Data protection has a particularly high value for DRESNR Online Store. Use of our internet pages and its internal links is basically possible without any indication of personal data. However, if a person concerned wishes to make use of the special services of our website, this will require your information. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned.
The processing of data, for example, the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to Boutique De Passion. By means of this data protection declaration, we would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection declaration is used to inform affected persons about their rights.
Our data protection declaration is based on the terms used by the European directive and regulation giver when the data protection basic regulation (GDPR) was issued. It should be easy to read and understand both for the public and for our customers and business partners. In order to guarantee this, we would like to explain the terms used in advance:
Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, IP, an online identifier or to one or more specific characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
- Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
- Usage Data: Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- Cookies: Cookies are small pieces of data stored on a User’s device.
- Data Processors (or Service Providers): Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
- Data Subject: Data Subject is any living individual who is the subject of Personal Data.
- User: The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data
Data We process
(We)Boutique De Passion offer our customers a wide range of services, which you can also use in a wide range of ways. We collect your data based on the method used in contacting us, whether by using our contact form, by phone or purchasing one of our products. During a purchase, we request your name or email address or address. This information enables us to ship your product to the right address and also give you any support that you might need.
Registration on our website
An organization or a person concerned has the opportunity to register on our website by providing certain data. Which data is transmitted to us, in this case, is determined by the respective input mask that is used for registration. The data entered by the person concerned is collected, and stored exclusively for our own purposes in a data center in Germany.
You as the data owner may arrange for the data to be passed on to one or more contract processors, such as a parcel service provider, who also uses the personal data exclusively for internal purposes attributable to the data controller.
By registering on our website, the IP address assigned to the person concerned by the Internet Service Provider (ISP), the date and time of registration are also stored. This data makes it possible to clarify criminal offenses and to protect your data.
The registered persons are free to modify the personal data provided during registration at any time or to have it completely deleted from our database.
The development and provision of personalized functionalities and services for you is our top priority. We offer you an individual shopping experience and a range tailored to your individual interests, regardless of location, time and devices used. The processing of your data to personalize our service is therefore an integral part of our service.
Data Security & Your Trust
We take sensible precautionary measures to secure your data. The security of your own data is important to us. We encrypt all data and send the encrypted data via secure channel. By doing so, we are securing your data to enhance your trust. We do not keep any bank or credit card credentials on our servers. All payment gateways are processed by third-party companies that have adequate security measures for ensuring the safety of your online purchase.
We follow generally acknowledged industry models to secure the individual data submitted to us, both at rest and during transmission.
We are aware of the great importance of protecting your data. For this reason, the security architecture is always an important part of our services. For data processing, data is kept at an ISO27001 certified server provider located in Germany.
We use third-party services (e.g. payment processors) for payment processing. We do not store or collect your payment card information.
Currently, we are offering:
- Bank Transfer
- Credit Cards
- Mobile Money
We offer you various newsletter services. When you register for a newsletter service you will receive information on the topics dealt with by the individual newsletters.
Recommendations of products by email and push service.
In connection with our services we will occasionally inform you with new trends and offerings from time to time base on your interest. These recommendation messages are individualized regardless of whether you have subscribed to a newsletter. In accordance with legal stipulations, we preferentially use your previous shopping and interests data, which allow us to derive your product interests in view of the interests, preferences and profile data you have shared with us, to select individual product recommendations.
We use the data submitted when ordering a vouchers to check and process the order and to issue and redeem the voucher. This also includes the recording and processing of the data connected to use of the voucher, especially for fraud prevention.
Retention of Data
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for a longer time period of 6 Months.
General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. TermsFeed aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
- The right to access, update or to delete the information we have on you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Data.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where Terms Feed relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Changes to this Data Protection Declaration and points of contact
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page.
If you have any questions regarding data protection at Boutique De Passion Group, please contact our data protection officer. The easiest way to contact him is at firstname.lastname@example.org
Links To Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use both Google Analytics and localized (and anonymous if you do not have a site membership) cookies to manage your user experience. We also use Facebook pixels to track user data so that we may know when a Facebook user visits our website. That data is anonymized by Facebook for our purposes. It does allow us to target you with ads because we believe people who visit our website may be potential customers.
Who we share your data with
We maintain direct control over as many processes as we can. As necessary in connection with the above purposes, your personal data may be transferred to third-party payment providers you select during checkout.
We take appropriate steps to ensure that data remains within jurisdictions with adequate protections for personal data and ensure that recipients of personal data from us are bound to duties of confidentiality, where relevant or appropriate. Where this is not possible, we rely on data minimization, the selection of trusted companies with privacy policies and audit-able processes which we have reviewed and seek to ensure that there are adequate safeguards in place for protecting transferred data, for example Standard Contractual Clauses. For more information on the safeguards for transfer in a particular operation please contact us. We may also be required to disclose or otherwise process your personal data in the context of a regulatory audit to which we may be subject from time to time.
How long we retain your data
We ensure that personal data is retained only for as long as necessary in accordance with the above purposes and applicable laws. We may be required to retain your personal data for a number of years in order to satisfy legal or contractual obligations, or in order to establish, exercise or defend legal claims. When your personal data is no longer necessary for these purposes, the personal data will be deleted.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so that we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username).
What rights you have over your data
You have rights under data protection law over your personal data.
You are entitled, to request access to, rectification of, or erasure of your personal data. You are also entitled, to request restriction of collection and/or processing of, or object to certain types of collection and/or processing of your personal data. You have the right to ask us not to collect and/or process your personal data for marketing purposes; we currently require your consent by opting-in, and you can change your preferences at any time. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You may also, in some circumstances, have a right to data portability.
We will provide you with a response to your requests in accordance with GDPR data protection law. Requests can be submitted at any time by email to email@example.com, or by post to the physical address set out below. You also have the right to lodge a complaint with the corresponding data protection supervisory authority in your country of residence. You can find the relevant supervisory authority name and contact details here. In the UK the data protection supervisory authority is the Information Commissioner.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Emails received through all our emails and forms on our website are reviewed by one staff member, sent onwards when necessary to other staff members, and deleted as quickly as possible. Similarly, emails sent to our other general addresses, e.g. firstname.lastname@example.org, are reviewed and deleted as quickly as possible. We do not disclose the names of senders to others outside without your permission.
We use email service providers in the EU. As a result our emails are susceptible to lawful access in the EU. We select our service providers on the basis of their privacy awareness, and work with most of our service providers to advise them on privacy protection.
We use social media and social networking services to advance our work. These applications require the use of third party service providers. Notably, we have a Facebook page, Twitter feed, articles published on Instagram, and a YouTube channel.
The Facebook page is administered by Facebook, in accordance with Facebook’s Data Policy available here, and is accessible by Facebook users who have already consented to Facebook’s Data Policy. We do not export information on our followers from the Facebook platform.
We use direct messaging over social media on occasion, when individuals and organizations contact us on Facebook by leaving messages in our Inbox or by sending us Direct Messages on Twitter. We aim to delete these messages as soon as we have responded to the queries.
We will continue to push social media companies for stronger privacy protections for all their users.
Occasionally we receive employment information from prospective employees or directly on our website. This information may include the individual’s CV, biographical information, contact details, immigration status, photograph, and references. This information is shared with relevant staff internally until that individual becomes a candidate for employment. At that point we may share the CV with our trustees. We delete your application once it is no longer necessary for the recruitment exercise.
We also collect and process prospective and current volunteer data for recruitment and administration purposes. This data may include biographical information, contact details, immigration-related information, references, and payment details for reimbursement purposes. Again, we delete your application once it is no longer necessary for the recruitment exercise.
We keep all accounting and administration information for auditing purposes, in accordance with standard practice and UK law.
How we protect your data
Personal data shall be subject to additional safeguards to ensure this data is processed securely. For example, we work hard to ensure data is encrypted when in transit and storage, and access to this data will be strictly limited to a minimum number of individuals and subject to confidentiality commitments. All your data is transfer through TLS.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to any of our websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. When possible, encryption is used, both in transit and storage. Access controls within the organisation limit who may access information.
How to Contact Us
Please read the Policy carefully. To update your preferences, review or update your information, submit a request, raise any issues regarding the processing of your personal data or raise any questions, comments, or concerns about the Policy, you may contact us by writing to:
DRESNR Online Store
Updated in May 2018 to take into account the EU General Data Protection Regulation taking effect on 25 May 2018.
What data breach procedures we have in place
In case of a data breach, System administrators will immediately go through affected users and will attempt to reset passwords if needed after informing the user.
If there is a data breach, we will inform you by email within 72 hours and provide recommendations.
What third parties we receive data from
This website receives no data from external third parties.
What automated decision making and/or profiling we do with user data
At this time, we only use user data to provide services on this website and target users for advertisements to remind them of the services we provide.
Industry regulatory disclosure requirements
Other than breach notifications, we are not aware of any regulatory disclosures we must provide. Please feel free to contact us if you are aware of any.