details of the Controller

These privacy notices apply to the data processing by:

Controller: TZ Designs, Owner: Tabea Zimmermann
Peterstraße 22, 42499 Hückeswagen, Germany
Phone: +49 176 71863302
Email: info@tz-designs.de

Our website is encrypted for security reasons (SSL/TLS encryption).

A secure connection can be recognized by the lock icon in the browser bar and the “https://” prefix in the browser.

Collection and Storage of Personal Data, and Type and Purpose of Their Use

When Visiting the Website

You can generally use our website without disclosing your identity. When you access our website, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:

  • IP address of the requesting device

  • Date and time of access

  • Name and URL of the accessed file

  • Website from which the access occurred (referrer URL)

  • Browser used and, if applicable, the operating system of your device, as well as the name of your access provider

The above data is processed by us for the following purposes:

  • Ensuring a smooth connection to the website

  • Ensuring comfortable use of our website

  • Evaluating system security and stability

  • For other administrative purposes

The legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the collected data to draw conclusions about your person.

In addition, when visiting our website, we use cookies and analytics services. Further explanations can be found under Sections 5 and 7 of this privacy policy.

When Using Our Contact Form

For any inquiries, we provide you with the opportunity to contact us via a form provided on our website. Providing a valid email address is required so that we know who the request is from and can respond. Additional information may be provided voluntarily. It is entirely your decision whether you wish to enter this data in the contact form.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 (1) sentence 1 lit. a GDPR based on your voluntarily given consent.

Personal data collected by us for using the contact form will be automatically deleted after your inquiry has been processed.

When Placing Orders via Our Website

You can place orders on our website either as a guest without registering or register as a customer in our shop for future orders. Registration offers the advantage that, for future orders, you can log in directly with your email address and password without having to re-enter your contact details.

Your personal data is entered into an input form, transmitted to us, and stored. When you place an order via our website, whether as a guest or registered user, we initially collect the following data:

  • Salutation, first name, last name

  • A valid email address

  • Address

  • Telephone number (landline and/or mobile)

This data is collected:

  • To identify you as our customer

  • To process, fulfill, and manage your order

  • For correspondence with you

  • For invoicing purposes

  • To handle any potential liability claims and assert any claims against you

  • To ensure the technical administration of our website

  • To manage our customer data

During the ordering process, your consent to the processing of this data is obtained.

The processing is based on your order and/or registration and is necessary according to Art. 6 (1) sentence 1 lit. b GDPR for the proper processing of your order and the mutual fulfillment of obligations arising from the purchase contract.

Personal data collected for processing your order will be stored until the expiration of statutory retention periods and then deleted, unless we are obliged to store them longer due to tax and commercial retention and documentation obligations (from HGB, StGB, or AO) under Art. 6 (1) sentence 1 lit. c GDPR, or you have consented to further storage under Art. 6 (1) sentence 1 lit. a GDPR.

Product Reviews

You can submit product reviews via our website. When a data subject leaves a review, the information provided by them, the time of submission, and the username (pseudonym) chosen by the data subject are stored and published. In addition, the IP address assigned to the data subject by their Internet Service Provider (ISP) is logged.

This IP address is stored for security reasons and in case the data subject violates the rights of third parties or posts illegal content through the review. The storage of this personal data serves the legitimate interests of the controller to be able to defend themselves in case of legal violations.

No personal data collected through reviews is shared with third parties unless legally required or necessary for the legal defense of the controller. The storage of your data is based on Art. 6 (1) lit. b and f GDPR. We reserve the right to delete reviews if they are reported as unlawful by third parties.

Email Newsletter

You can subscribe to our email newsletter to receive information about current offers. The only mandatory information is your email address. All other information is voluntary and may be used, for example, for personalized greetings.

We use the double opt-in procedure for sending newsletters, meaning you will only receive newsletter emails if you have explicitly confirmed your subscription. Upon registration, you will first receive a confirmation email containing a link that you must click to confirm your subscription. By clicking the confirmation link, you give your consent for the use of your personal data according to Art. 6 (1) lit. a GDPR.

When registering for the newsletter, we store your IP address as recorded by your Internet Service Provider and the date and time of registration. This is to be able to track possible misuse of your email address at a later date. The data collected is used solely for sending the newsletter.

You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by contacting the data controller named above. Upon unsubscribing, your email address will be deleted from our newsletter distribution list, unless you have explicitly consented to further use or we reserve the right to use your data as permitted by law and informed in this policy.

Data Sharing

The sharing of your personal data (name, delivery address) with third parties is carried out solely with service providers involved in the contract processing, such as the logistics company responsible for delivery and the bank responsible for payment transactions, insofar as this is necessary for the delivery of goods or payment processing. The legal basis for data sharing is Art. 6 (1) sentence 1 lit. b GDPR.

Sharing of Email Address and/or Telephone Number with Shipping Providers

  • Examples: DHL, DPD, GLS, Hermes, UPS

If you have explicitly consented during the ordering process to the sharing of your email address and/or telephone number with the shipping provider, we pass on this personal data to the respective shipping provider based on Art. 6 (1) sentence 1 lit. a GDPR so that they can coordinate all details of the delivery (e.g., delivery date, location) with you.

You can revoke your consent at any time with future effect either to the data controller named above or directly to the shipping provider.

PayPal

For payments via PayPal, credit card via PayPal, direct debit via PayPal, or “purchase on account” via PayPal, we transmit your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) for payment processing.

For credit card payments via PayPal, direct debit via PayPal, or “purchase on account” or “installment payments” via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transmitted to credit agencies by PayPal on the basis of Art. 6 (1) sentence 1 lit. f GDPR.

The result of the credit check regarding the statistical probability of payment default is used by PayPal to decide whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Where score values are included in the credit report, these are based on a scientifically recognized mathematical-statistical method. Address data are included in the calculation of the score values. Further data protection information can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to the processing of your data by notifying PayPal at any time. However, PayPal may still be authorized to process your personal data if necessary for contract-compliant payment processing.

Use of Cookies

We use cookies on our website. These are small files automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device, contain no viruses, trojans, or other malware.

Cookies store information related to the specific device used. This does not mean that we directly gain knowledge of your identity.

The use of cookies serves two main purposes:

  1. To make the use of our website more convenient for you. For example, we use session cookies to recognize that you have already visited certain pages. These are deleted automatically after leaving our site. Temporary cookies are also used to optimize user-friendliness for a defined period, so repeated inputs and settings do not need to be re-entered.

  2. To statistically analyze the use of our website and optimize our offer for you. These cookies allow us to automatically recognize repeat visits and are deleted after a defined period.

Data processed through cookies is necessary for the purposes stated to protect our legitimate interests and those of third parties according to Art. 6 (1) sentence 1 lit. f GDPR.

Most browsers automatically accept cookies. You can configure your browser to prevent cookies from being stored or to receive notifications before a new cookie is set. Fully disabling cookies may result in not being able to use all functions of our website.

Links to Third-Party Websites

The links published on our website are researched and compiled with the utmost care. However, we have no influence on the current and future design and content of the linked pages. We are not responsible for the content of these external sites and do not adopt it as our own.

We are not liable for illegal, incorrect, or incomplete content or for damages resulting from the use or non-use of the information. Liability rests solely with the provider of the website to which reference was made. Liability for mere reference via a link is excluded. We are only responsible for third-party content if we have positive knowledge of it, including illegal or criminal content, and it is technically possible and reasonable to prevent its use.

Use of Social Media

YouTube Videos

We use the YouTube embedding function on our website to display and play YouTube videos provided by “YouTube” (part of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

The extended privacy mode is used, which according to the provider only triggers the storage of user information when a YouTube video is played. If an embedded YouTube video is played, YouTube sets cookies to collect information about user behavior. YouTube uses this information to improve its user interface. If you are logged into Google, your data will be directly associated with your Google account when you play a YouTube video. Log out of Google first if you do not want an association with your YouTube profile. Your data is stored and evaluated by Google as user profiles. The legal basis is Art. 6 (1) lit. f GDPR, based on Google’s legitimate interests, e.g., for displaying personalized advertising. You can object to the creation of user profiles with YouTube. Further information is available in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Social Media Plugins

Based on Art. 6 (1) sentence 1 lit. f GDPR, we use social plugins (e.g., Facebook, Twitter, Google+) to make our company more widely known. The promotional purpose constitutes a legitimate interest under the GDPR. Responsibility for data protection-compliant operation lies with the respective provider. Plugins are embedded using the so-called two-click method to best protect website visitors.

Rights of Data Subjects

You have the right to:

  • Art. 15 GDPR: Request information about your personal data processed by us, including processing purposes, categories of personal data, recipients, retention periods, existence of a right to rectification, erasure, restriction, objection, complaint rights, data source (if not collected by us), and information on automated decision-making including profiling.

  • Art. 16 GDPR: Request the correction or completion of your personal data stored by us.

  • Art. 17 GDPR: Request the deletion of your personal data, unless processing is necessary for freedom of expression, legal obligations, public interest, or asserting/defending legal claims.

  • Art. 18 GDPR: Request restriction of processing if accuracy is disputed, processing is unlawful but deletion is rejected, or if needed to assert legal claims.

  • Art. 20 GDPR: Receive your personal data in a structured, commonly used, machine-readable format or request transfer to another controller.

  • Art. 7 (3) GDPR: Withdraw your consent at any time, which prevents further processing based on that consent.

  • Art. 77 GDPR: Lodge a complaint with a supervisory authority, typically the authority at your residence, workplace, or our company location.

Right to Object

If your personal data is processed based on legitimate interests (Art. 6 (1) lit. f GDPR), you have the right under Art. 21 GDPR to object to the processing, particularly if it relates to your specific situation or for direct marketing. In the case of direct marketing, a general objection right exists and will be implemented without specifying a particular situation. To exercise your objection, send an email to the data controller mentioned above.

Data Security

We use the widely recognized SSL (Secure Socket Layer) protocol during visits to our website in combination with the highest encryption level supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we instead use 128-bit v3 technology. Whether a particular page of our website is transmitted in encrypted form can be recognized by the closed lock symbol in the status bar of your browser.

Furthermore, we use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.