Privacy Policy

This privacy statement relates to the processing of personal data in connection with this website, including the services offered there.

For more detail about how we process your personal data, you can get in touch using the contact information provided.

Content overview:
1.General information
2.Purpose and legal basis for processing personal data
3.Duration for which personal data are stored
4.Rights of the data subject
5.Special information on the website
5.1.External hosting
5.2.External digital marketing
5.3.Information logging
6.Cookies
6.1.Technically essential cookies
6.2.Cookies overview
7.Evaluating user behaviour (web tracking systems, measuring reach)
7.1.Use of Google Analytics and Google AdSense
7.2.Use of Facebook plugins
7.2.1.Like & share buttons
7.2.2.Facebook pixel
7.3.Bing Ads conversion tracking
7.4.Use of Usemax
8.Collecting other data
8.1.Contact form
8.2.Log-in/registration
8.3.Newsletter
8.4.Trusted Shops customer rating system
9.Online shop details
9.1.Payment methods
9.1.1.payolution
9.1.2.PayPal
9.1.3.Sofortüberweisung instant transfer
9.1.4.Credit card
9.2.Shopping basket
10.Competitions
11.Email

1.General information

PUBLISHER
Living Crafts GmbH
Schlesier Str. 11
95152 Selbitz

T +49 (0)9280 981080
F +49 (0)9280 9810830
@ info(at)livingcrafts.de

RESPONSIBLE FOR THE WEBSITE
FRANK SCHELL
@ webshop(at)livingcrafts.de

DATA PROTECTION OFFICER
KATHARINA WARDELMANN, LL.M.
dennree GmbH
Hofer Str. 11
95183 Töpen
T +49 (0)9295 189192
F +49 (0)9295 91419192
@ datenschutz(at)livingcrafts.de

AG Hof/Saale HRB 3724
represented by managing director: Mr Frank Schell

2.Purpose and legal basis for processing personal data
Unless specified otherwise, the legal basis for processing your data comes from Art. 6 para. 1(a) of the General Data Protection Regulation (GDPR). According to this, we are permitted to process the necessary data to fulfil a task we are required to perform.

3.Duration for which personal data are stored
Your data will only be stored for as long as necessary to perform the task, bearing in mind the statutory retention obligations.

4.Rights of the data subject
If we process your personal data, as the data subject, you have the following rights:
•If your personal data are being processed, you have the right to demand information regarding your stored data (Art. 15 GDPR).
•If incorrect personal data are being processed, you have the right to rectification (Art. 16 GDPR).
•If the statutory requirements are met, you can demand erasure or the restriction of processing (Art. 17, 18 GDPR).
•If you have consented to the processing or there is a contract covering data processing and the processing is being implemented using automated procedures, you may potentially have the right to data portability (Art. 20 GDPR).
•If you have consented to the processing and the processing relies on this consent, you can revoke the consent at any time with future effect. This does not affect the legality of any data processing based on the consent up until the time it was revoked. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data which is based on Art. 6 para. (f) GDPR (Art. 21 para. 1 (1) GDPR).

Right of appeal to the supervisory authority
Furthermore, you have the right to appeal to the Bavarian State Office for Data Protection Supervision. You can contact them using the following details:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
www.lda.bayern.de
T +49 (0)981 180093-0
F +49 (0)981 180093-800
@ poststelle(at)lda.bayern.de

Further information
For more detail on how we process your data, and on your rights, you can get in touch using the contact information provided above (at the start).

SSL and TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries, this website uses SSL or TLS encryption.
You can tell there is an encrypted connection by the fact that the address line in the browser switches from
"http://" to "https://" and by the appearance of the padlock symbol in the address bar.
When SSL or TLS encryption is enabled, any data you send to us cannot be read by third parties.

5.Special information on the website

5.1.External hosting
Our web server is operated by the company Hetzner Online GmbH. So, the personal data you transmit while visiting our website are processed on our behalf by Hetzner Online GmbH.

Contact details:
Processor name: Hetzner Online GmbH
Postal address: Industriestr. 25, 91710 Gunzenhausen
@ info(at)procomp.de

The personal data captured on this website are stored on the hosting service provider's servers. This can involve, amongst other things, IP addresses, contact requests, metadata, communication data, contract data, contact details, names, page views and other data that are generated via a website.

This hosting service provider is used for the purpose of performing a contract for potential and existing customers (Art. 6 para. 1(b) GDPR) and in the interest of providing a secure, fast and efficient online offering via a professional provider (Art. 6 para. 1(f) GDPR).

Our hosting service provider will only process your data to the extent necessary to fulfil its service obligations and will comply with our instructions regarding these data.

To ensure processing complies with data protection regulations, we have agreed a processing contract with our hosting service provider.

5.2.Information logging
When you request this web page or another web page, you transmit data to the web server via your web browser. During an active connection, the following data are logged to support communication between your browser and our web server:
-information about the browser type and version being used
-the user's operating system
-the user's internet service provider
-the user's IP address
-date and time of access
-website from which the user's system was directed to our web page
-websites that have been requested by the user's system via our website
-volume of data transmitted

It is necessary for the system to temporarily store the IP address in order to supply web pages to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

Information is saved in log files to ensure the website's functionality. In addition, the data are used to optimise the website and to guarantee the security of our information technology systems. No data are evaluated for marketing purposes in this context

The legal basis for temporary storage of the data is Art. 6 para. 1 (f) GDPR. The legitimate interest in data processing according to Art. 6 para. 1 (f) GDPR arises from the need to maintain the functionality of the website.

After the connection is terminated, these data are deleted.

6.Cookies

6.1.Technically essential cookies
The purpose of using technically essential cookies is to simplify use of the website for the users. Some of the functionality on our website cannot be provided without the use of cookies. It is necessary for the browser to be recognised even after changing to a different web page. We need cookies for the following applications:
-Shopping basket
-User account login
The user data collected from technically essential cookies are not used to create user profiles.
In both the above cases (using the shopping basket and user account login), the legal basis for processing personal data by using cookies is Art. 6 para. 1 (a) GDPR. The designated purpose also covers our legitimate interest in processing personal data in accordance with Art. 6 para. 1 (f) GDPR, because the functionality of the web shop must be ensured.

6.2.Cookies overview
Cookie nameOriginDescriptionValidity after latest interactionMUIDbing.comStatistical purposes for buy/click analysis365 daysSRCHDbing.comStatistical purposes for buy/click analysis229 daysSRCHUIDbing.comStatistical purposes for buy/click analysis230 daysSRCHUSRbing.comStatistical purposes for buy/click analysis231 days_SSbing.comStatistical purposes for buy/click analysisOnly valid during the session_EDGE_Sbing.comStatistical purposes for buy/click analysisOnly valid during the sessionMUIDBbat.bing.comStatistical purposes for buy/click analysis229 days_uetsidlivingcrafts.deThis cookie is used by Bing to determine which ads to place that could be relevant for the end user browsing the website.1 day_fbplivingcrafts.deUsed by Facebook to display a series of promotional products,90 daysAcceptCookieslivingcrafts.deOpt-in cookie for Google Analytics365 daysLCShoplivingcrafts.deASP.NET session cookie _galivingcrafts.deGoogle Analytics -> Only if AcceptCookies exists, otherwise Google Analytics is not enabled730 days_gatlivingcrafts.deGoogle Analytics -> Only if AcceptCookies exists, otherwise Google Analytics is not enabledOnly while the session is running_gidlivingcrafts.deGoogle Analytics -> Only if AcceptCookies exists, otherwise Google Analytics is not enabled2 daysusm_um_rtlivingcrafts.deGoogle Analytics -> Only if AcceptCookies exists, otherwise Google Analytics is not enabled365 daysident_v.usemax.deCollects data about user behaviour and interactions – this is used to optimise the website and to make advertising on the website more relevant.365 daysum_rt.usemax.deCollects data about user behaviour and interactions – this is used to optimise the website and to make advertising on the website more relevant.365 daysident_vusemaxserver.deTo analyse and classify your website visitors365 daysum_rtusemaxserver.deTo analyse and classify your website visitors365 daysexint_uu_7699www.usemaxserver.deTo analyse and classify your website visitorsSessionexint[35176]www.usemaxserver.deTo analyse and classify your website visitorsSessionPHPSESSIDwww.usemax.deStores user data across multiple page requestsSessionfrfacebook.comFor marketing purposes90 days

7.Evaluating user behaviour (web tracking systems, measuring reach)

7.1.Use of Google Tag Manager
For transparency reasons, it should be noted that we use Google Tag Manager. Google Tag Manager does not capture any personal data itself. The tag manager makes the task of integrating and managing our tags easier. Tags are little code elements which have various functions, including measuring traffic and visitor behaviour, recording the impact of online advertising and social channels, setting up remarketing and the focus on target groups, as well as testing and optimising websites. You can find more information on Google Tag Manager at: https://www.google.com/intl/de/tagmanager/use-policy.html.

This website uses Google Analytics and Google AdSense, a web analysis service provided by Google Inc. ("Google"). These services use so-called "cookies", text files that are stored on your computer to enable analysis of your use of the website.
The information about your use of this website obtained via the cookie is generally transmitted to a Google server in the USA, where it is stored. However, if IP anonymisation is enabled on this website, Google will first truncate your IP address within a European Union member state or in a country covered by the Agreement on the European Economic Area.

Google Marketing services enable us to display more targeted advertisements for and on our website, to show users exclusively adverts that could potentially correspond to their interests. For example, if a user is displayed adverts for a product s/he has already shown an interest in on other websites, this is referred to as "remarketing". For this purpose, when visiting our website or other websites where Google Marketing services are enabled, some Google code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated in the website. These enable an individual cookie (i.e. a small file) to be stored on the user's device (other comparable technologies may also be used instead of cookies). These cookies may be placed by various domains, including by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file includes details of which websites the user has browsed, what content s/he has shown an interest in, and which offers s/he has clicked on. Also included are technical information about the browser and operating system, referring websites, visit time and other details about the use of the online offering. The user's IP address is also recorded, whereby we can report that as part of Google services, the IP address will be truncated within a European Union member state or in a country covered by the Agreement on the European Economic Area, and only in exceptional cases will the whole IP address be transmitted to Google servers in the USA for truncation there. The IP address is not combined with the user's data within other Google offerings. Google can connect the aforementioned information with this kind of information from other sources. If the user subsequently visits other websites, s/he may be shown adverts that have been individually personalised depending on his/her interests.

You can prevent cookies from being stored via the relevant setting in your browser software. However, it should be noted that this may result in you being unable to use the full functionality on this website. You can also prevent Google from collecting and processing the data captured by the cookie relating to your use of the website (incl. your IP address) by downloading and installing the browser plugin available from the following link (https://tools.google.com/dlpage/gaoptout?hl=de). In light of the discussion about the use of analytical tools with complete IP addresses, we would like to point out that this website uses Google Analytics with the "_anonymizeIp()" extension, and thus IP addresses will only ever be processed in truncated form to rule out any direct link to a particular individual. Specifically for browsers on mobile devices, please click this link to prevent anonymised detection for your browser in future on this website by using a so-called "opt-out" cookie.

We can incorporate advertisements from third parties based on the Google Marketing service "AdSense". AdSense uses cookies that allow Google and its partner websites to place adverts based on users' visits to this website and other websites.

The storage period is 14 months – this reflects the shortest possible storage setting for Google services.

7.2.Use of Facebook plugins
Plugins from the Facebook social network are included on our site: provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA.

7.2.1.Like & share buttons
The Facebook plugins can be detected by the Facebook logo or the like button on our site. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.
When you visit our website, a direct link is created via the plugin between your browser and the Facebook server. This allows Facebook to receive information that you have visited our site with your IP address. If you click the Facebook like button while you are logged in to your Facebook account, you can link content on our site to your Facebook profile.

7.2.2.Facebook pixel
We use Facebook's "Custom Audience" remarketing function, the so-called Facebook pixel on the Facebook social network.

This allows us to address visitors to our website with targeted advertising if they visit the Facebook social network. For this purpose, we have incorporated Facebook's remarketing tag (Facebook pixel) in our website. Via Facebook pixel, a link to the Facebook servers is established when visiting this website. Facebook thus receives information about which of our web pages you have visited. Facebook associates this information with your Facebook user account.

Legal basis
The legal basis for the data processing described in relation to the use of Facebook plugins is Art. 6 para. 1 (a) GDPR. Consent is obtained via the relevant cookie banner.

Recipient of the data and storage period
Facebook is able to link your visit to our website with your user account. It should be noted that, as the website provider, we receive no information about the content of the data transmitted or its use by Facebook. You can find more information on this in Facebook's privacy statement at: https://de-de.facebook.com/policy.php.
If you do not want Facebook to link your visit to our website with your Facebook user account, please log out of your Facebook user account.

According to Facebook's data protection policy (Facebook Ireland Ltd., 4 Grand Canal Square
Grand Canal Harbour, Dublin 2 Ireland), the information is shared internally within the corporate group or with third parties. Information collected within the European Economic Area (EEA) can be transmitted to countries outside the EEA for the purposes described in this policy. Facebook states that the standard contractual clauses approved by the European Commission will be used, other measures pursuant to EU law will be adopted, and your consent will be sought to legitimise data transmissions from the EEA to the USA and other countries.
Facebook indicates it will store the data for as long as required to provide products and services to users and others. Facebook will retain the information linked with the user account until the account is deleted unless Facebook no longer needs the data to provide products and services.

Right to object and to removal
Details on how you can manage your content and information at Facebook can be found at https://www.facebook.com/about/privacy. If you do not want Facebook to associate the information collected directly with your Facebook user account, you can disable the "Custom Audience" remarketing function at https://www.facebook.com/ads/website_custom_audiences/. To do this, you will need to be logged in to Facebook.

7.3.Bing Ads conversion tracking
This website also uses conversion tracking provided by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA).
If consent has been given, this involves Microsoft Bing Ads placing a cookie on your computer if a user was directed to our website via a Microsoft Bing ad. This enables Microsoft Bing and us to detect that someone has clicked on an ad, was transferred to our website, and reached a predefined landing page (conversion page). We are only told the total number of users who clicked on a Bing ad and were then transferred to a conversion page. No personal information about the identity of the user is disclosed.

Bing Ads Universal Event Tracking uses cookies (e.g. cookie name: MUID from the domain .bing.com and cookie name: MUIDB from the domain bat.bing.com). The external marketing service provider specified above is responsible for the data collection to deliver AdWords advertising.
The legal basis for the associated data processing is Art. 6 para. 1(a) GDPR in conjunction with your consent.

More information about the usage guidelines and privacy policy for this product can be found here: https://privacy.microsoft.com/de-DE/privacystatement/

The processed data linked with cookies will be deleted automatically after 365 days for the MUID cookie, and after 229 days for the MUIDB cookie.

Opt-out: if you want to permanently opt out of this user-based advertising, you can place an appropriate opt-out cookie on your computer via the following link: http://choice.microsoft.com/de-de/opt-out

7.4.Use of Usemax
Our website incorporates tools from Usemax, which collect anonymised information about website visitors' online surfing behaviour for marketing purposes. The data collected are not used to identify you in person as a visitor to our website. Usemax specialises in creating and delivering personalised advertising in the form of display ads, onsite optimisation and email retargeting. The aim is to show you advertisements and products that are as relevant as possible for you – based on your current surfing and search behaviour.
usemax advertisement is a service from Emego GmbH, Werdener Str. 36, 46047 Oberhausen, Germany.
It is possible to opt out of the data processing at any time via the following link:
http://www.usemax.de/index.php?l=rm&kunde=&id=1

Further information is available at:
https://www.usemax.de/?l=privacy

8.Collecting other data

8.1.Contact form
If you submit personal or commercial data (email addresses, names, postal addresses etc.) on our website, these will be used exclusively to send the desired information or for the purpose specified on the contact form. When being transported to the mail server, your data will be encrypted using software (SSL) and are protected against access by third parties. The subsequent transmission by email will then be unencrypted. The data will not be passed on to third parties. The use of the services and features offered there is on a voluntary basis.

Data category:
- first name
- surname
- email address
- town/city
- message text

8.2.Log-in/registration:
In order to use the website, it is necessary for each user to go through a registration process so they can subsequently log in to get access to their shopping basket, to update their user details, payment settings etc., and to submit and view orders.

Data category:
-title
-name
-street and house number
-postcode
-town/city
-country
-email address
-optional information: date of birth
-optional information: telephone
-optional information: fax
-optional information: how you heard about Living Crafts

Password allocation on registration:
It is mandatory to adhere to the password rules: 1 lower case letter, 1 upper case letter, 1 number, 1 special character [#$^+=!*()@%&-.], and a total length of at least 8 characters

The legality of the processing is justified by Article 6 (1)(a).
The data will only be stored until the user contacts us to request deletion of his/her account.
Contact information can be found in the legal notice.

All the details captured during the registration process are stored in the user's personal account and can be updated at any time.

Your data will be passed on to dennree GmbH. dennree GmbH is responsible for storing customer accounts and monitoring payments. For this purpose, dennree GmbH will be sent the aforementioned data and the payment terms for an order.

To ensure processing complies with data protection regulations, we have agreed a processing contract with our service provider.

8.3.Newsletter
If you want to receive the newsletter offered on the website, we will need an email address from you plus information that allows us to verify that you are the owner of the specified email address, and that you have consented to receive the newsletter.
No other data are collected, except on a voluntary basis. These data will be used exclusively to send out the requested information and will not be passed on to third parties. The data submitted in the newsletter subscription form are processed exclusively based on your consent (Art. 6 para. 1 (a) GDPR). The consent you issued to store the data, and for the email and its use for sending the newsletter, can be revoked at any time, for example by using the "unsubscribe" link in the newsletter. The legality of any data processing activities already implemented remains unaffected by such a cancellation. Any of your data that we hold for the purpose of obtaining the newsletter will be stored, either by us or by the newsletter service provider, until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after the newsletter has been cancelled. The newsletter service provider is the web hosting service.

Data which we store for other purposes remain unaffected. After you have unsubscribed from the newsletter distribution list, your email address will be removed by us and/or by the newsletter service provider.

8.4.Trusted Shops customer rating system
The Trusted Shops Trustbadge is incorporated on this website so we can display our Trusted Shops trustmark and any ratings we have been given, and to offer Trusted Shops products for shoppers after ordering. In the context of balancing interests, this serves to protect our legitimate interest in ensuring optimal marketing by enabling secure shopping pursuant to Art. 6 para. 1(1) (f) GDPR. The Trustbadge and associated services are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided as part of order processing via a CDN (content delivery network) provider. Trusted Shops GmbH also uses service providers from the USA. A reasonable level of data protection is ensured. More information about privacy at Trusted Shops GmbH can be found here: https://www.trustedshops.de/impressum/#datenschutz

When the Trustbadge is retrieved, the web server automatically stores a so-called server logfile, which also contains your IP address, the date and time of the retrieval, the volume of data transferred and the requesting provider (access data). It also documents the request. Individual access data are stored in a security database for analysing security anomalies. The logfiles will be deleted automatically no later than 90 days after they were created.

Other personal data will be transmitted to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or if you are already registered for their use. The contractual agreement established between you and Trusted Shops will apply. Personal data will be collected automatically from the order data for this purpose. A neutral parameter, the email address hashed using a cryptographic one-way function, will be used to automatically check whether you as a buyer are already registered for using a product. Before being transmitted, the email address will be converted into a hash value that cannot be unencrypted by Trusted Shops. After being checked to see if there is a match, the parameter will be deleted automatically.

This is necessary to fulfil the legitimate interest that we and Trusted Shops have in providing the buyer protection linked to the specific order and implementing the transactional valuation services pursuant to Art. 6 para. 1(1) (f) GDPR. Additional details, including on opting out, can be found in the privacy statement above and in the Trusted Shop privacy statement linked in the Trustbadge.
 
9.Online shop details

9.1.Payment methods
During payment in our online shop, we collect certain personal data from you in order to handle the payment process. This includes the following services:

9.1.1.payolution
For the payment methods payment on invoice, payment by instalments and SEPA direct debit mandate, LIVING CRAFTS works in collaboration with payolution GmbH, Am Euro Platz 2, 1120 Vienna, Austria and net-m Privatbank 1891 AG, Odeonsplatz 18, 80539 Munich, Germany.
If you decide to pay on invoice, by monthly invoice, by instalments or by SEPA direct debit mandate, the personal information necessary to process this payment (first name, surname, address, email address, telephone number, date of birth, IP address) and the data required to execute the transaction (product, invoice amount, interest, instalments, due date, total sum, invoice number, tax amount, currency, order date and time) will be passed on to payolution GmbH for the purposes of a risk assessment under their regulatory obligations.

For identity verification and to run solvency checks on the customer, queries and information requests will be passed on to publicly accessible databases and credit agencies. Information and, if necessary, credit reports based on statistical methods may be requested from the following providers:
CRIF GmbH, Diefenbachgasse 35, 1150 Vienna, Austria
CRIF AG, Hagenholzstraße 81, 8050 Zürich, Switzerland
CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Germany
SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
KSV1870 Information GmbH, Wagenseilgasse 7, 1120 Vienna, Austria
Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, Germany
infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany
Profile Address Direktmarketing GmbH, Altmannsdorfer Straße 311, 1230 Vienna, Austria
Emailage LTD, 1 Fore Street Ave, London, EC2Y 5EJ, United Kingdom
ThreatMetrix Inc., 160 W Santa Clara St., Suite 1400 San Jose, CA 95113, USA
payolution GmbH, Am Euro Platz 2, 1120 Vienna, Germany

payolution GmbH will transmit your bank account details (particularly the sort code and account number) to SCHUFA Holding AG for the purposes of account number checking. Based on this data, SCHUFA will firstly check whether the bank account details you provided are plausible. SCHUFA will verify whether the data used for checking are stored in their database and will report the relevant result back to payolution. There will be no further exchange of data during account number checking, such as disclosing creditworthiness information or transmitting alternative bank account details, nor will your data be stored in the SCHUFA database. For record-keeping purposes, the only information saved by SCHUFA is the fact that your bank account details have been checked. In the event of a breach of contract (e.g. the existence of uncontested claims), payolution GmbH is also entitled to store, process and use data, and to transmit this data to the aforementioned credit agencies

In accordance with the provisions in the German Civil Code [Bürgerliches Gesetzbuch] regarding financing assistance between retailers and consumers, we are legally required to check your credit rating.

For payment on invoice, by instalments or by direct debit, we will provide payolution GmbH with data relating to the details of the relevant payment process (your personal details, purchase price, conditions of the payment process, start of payment) and the contractual terms (e.g. early payment, extension to the contract period, payments made). On receiving the purchase price payment, the banking institution that was assigned the claim will carry out the specified data transfer. As a function of receiving the purchase price payment, we and/or the banking institution are also instructed to notify payolution GmbH of any contractual irregularity (e.g. termination of the payment agreement, enforcement measures). In accordance with the data protection regulations, this kind of notification will only be issued if it is necessary to ensure the legitimate interest of payolution GmbH's contractual partners or the general public, and if your legitimate interest is not prejudiced by doing so. payolution GmbH will store the data in order to provide its contractual partners with information to evaluate customer creditworthiness, where these partners allow consumers to pay by instalments or via another credit agreement in a commercial context. Commercial debt collection agencies that have a contractual relationship with payolution GmbH can be provided with address information in order to trace debtors. payolution GmbH must only pass on data to its contractual partners if there is a credible and legitimate interest in the data transmission. payolution GmbH must only provide the relevant banking institution with objective data with no specifications. Information about subjective valuations and personal income are not included in the information provided by payolution GmbH.

More information about privacy at payolution GmbH can be found at:
https://www.paysafe.com/legal-and-compliance/privacy-policy/

9.1.2.PayPal
For payments via the service provider PayPal, you will be transferred automatically to the PayPal homepage when you select this payment method. This involves the automatic transmission of your data (first name, surname, street, building number, postcode, town/city, date of birth, telephone number) and the data associated with your order to PayPal.
The European operating company for PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg City, Luxembourg.
More information on privacy can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

9.1.3.Sofortüberweisung instant transfer
If you select payment via Sofortüberweisung (real-time bank transfer) you will be transferred automatically to the Sofort GmbH homepage for payment purposes. This involves the automatic transmission of your data (first name, surname, street, building number, postcode, town/city, date of birth, telephone number) and the data associated with your order to Sofort GmbH. Sofort GmbH is based at Theresienhöhe 12, 80339 Munich.
More information on privacy can be found at https://www.sofort.de/datenschutz.html

9.1.4.Credit card
If payment by credit card is selected, we will transmit your data to Computop GmbH, Schwarzenbergstraße 4, 96050 Bamberg, who will carry out payment reconciliation with the relevant credit institutions. For credit card payments, the following data are processed:
-type of card (American Express, Mastercard or Visa)
-card holder's name
-card number
-check digit
-expiry date
More information on privacy can be found at https://www.computop.com/de/datenschutz/

9.2.Shopping basket
The data you provide in the shopping basket is exclusively processed to implement or handle the contractual relationship unless you have consented to some further use.

The principles of data minimisation and data avoidance are observed, so in terms of the data you provide in your personal account we only use what is essential to implement the order or to fulfil our contractual obligations (i.e. your name, title, address, email address and the payment data required for the relevant payment method chosen) or that we are legally obliged to collect.

In addition, for technical reasons and for legal protection, your IP address is processed. Without these data, we will unfortunately have to reject the order process as we cannot implement it in this scenario. Of course, you can also voluntarily provide us with more data if desired.

The legality of the processing is justified by Article 6(1)(a) GDPR.

10.Competitions
Description and scope of data processing
From time to time, we offer you the chance to participate in competitions. The personal details you provide to us within the scope of this kind of activity will only be used to handle the relevant activity (in the case of a competition, for example, to identify and notify prize winners and to send out any prizes). On Facebook, we inform our customers via a Facebook post. All users can then state why they would like to win the prize, without the specific answer having an impact on the prize draw. Once the draw has taken place, we notify the winners under the relevant post with a request to contact us via private messaging.

Purpose of the processing and legal basis
If you participate in one of our competitions, we process your data insofar as this is necessary to carry out the competition. If appropriate, we may obtain separate consent from you as part of the competition for further processing of your data. To take part, you must be at least sixteen years old. The legal basis for this processing is Art. 6 para. 1 (a) (separate consent) or Art. 6 para. 1 (b) GDPR.

Recipient and duration of storage
The data collected for participation will be deleted once the competition has finished unless you have consented to processing that goes beyond this period. When using competitions hosted via Facebook, please refer to the details in this privacy statement under B. 3.

Right to object and to removal
As a participant, you can revoke your consent to the processing of your personal data. You can object to your personal data being stored at any time. This objection should be sent to service@livingcrafts.de. Any personal data stored while making contact will be deleted in this case.

11.Email
Information that you send to us in unencrypted form via email may be read by third parties during transmission. It is also generally not possible for us to verify your identity and we do not know who is behind an email address. Consequently, legally secure communication via simple email cannot be guaranteed. We use filters to prevent unsolicited advertising (SPAM filters), which in rare instances may incorrectly classify and delete normal emails as unwanted SPAM. Emails containing harmful programs ("viruses") will be automatically deleted by us in any case.
If you want to send us a message that requires protection, we recommend encrypting and signing it to prevent unauthorised access or falsification during transmission, alternatively you can send the message to us using the standard postal system.
Please also let us know whether you want a reply and describe how we can send our response to your encrypted emails. If you are not able to receive encrypted emails, please let us know how you want us to get in touch to respond to your protected message.

Status: 16/10/2020