design, aesthetics and some magic.
Below, I will inform you about the processing of your personal data in the context of using my online services.
Person responsible within the meaning of Art. 4 No. 7 GDPR
Sabrina Witteck
Asbachtal 58
45257 Essen
Email: info@brinabellina.de
Contact person for data protection
If you have any questions about the processing of your personal data or your rights and claims relating to data protection, please use the contact information provided above.
Storage period
I delete your personal data as soon as they are no longer necessary for the purposes for which they were collected or otherwise processed.
If I have requested your consent and you have provided it, I will delete your personal data if you withdraw your consent and there is no other legal basis for processing.
I will delete your personal data if you object to the processing and there are no overriding legitimate grounds for the processing, or if you object to the processing for direct marketing purposes or related profiling.
If deletion is not possible because processing is still necessary to fulfill a legal obligation (statutory retention periods, etc.), to assert, exercise, or defend legal claims, I will restrict the processing of your personal data.
You can also find further information on the storage period in the following sections.
Your rights
You have the following rights regarding your personal data:
– The right to be informed
– The right to rectification
– The right to be forgotten
– The right of restriction
– The right to object
– The right to data portability
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e GDPR, including profiling based on those provisions. I will no longer process your personal data unless I can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
If I process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing. I will then no longer process your personal data for these purposes.
You have the right to withdraw your consent to the processing of your personal data at any time, if you have provided me with such consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data by me.
Providing your personal data
The provision of your personal data is generally neither legally nor contractually required and is not necessary for entering into a contract. You are generally not obliged to provide your personal data. Should this nevertheless be the case, I will inform you separately when collecting your personal data (for example, by marking mandatory fields in input forms).
The failure to provide your personal data typically results in me not processing your personal data for one of the purposes described below, and you may not be able to take advantage of an offer related to the respective processing (Example: Without providing your email address, you will not receive my newsletter).
Web hosting
For web hosting, I use external services. These services may have access to personal data processed as part of the use of my online offering.
Web server log files
I process your personal data to display my online offering to you and to ensure the stability and security of my online offering. In doing so, information (such as requested element, accessed URL, operating system, date and time of request, browser type and version, IP address, protocol used, amount of data transmitted, user agent, referrer URL, time zone difference from Greenwich Mean Time (GMT), and/or HTTP status code) is stored in so-called log files (access log, error log, etc.).
If I have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If I have not requested your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. 1 lit. f GDPR. My legitimate interest is to ensure the proper display of my online offering and to guarantee the stability and security of my online platform.
Security
For security reasons and to protect the transmission of your personal data and other confidential content, I use encryption on my domain. You can recognize this by the string “https://” and the padlock symbol in the browser bar.
Contacting
If you contact me, I process your personal data to handle your inquiry.
If I have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If I have not requested your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. 1 lit. f GDPR. My legitimate interest in this case is processing your contact request. If the processing is necessary for the performance of a contract with you or for the implementation of pre-contractual measures based on your request, the legal basis for the processing is also Art. 6 para. 1 lit. b GDPR.
I use external services for the provision and maintenance of my email inboxes. These services may have access to personal data processed as part of contacting me.
Cookies & Similar Technologies
Cookies are used. These are text information stored on your device. A distinction is made between session cookies, which are deleted immediately after closing your browser, and persistent cookies, which are deleted after a certain period of time.
In addition to cookies, similar technologies may also be used (tracking pixels, web beacons, etc.). The following information about cookies also applies to similar technologies. These explanations also apply to other processing associated with cookies and similar technologies (analysis & marketing, etc.). This also applies specifically to any consent you may have provided for the use of cookies. This consent extends to other technologies and to further processing associated with cookies and similar technologies.
Cookies may be used to enable certain functions. They may also be used to measure the reach of my online offering, tailor it to needs and interests, and optimize my online offering and marketing. Cookies may be used by me and by external services.
I use a consent tool to manage the cookies used and related consents. Details about the cookies used (purpose, storage duration, if applicable external service, etc.) and the consent tool can be found in the following passages and the consent tool I use.
If I have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If I have not requested your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. 1 lit. f GDPR. My legitimate interest is the management of the cookies used and the related consents. Depending on the purpose of the processing, my legitimate interests can be found in the following sections.
You can prevent the storage of cookies by adjusting your browser settings accordingly. Below, I provide links for typical browsers where you can find further information on managing cookie settings:
– Firefox: https://support.mozilla.org/en-US/kb/third-party-cookies-firefox-tracking-protection
– Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en&sjid=11356475481347416578-EU
– Internet Explorer / Edge: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
– Safari: https://support.apple.com/en-mn/guide/safari/sfri11471/16.0/mac
– Opera: https://help.opera.com/en/latest/web-preferences/#cookies
– Yandex: https://browser.yandex.com/help/personal-data-protection/cookies.html
Additional options for opting out can be found at the following links: https://www.youronlinechoices.eu/, https://youradchoices.ca/en/tools, https://optout.aboutads.info/?c=2&lang=EN, and https://optout.networkadvertising.org/?c=1.
Please note that if you choose to prevent the storage of cookies, you may not be able to use the full functionality of my website. If you delete all cookies, the settings described above will also be lost and must be made again.
Furthermore, you can activate the “Do-Not-Track” feature of your browser to indicate that you do not want to be tracked. Below, I provide links for common browsers where you can find further information on the “Do-Not-Track” setting:
– Firefox: https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature
– Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform
– Internet Explorer / Edge: https://support.microsoft.com/en-us/windows/use-do-not-track-in-internet-explorer-11-ad61fa73-d533-ce96-3f64-2aa3a332e792
– Opera: https://help.opera.com/en/latest/security-and-privacy/
– Safari no longer supports the “Do Not Track” feature since February 2019. Cross-site tracking prevention in Safari can be enabled using the following link: https://support.apple.com/de-de/guide/safari/sfri40732/12.0/mac
– Yandex: https://yandex.com/support/browser/personal-data-protection/ytp.html
You can also revoke or manage your consents regarding the cookies used in the consent tool provided by me.
Shop
If you place an order, I will process your personal data to fulfill and process your order and to comply with the associated rights and obligations.
If you create a customer account, I will process your personal data to provide the customer account and its associated functions (such as password recovery), enhance your shopping experience, and facilitate the ordering process for future orders.
If I have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If I have not requested your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. My legitimate interest in this regard is the processing and fulfillment of your order. If the processing is necessary for the performance of a contract with you or for the implementation of pre-contractual measures based on your request, the legal basis for the processing is also Art. 6 para. 1 lit. b GDPR.
Recipients of your personal data may include third parties (fulfillment service providers, IT service providers, shipping or transportation service providers, banks, tax advisors, lawyers, authorities, etc.), to the extent necessary for the processing and handling of your order and the associated rights and obligations.
I use external services for payment processing. I transmit your personal data to these services to the extent necessary for payment processing. Further information about the services used, the scope of data processing, and the technologies and procedures employed in the use of these services can be found in the additional information about the services I use at the end of this section and through the links provided therein.
Apple Pay
Provider: Depending on your home country, Apple services are provided by either Apple Distribution International Ltd., Ireland, or another company (accessible at https://www.apple.com/de/legal/internet-services/itunes/de/terms.html).
Website: https://www.apple.com/de/apple-pay/
Further information & Privacy Policy: https://www.apple.com/legal/privacy/
Guaranteed: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from me.
Giropay
Provider: paydirekt GmbH, Germany.
Website: https://www.giropay.de
Further information & Privacy Policy: https://www.giropay.de/rechtliches/datenschutzerklaerung
Google Pay
In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://pay.google.com/intl/en_en/about/
Further information & Privacy Policy: https://policies.google.com/?hl=en
The transfer of personal data to third countries is carried out depending on the specific Google service and subject to the various EU Standard Contractual Clauses, provided they are offered by Google. Further information on this and Google’s responsibility can be found at the following link: https://business.safety.google/gdpr/. You can view a copy of the EU Standard Contractual Clauses there. The provider has adhered to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision of the European Commission.
PayPal
Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.
Website: https://www.paypal.com/home
Further information and privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE”
Stripe
Provider: Stripe Payments Europe, Ltd., Ireland. Stripe Payments Europe, Ltd. is a subsidiary of Stripe, Inc., United States of America.
Website: https://stripe.com/
Further information and privacy policy: https://stripe.com/de/privacy
Guaranteed: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from me. The provider has adhered to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision of the European Commission.
Newsletter
If I have asked for your consent and and you have provided it, I will process your email address for the purpose of doing email marketing, and possibly other personal data to address you personally. the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. The contents of the email marketing will be specifically described when obtaining your consent. Furthermore, the email marketing contains information about me, my goods, and services.
I use the so-called double opt-in procedure to prevent potential abuse of your personal data. For this purpose, after collecting your email address, I will send you an email to the email address provided by you, in which I ask you to confirm that you actually wish to receive the email marketing. the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. My legitimate interest is in ensuring the lawful execution of email marketing activities.
I log the time of granting your consent and the time of your confirmation, as well as your IP address and the content of your consent statement, in order to be able to demonstrate the legally compliant obtaining of your consent. the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. My legitimate interest is in ensuring the lawful execution of email marketing activities.
I use external services for email marketing purposes. For further information about the services used, the scope of data processing, the technologies and procedures used in the deployment of each service, as well as whether profiling occurs in the use of such services, and if so, details about the logic involved, the extent, and the intended effects of such processing, you can refer to the additional information about the services I use at the end of this section and through the links provided therein.
You can withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, you can use the provided link in the emails or contact me using the contact information provided above.
If you have revoked your consent, I reserve the right to process your personal data in a so-called blacklist/blocklist to ensure that no further email marketing is conducted in connection with this personal data in the future. the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. My legitimate interest is in preventing unwanted email marketing.
I process your personal data as part of tracking or performance measurements to measure the reach of my email marketing, to tailor it to your needs and interests, and thus optimize my email marketing. This may also involve profiling (for advertising purposes, personalized information, etc.). Profiling may also occur across services and devices. If I have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If I have not requested your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. 1 lit. f GDPR. My legitimate interest is in optimizing my email marketing. A separate withdrawal of your consent or objection regarding tracking or performance measurements is unfortunately not possible. You must use the above options to withdraw your consent or object to the processing of your personal data for the purpose of email marketing as a whole.
Mailchimp
Provider: The Rocket Science Group, LLC, United States of America. The Rocket Science Group, LLC is a subsidiary of Intuit Inc., United States of America
Website: https://mailchimp.com/en/?currency=EUR
Further information & Privacy Policy: https://www.intuit.com/privacy/statement/
Guaranteed: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from me. The provider has adhered to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision of the European Commission.
Analysis & Marketing
I process your personal data to measure the reach of my online offerings, tailor them to your needs and interests, and optimize both my online offerings and marketing.
If I have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If I have not requested your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. 1 lit. f GDPR. My legitimate interest in this regard is the optimization of my online offering and marketing.
I use external services for analysis and marketing purposes. This may also involve profiling (for advertising purposes, personalized information, etc.). Profiling may also occur across services and devices. For further information about the services used, the scope of data processing, the technologies and procedures used in the deployment of each service, as well as whether profiling occurs in the use of such services, and if so, details about the logic involved, the extent, and the intended effects of such processing, you can refer to the additional information about the services I use at the end of this section and through the links provided therein.
You can find further information about cookies and similar technologies above.
Google Analytics
In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://marketingplatform.google.com/intl/en/about/analytics/
Further information and privacy policy: https://support.google.com/analytics/answer/6004245?hl=en and https://policies.google.com/?hl=en
The transfer of personal data to third countries is carried out depending on the specific Google service and subject to the various EU Standard Contractual Clauses, provided they are offered by Google. Further information on this and Google’s responsibility can be found at the following link: https://business.safety.google/gdpr/. You can view a copy of the EU Standard Contractual Clauses there. The provider has adhered to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision of the European Commission.
Google Analytics 4
In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://support.google.com/analytics/answer/10089681?hl=en
Further information and privacy policy: https://support.google.com/analytics/answer/6004245?hl=en and https://policies.google.com/?hl=en
The transfer of personal data to third countries is carried out depending on the specific Google service and subject to the various EU Standard Contractual Clauses, provided they are offered by Google. Further information on this and Google’s responsibility can be found at the following link: https://business.safety.google/gdpr/. You can view a copy of the EU Standard Contractual Clauses there. The provider has adhered to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision of the European Commission.
Mailchimp
Provider: The Rocket Science Group, LLC, United States of America. The Rocket Science Group, LLC is a subsidiary of Intuit Inc., United States of America
Website: https://mailchimp.com/en/?currency=EUR
Further information & Privacy Policy: https://www.intuit.com/privacy/statement/
Guaranteed: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from me. The provider has adhered to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision of the European Commission.
Pinterest Analytics
Provider: For users who are not residents of the United States of America, the service is provided by Pinterest Europe Ltd., Ireland. For users who are residents of the United States of America, the service is provided by Pinterest Inc., United States of America.
Website: https://analytics.pinterest.com/
Further information & Privacy Policy: https://policy.pinterest.com/de/
Guaranteed: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from me.
Social Media Presences
I maintain social media presences on external platforms to communicate with users and to optimize my online offering and marketing.
This privacy policy also applies to the following social media presences:
https://instagram.com/brinabellina
https://tiktok.com/@brinabellina
https://pinterest.com/brinabellina
If I have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If I have not requested your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. 1 lit. f GDPR. My legitimate interest in this regard is the optimization of my online offering and marketing.
While using external services, profiling (for advertising purposes, personalized information, etc.) may occur. Profiling may also occur across services and devices. For further information about the services used, the scope of data processing, the technologies and procedures used in the deployment of each service, as well as whether profiling occurs in the use of such services, and if so, details about the logic involved, the extent, and the intended effects of such processing, you can refer to the additional information about the services I use at the end of this section and through the links provided therein.
Instagram
Provider: Meta Platforms Ireland Limited, Ireland. Meta Platforms Ireland Limited is a subsidiary of Meta Platforms, Inc., United States of America.
Website: https://www.instagram.com
Further information & Privacy Policy: https://help.instagram.com/581066165581870 and https://help.instagram.com/519522125107875
Guaranteed: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from me. The provider has adhered to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision of the European Commission.
Pinterest
Provider: For users who are not residents of the United States of America, the service is provided by Pinterest Europe Ltd., Ireland. For users who are residents of the United States of America, the service is provided by Pinterest Inc., United States of America.
Website: https://www.pinterest.com
Further information & Privacy Policy: https://policy.pinterest.com/en
Guaranteed: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from me.
TikTok
Provider: If you reside in the European Economic Area, the United Kingdom, or Switzerland, TikTok Technology Limited, Ireland, and TikTok Information Technologies UK Limited, United Kingdom, are the joint controllers responsible for processing your data. If you reside in the United States of America, TikTok Inc., United States of America, is responsible for processing your data. In all other cases, TikTok Pte. Ltd., Singapore, is responsible for processing your data.
Website: https://www.tiktok.com
Further information & Privacy Policy: https://www.tiktok.com/legal/privacy-policy?lang=de
Guaranteed: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from me.
Social Media Content/Plugins
I use social media content/plugins from external services to display content and functions of the external services and to optimize my online offering and marketing.
If I have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If I have not requested your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. 1 lit. f GDPR. My legitimate interest in this regard is the optimization of my online offering and marketing.
While using external services, profiling (for advertising purposes, personalized information, etc.) may occur. Profiling may also occur across services and devices. For further information about the services used, the scope of data processing, the technologies and procedures used in the deployment of each service, as well as whether profiling occurs in the use of such services, and if so, details about the logic involved, the extent, and the intended effects of such processing, you can refer to the additional information about the services I use at the end of this section and through the links provided therein.
Pinterest
Provider: For users who are not residents of the United States of America, the service is provided by Pinterest Europe Ltd., Ireland. For users who are residents of the United States of America, the service is provided by Pinterest Inc., United States of America.
Website: https://www.pinterest.com
Further information & Privacy Policy: https://policy.pinterest.com/en
Guaranteed: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from me.
Captchas
I use CAPTCHAs to protect my online offering from abusive, automated, and/or machine-generated inputs (such as in forms) and to prevent potential abuse.
If I have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If I have not requested your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. My legitimate interest in this case is to protect my online offer and prevent abuse.
I use external services to provide captchas. This may also involve profiling. Profiling may also occur across services and devices. For further information about the services used, the scope of data processing, the technologies and procedures used in the deployment of each service, as well as whether profiling occurs in the use of such services, and if so, details about the logic involved, the extent, and the intended effects of such processing, you can refer to the additional information about the services I use at the end of this section and through the links provided therein.
Google reCAPTCHA
In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://www.google.com/recaptcha/
Further information & Privacy Policy: https://policies.google.com/?hl=en
The transfer of personal data to third countries is carried out depending on the specific Google service and subject to the various EU Standard Contractual Clauses, provided they are offered by Google. Further information on this and Google’s responsibility can be found at the following link: https://business.safety.google/gdpr/. You can view a copy of the EU Standard Contractual Clauses there. The provider has adhered to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision of the European Commission.
Comments
If you leave comments using the provided functions (on blog posts, products, etc.), I process your personal data to display your comments and to prevent potential misuse.
If I have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If I have not requested your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. 1 lit. f GDPR. My legitimate interest in this regard is the proper display of your comments and the prevention of misuse.
Let’s be friends! Become part of my community and receive a little friendship gift: 15% off your next purchase as well as a cute sticker set for your Instagram story are already waiting for you. ☻