A. Data controller
The data controller responsible for the processing of personal data in connection with this website in accordance with the General Data Protection Regulation (GDPR) is: Casa Nata OHG Elvirastrasse 10 80636 München Germany Tel.: 089 – 12023618 Web: https://www.casa-nata.com Email: contact@casa-nata.com This Privacy Policy explains how we use your personal data (hereinafter referred to as “data”).
B. Data processing
For the purposes of operating our website, we collect and process personal data. This data processing also includes disclosure by transmission. For the protection of data transferred to the USA, there exists an adequacy decision by the EU Commission, the EU-US Privacy Shield, in which the Commission certified that the guarantees for data transfer to the USA based on this Privacy Shield meet the same data protection standards as in the EU. Insofar as we transfer data to the USA, we have identified that our service providers participate in the EU-US Privacy Shield. The specifically affected data, processing purposes, legal bases, recipients and transfers to third countries are listed below:
a) Log file
We log your visit to our website. In doing so, we process the following data: the name of the web page you visited, the date and time of your visit, the amount of data transferred, the browser type and version, the operating system you used, the referrer URL (the previous website you visited), your IP address and the requesting provider. This is necessary to guarantee the security of our website. We process the data accordingly on the basis of our legitimate interests as per Art. 6 Section 1 f) GDPR. The log file is deleted after seven days, unless it is required for clarification or as evidence of specific legal infringements that have come to light within the retention period.
b) Hosting
In the context of hosting this website, all data processed in connection with its operation is saved. This is necessary for our website to run. We process the data accordingly on the basis of our legitimate interests as per Art. 6 Section 1 f) GDPR. To maintain our online presence, we use the services of web hosting providers, to whom we transfer the aforementioned data.
c) Contacting us
If you contact us, your data (name and any contact details you specify) and your message will be processed solely for the purposes of dealing with your request. We process this data on the basis of Art. 6 Section 1 b) GDPR or Art. 6 Section 1 f) GDPR in order to deal with your request.
d) Newsletter, email marketing
We offer you the option of receiving a newsletter so that we can share regular information with you about our organisation and our offers. We also give you the option of using our download service. If you sign up to our newsletter or download service, we will process the data you provided (email address and any optional information given) and ask for your consent to the following: “[ ] I consent to receiving emails from Casa Nata OHG with their own information and offers. I understand that I can withdraw my consent at any time via email to contact@casa-nata.com or via the Unsubscribe link in every email.” Once you have subscribed, the newsletter or further information will be sent to you based on your consent as per Art. 6 Section 1 a) GDPR. Signing up to the newsletter and other marketing is based on the so-called double opt-in method. To prevent misuse, once you have signed up, we will send you an email asking you to confirm your subscription. We log your sign-up so we can verify that the subscription process complies with the legal requirements. The log entry records the time and date of your initial sign-up and confirmation, along with your IP address. For sending out the newsletter, we use service providers to whom we pass on the aforementioned data. This data is transferred to the servers of the following service providers in the USA: Mailchimp: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308 For more on certification, visit: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active For more on data privacy, visit: https://mailchimp.com/legal/privacy/
e) Customer account
By opening a customer account, you consent to your basic data (name, address, email address, bank details) and your user data (user name, password) being stored. This allows us to identify you as a customer and lets you manage your orders. We ask for your consent to the following: “[ ] I would like to create a customer account. Please store my data for this purpose. I understand that I can withdraw my consent at any time via email to info@schoenbuch.com.” Your data will be processed on the basis of your consent as per Art. 6 Section 1 a) GDPR.
f) Purchase processing
We process your order data to fulfil the purchase agreement. The data is processed accordingly based on Art. 6 Section 1 b) GDPR. We pass on your address details to the delivery company. If it is necessary for fulfilling the agreement, we also pass on your email address or phone number to the delivery company for arranging a delivery date (notification). We pass on your transaction data (name, date of order, payment type, shipping date and/or date received, amount and payee, if applicable bank or credit card details) to the payment service provider tasked with handling the payment. If you choose to pay by credit card or Paypal we might disclose as well the following data with the payment service provider responsible for processing payment in order to ensure a strong customer authentification: IP-address, email address, telephone number, receipt date, delivery address details or content of your shopping cart. For further information on the process of authentification, please consult the policy of the respective service provider.
g) Website analysis and marketing
We use cookies to enable the use of certain functions. Cookies are small data packages that are stored on your device and exchanged with other providers. Some of the cookies we use are deleted as soon as you close your browser (session cookies). Others remain on your device, enabling us to recognise your browser the next time you visit (persistent cookies). You can delete all cookies stored on your device and configure commonly used browsers to prevent cookies from being stored. If you do this, you may have to repeat some settings every time you visit this website, and also accept that some functions may be impaired. We use cookies in connection with the following functionalities:
aa. Google Analytics
We use Google Analytics, a service of Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043 USA. In this service Google uses certain cookies. The information generated by the cookie about your use of this website (including your IP address) is transferred to a Google server in the USA and stored there. We use this information to analyse your use of the website in order to compile reports on the website activity for the website operators and to provide other services associated with use of the website. We process the data obtained in this way on the basis of our overriding interest in optimising the marketing of our online content as per Art. 6 Section 1 f) GDPR. Google will never link your IP address to other Google data. We would like to point out that this website uses Google Analytics with the “anonymizeIp()” extension. This ensures that IP addresses are shortened before they are transferred to the server in the USA, which normally makes it impossible to directly identify individuals in connection with the stored data. Only in exceptional cases will the complete IP address be transferred to the server in the USA and shortened there. You can opt out of our data collection at any time with future effect by using the browser add-on for deactivating Google Analytics at http://tools.google.com/dlpage/gaoptout?hl=de. Please also read the notes on how Google uses data in its partner network at: http://www.google.com/intl/de/policies/privacy/partners/ www.google.de/privacy_ads.html Google is certified at: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active For more on data privacy, visit: https://policies.google.com/privacy?hl=de&gl=de
bb. Google remarketing/retargeting
We use so-called tracking cookies on our website. When you visit our website, information about which of our products you looked at and which adverts and third-party websites took you directly to our website is stored in permanent cookies. If you then visit one of our partner websites, we can have personalised advertising displayed for you based on which of our items you viewed. We process the data obtained in this way on the basis of our overriding interest in optimising the marketing of our online content as per Art. 6 Section 1 f) GDPR. The information generated by the cookie about your use of this website (including your IP address) is transferred to a Google server in the USA and stored there. Google is certified at: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active For more on data privacy, visit: https://policies.google.com/privacy?hl=de&gl=de
h) Integration of external content
We use external dynamic content to optimise the appearance and content of our website. When you visit our website, a request is automatically sent to the server of the relevant content provider via API, transferring certain log data (e.g. your IP address). The dynamic content is then transferred to our website and displayed there. We use external content in connection with the following functionalities:
aa) Integration of YouTube videos
We have integrated videos from the YouTube portal operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA (“YouTube”) into our website. When you play back these videos, log data is transferred to YouTube’s servers in the USA. This data is processed on the basis of our overriding legitimate interest in optimising the marketing of our content as per Art. 6 Section 1 f) GDPR. YouTube is certified at: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active For more information, visit: https://policies.google.com/privacy?hl=de&gl=de
bb) Integration of Vimeo videos
We have integrated videos from the Vimeo portal operated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA into our website. When you play back these videos, log data is transferred to Vimeo’s servers in the USA. This data is processed on the basis of our overriding legitimate interest in optimising the marketing of our content as per Art. 6 Section 1 f) GDPR. For more information, visit: https://vimeo.com/privacy
cc) Google Maps
We use Google’s “Google Maps” on our website to provide you with an interactive map. When the map is displayed, data including your IP address and location is transferred to Google’s servers in the USA and stored there. This data is processed on the basis of our overriding legitimate interest in optimising the marketing of our content as per Art. 6 Section 1 f) GDPR. Google is certified at: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active For more on data privacy, visit: https://policies.google.com/privacy?hl=de&gl=de
C. Data storage duration
We store personal data only for as long as is necessary for the purposes for which it is being processed or until you withdraw your consent. Insofar as statutory retention requirements need to be complied with, the retention period for certain data can be up to 10 years, regardless of the purposes for which it is being processed.
D. Your rights as a data subject
a) Information/Access
You can request information free of charge at any time about all personal data we keep on you.
b) Rectification, erasure, restriction of processing (blocking), opting out
If you no longer agree to your personal data being stored or if your personal data is no longer correct, on receipt of a corresponding instruction from you, we will have your data erased or blocked or make the necessary corrections (insofar as this is possible under applicable law). The same applies if you wish us to restrict the processing of your data in future.
c) Data portability
On request we will provide your data to you in a commonly-used, structured and machine-readable format, so that you can transfer it to another controller if you wish.
d) Right of complaint
Users have the right to lodge a complaint with the responsible supervisory authority: (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).
e) Right to withdraw consent with future effect
You can withdraw your consent with effect for the future at any time. This will not affect the legality of the processing prior to your withdrawal.
f) Restrictions
The above rights do not apply to data where we are not able to identify the data subject, for example if the data has been anonymised for analysis purposes. It may be possible for you to exercise your rights to information/access, erasure, blocking, rectification, or transfer to another organisation in relation to this data, if you provide us with additional information that enables us to identify you.
g) Exercising your rights as a data subject
If you have any questions about the processing of your personal data, or if you wish to exercise your rights to access/information, rectification, blocking, opt-out or erasure of data, or if you wish your data to be transferred to another organisation, please contact info@schoenbuch.com.
E. Data security
To guarantee the security of the data transmitted to us, we use SSL encryption via port 587. You can recognise links encrypted in this way by the prefix “https://” of the page link in your browser’s address line. Unencrypted pages are indicated by “http://”. Thanks to the SSL encryption, none of the data you transmit to our website – e.g. in inquiries or logins – can be read by third parties.
F. Borlabs Cookie
This website uses a Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie preferences. Borlabs Cookie does not collect any personal data. The borlabs-cookie cookie stores the consent you have given when you entered the website. If you wish to revoke these consents, simply delete the cookie from your browser. If you re-enter/reload the website, you will be asked again for your cookie consent. The cookie preferences can be viewed and changed here: