Privacy Policy
(Valid from: May 2018)
We appreciate your interest in our website and offers on our websites. The protection of your privacy is very important to us. In this privacy policy you will find information about what data is collected when you visit our website (hereinafter "our website") and when placing orders and how this data is processed and used. These are partly personal data (such as the name, address, e-mail address, etc.), their collection, processing and use of which are subject to statutory regulations.
I. Name and contact details of the responsible person for information processing
Person of contact for data protection requests.
The body responsible for data collection, processing and use is:
Please direct your inquiries regarding data protection to the above mentioned address or e-mail address.
II. Collection and use of your data
The extent and kind of the collection and use of your data differs depending on whether you visit our website only to retrieve information or use services offered by us.
1. Informative use of our website
When you visit our website, the following access data that is technically necessary for us, are automatically collected:
- the IP address of the requesting computer,
- date and time of access,
- name and URL of the retrieved file,
- transmission result and amount of sent data,
- Website from which the access was made,
- With which web browser / operating system the access was made.
This information is temporarily stored in a so-called log file. The collection of this data is for technical and administrative purposes only (i.e., connection establishment, ensuring convenient use of our website, evaluation of system security and stability). A comparison with other data, even in excerpts, does not take place. We pass this data on to the webhost acting on our behalf (see point II.3.d).
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection.
Details of further data collection when visiting our website through the use of cookies and analysis services can be found below under no. III and IV.
2. Use of offers
a) The creation of a user account is not required for placing an order in our online shop.
b) As part of the ordering process, you will be asked to provide the following information:
- your first and last name,
- the E-Mail adress,
- any company,
- address,
- the telephone number,
- if necessary, a different delivery address,
- Date of birth,
- Payment details depending on the payment method you have selected.
c) We use this data solely for the purpose of carrying out the contract and the communication required to that extent (for example, a more exact coordination of a delivery date) with you. The data are stored by us until the complete execution of the contractual relationship as well as until expiration of legal warranty rights. After expiry of this period, we retain the information required by commercial and tax law of the contractual relationship for the statutory periods of up to 10 years. For this period, the data will be reprocessed solely in the case of a review by the Financial Administration.
The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR. The processing of the listed data is required for the fulfillment of the respective contractual relationship between you and us. For the processing of your e-mail address in the case of an order via our website, we are also required by law in the Civil Code (BGB) to send an electronic order confirmation (Article 6 para 1 p. 1 lit. c GDPR ).
3. Disclosure to third parties
We only pass on your data if this is permitted under German or European data protection law. Thus, the transfer is made to our service partners, which we need to process the contractual relationship or service providers, of which we use in the context of a processing order. These include, for example, recipients of the following categories: shipping service providers, payment service providers, service providers for order processing, web hosts, IT service providers. Data transmission is limited to a minimum.
a) Shipping service provider
Information about your delivery address and your telephone number will be provided to the shipping service provider (usually DHL) responsible for the delivery of the contract. They may contact you prior to delivery to arrange delivery details. The respective data are transmitted solely for the respective purposes and deleted after delivery. The legal basis for the transfer of data is Art. 6 para. 1 p. 1 lit. b GDPR.
b) Payment service provider
Depending on the payment method chosen by you, we will pass on your payment details to the bank or payment service provider commissioned by us, if this is necessary for the payment process. The legal basis for the transfer of data is Art. 6 para. 1 p. 1 lit. b GDPR. In detail:
- Payment with PayPal
When paying by means of a payment method offered by PayPal, we will transfer your payment data to Paypal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
PayPal reserves itself for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on invoice" or "installment" via PayPal the execution of a credit check. If necessary, your payment details will be processed in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of the legitimate interest of PayPal in the determination of their solvency to credit bureaus passed. The result of the credit check on the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit information can contain probability values (so-called score values). Insofar as score values are included in the results of the credit rating, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, but is not limited to, address data. Further data protection information, among other things to the used credit reference agencies, please refer to the privacy policy of PayPal [external link].
Payment by PayPal is voluntary, we also provide other payment options.
- Payment with wirecard
By credit card payment, you already inform the credit institution you use when making your booking, the payment service provider (Wirecard AG, Einsteinring 35, 85609 Aschheim (Wirecard), www.wirecard.com) in case of a chargeback on request, your customer name and the complete address so that he / she can claim his / her claims against you. Payment by credit card / wirecard is voluntary, we also provide other payment options.
- Payment with Klarna
When selecting this payment option, Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany, is responsible for the data processing. This acts in the context of a legal relationship existing with you. For details please refer to the Privacy Policy of Sofort GmbH [external Link].
c) Order processing
For the purpose of invoicing, your data will be processed by Zervant Ltd. on our behalf. (GmbH) Tekniikantie 12 02150 Espoo Finland.
d) Web host
Our online store is hosted by Shopify Inc., based in the United States on our behalf. The transfer of your personal data to a third country (USA) is done within the meaning of Art. 13 para. 1 lit. f GDPR. For the relationship between the EU and the USA in the area of data protection law, the so-called Privacy Shield, the Commission has identified the adequacy of the level of data protection (C (2016) 4176 final)). Thus, Shopify Inc. has up-to-date certificates and participates in the EU-US Privacy Shield Agreement. For details, please refer to the privacy statement of Shopify [external link].
e) Other transfer
In addition, the transfer of your data to third parties can only take place in the following cases:
insofar as this is required in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
in the event that disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR there is a legal obligation.
4. User account
The call of our website and the placing of orders are possible without the creation of a user account. In order to offer you the greatest possible comfort, we offer you the permanent storage of your personal data in a password-protected user account. Which data are collected, can be seen from the respective input forms. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
Creating a user account is voluntary. Deletion of your user account is possible at any time via email to our address. Please note, however, that data provided to us as part of placing an order will not be deleted at the same time, but processed as described in para. 2. The legal basis for this further data processing is Art. 6 para. 1 p. 1 lit. b and c GDPR.
5. Contact
You can contact us by e-mail, by phone and by post. We use your personal information that you provide to us within this framework for the sole purpose of contacting you and processing your request. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that no statutory storage requirements are in conflict. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f DSVGO. Our legitimate interest follows from the above purpose of data processing. If your contact is intended to conclude a contract, additional legal basis for data processing is in Art. 6 para. 1 sentence 1 lit. b GDPR.
6. Registration for our newsletter
If you, pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, have expressly consented, we will use your e-mail address to regularly send you our newsletter. For the receipt of the newsletter the indication of an e-mail address is sufficient. The (non-) consent to receive a newsletter does not affect the conclusion of the contract.
Note on the right of withdrawal
You may revoke your consent at any time with future effect by notifying sven.steg@picnoir.com or by opting out at the end of each newsletter.
As part of the newsletter distribution, we hire the service company Klaviyo based in Boston, Massachusetts, USA. The transfer of your personal data to a third country (USA) is done within the meaning of Art. 13 para. 1 lit. f GDPR. For the relationship between the EU and the USA in the area of data protection law, the so-called Privacy Shield, the Commission has identified the adequacy of the level of data protection (C (2016) 4176 final)). Thus, Klaviyo has a recent certificate and participates in the EU-US Privacy Shield Agreement. For details, please refer to the Klavyio Privacy Policy [external link].
III. Use of cookies from Shopify
Our website uses cookies from Shopify Inc. (see section II.3.d). Cookies are small data packets that, by the browser you use, are stored on your device at our request. There they do no damage. The data collected with the help of cookies are anonymised or pseudonymised - the determination of your identity is not possible on the basis of the stored data for us.
Session cookies are automatically deleted when you close your browser. The use of session cookies serves to make the use of our offer more pleasant for you, in particular to offer the shopping cart function across all pages.
In contrast, persistent cookies have a lifespan of up to 10 years (permanent cookies). Permanent cookies remain on your computer and allow us to recognize your computer the next time you visit it. In particular, these cookies serve to make our offer user-friendly, effective and secure.
Specifically, these are the following cookies:
Cookies that ensure functionality of our website | |
name | function |
_ab | Admin access |
_orig_referrer | Shopping cart functionality |
_secure_session_id | Navigation on the website |
Cart | Shopping cart functionality |
cart_sig | Functionality of the order process |
cart_ts | Functionality of the order process |
checkout_token | Functionality of the order process |
Secret | Functionality of the order process |
Secure_customer_sig | Functionality of the user account |
storefront_digestFunctionality of the user account | Functionality of the user account |
Cookies for the purpose of analysis and use evaluation | |
name | function |
_landing_page | Storage of visiting pages |
_orig_referrer | Storage of visiting pages |
_s | Shopify analytics. |
_shopify_fs | Shopify analytics. |
_shopify_s | Shopify analytics. |
_shopify_sa_p | Shopify analytics related to marketing and referral |
_shopify_sa_t | Shopify analytics related to marketing and referral |
_shopify_uniq | Shopify analytics. |
_shopify_visit | Shopify analytics. |
_shopify_y | Shopify analytics. |
_y | Shopify analytics. |
tracked_start_checkout | Shopify analytics related to order process |
If personal data are also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 p. 1 lit. b GDPR, either for the performance of the contract or pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for safeguarding our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of your page visit.
Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your device or a message always appears before a new cookie is created. Use the help function of your browser to find out how this works. Information about the procedure for using a mobile phone is provided in the user guide for your mobile device. However, you will not be able to access some sections of our website if you have declined to use of cookies.
IV. Web Analysis Tools
1. Google Analytics
Google Analytics is used on our website to gather information about the user behavior of visitors to our website. This should give us insight into whether we are meeting the needs of users of our website and what we could improve. The provider of Google Analytics is the Google Inc. 1600 Amphitheater Parkway Mountain View, CA 94043, USA (hereafter "Google"). In this context, pseudonymised usage profiles are created and cookies are used (see point III.). Google Analytics uses cookies (see section III.) to store information about which pages you visit, how long you spend on the page, how you got there and what you click. The cookies used by Google Analytics are: _utma, _utmb, _utmc, _utmz, _utmv _ga.
name | describtion | storage time |
_utma | stores the number of visits of each user, namely the first visit, the previous visit and the current visit | expires two years after the last page view |
_utmb und _utmc | Check the duration of the website visit, namely the beginning and the end of the visit | _utmb expires 30 minutes after the visit to the site or as a result of 30 minutes of inactivity _utmc expires with the end of the session |
_utmz | keeps track of how the visitor came to the site (through a search engine, keyword, or link) | expires six months after the last page view |
_utmv | keeps track of which pages the site has visited, and splits the result into groups | expires two years after the last page view |
_ga | Detects the unique anonymous ID number of the user across multiple devices | expires one year after the last page view |
The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. The IP addresses are anonymized, so that an assignment is not possible (IP masking). Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. Under no circumstances will your IP address be merged with any other data provided by Google. This information may also be transferred to third parties if required by law or if third parties process this data in the order.
You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=en [external link]. As an alternative to the browser plug-in, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link [external link]. An opt-out cookie will be set that will prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Learn more from Google's privacy policy [external link].
2. Facebook Pixels
This website uses the "Facebook Pixel" of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). In the case of explicit consent, this may track the behavior of users after they have seen or clicked on a Facebook ad. This process is designed to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and may help to optimize future advertising efforts.
The data collected is anonymous to us and does not provide us with any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook Data Directive [external link].
You can enable Facebook and its affiliates to display ads on and off Facebook. It may also be stored for these purposes, a cookie on your computer. These processing operations are carried out exclusively upon granting the express consent in accordance with Art. 6 para. 1 lit. a GDPR. A consent in the use of the Facebook pixel may only be declared by users who are older than 16 years old. If you are younger, we ask that you ask your guardians for permission.
Based in the US, Facebook Inc. is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
In order to deactivate the use of cookies on your computer, the statements under no. III. corresponding. You may also disable the use of cookies by Facebook on the Digital Advertising Alliance website [external link].
V. Use of social media (Facebook, Instagram, Youtube)
On our website we use links to our accounts on social networks like Facebook, Instagram and Youtube without using any plugins from these networks. If you click on the links you will be redirected to the websites of the respective social media providers. For the local data processing the respective providers are responsible:
- Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA: Data Directive [external link]
- Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, United States: Data Directive [external link]
- YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA: Privacy Policy [external link].
VI. Affected rights
According to the applicable data protection law, if the respective legal requirements are met, you have a variety of information and intervention rights in relation to your data. In detail:
VII. Right to object
If your personal data are based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR are processed, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or against the company more generally. In the latter case, you have a general right of objection, which is implemented by us without specifying any particular situation.
If you would like to use your right of revocation or objection, please send an e-mail to privacy@picnoir.com.
VIII. data security
For security reasons and to protect the transmission of personal data and other confidential contents (for example, orders or inquiries to the person responsible), this website uses an SSL or TLS encryption. You can recognize an encrypted connection by the string "https: //" and the lock icon in your browser bar.
IX. Scope and amendment of this Privacy Policy
If there are links to external websites within the framework of our website, this declaration does not apply to data collection and use on the linked pages.
Due to the further development of our website or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The latest privacy policy can be accessed and printed by you at any time on the website at https://en.picnoir.com/pages/privacy-policy.