Privacy and data protection
1) General
In principle, you can use our website without providing any personal information. As soon as you wish to conclude a purchase contract with us, the processing of personal data might become necessary.
All of your personal data, such as name, address, title, telephone number, e-mail address, bank details, credit card number) will be processed by us only in accordance with the provisions of German data protection law and the data protection law of the European Union (EU).The following points give you in addition to the recipients, legal basis, storage periods and processing purposes also information about your rights and the responsible for your data processing.
2) Cookies
In order to enable the smooth and functional operation of this website, so-called cookies are used. This functionality of our website is our legitimate interest and the cookies used serve only to fulfill this purpose. This use of cookies, which only relates to the functionality of the website, ensures your interest in data protection.
Cookies are small text files that are stored by your Internet browser on your terminal device for a certain period of time. Depending on the application, these cookies are stored temporarily or permanently, but you can delete them manually. Temporary cookies are technically indispensable to ensure the functionality of the website.
Example temporary cookie: Products which you have placed in your shopping cart.
Example persistent cookie: Recognition of the logged-in user without re-entering the password.
The legal basis for this processing is Art. 6 para.1 f) DSGVO.
Storage period:
The deletion of cookies is controlled by the Internet browser itself after the expiration of the validity.
In this context, temporary cookies are usually valid until the internet browser is closed. Permanently stored cookies have a varying validity from a few seconds to several years.
You have the right and the possibility to deactivate the storage of cookies at any time. You must make this setting independently in your Internet browser.
In this case, we point out that this will result in a functional restriction of our website.
3) Website links
Our data protection declaration only refers to our website. You must inform yourself independently about the data protection provisions of linked websites to which you may be forwarded by our website. In addition, we would like to inform you that although the links published on our website have been researched and compiled by us with the utmost care, we have no influence on their content. For incorrect, illegal, harmful or incomplete content, only the provider of the website referred to is liable.
4) Fulfillment of the purchase contract
You are not obliged to provide us with your personal data, which you give us during the ordering process, however, this is necessary for the conclusion of a purchase contract with us. Otherwise it is not possible for us to send you the ordered goods.
In addition, some payment methods require that you provide us with the necessary payment data, which we then pass on to a payment service provider commissioned by us. It can be concluded from this that the processing of your data entered in the ordering process serves the purpose of fulfilling the contract.
If, prior to the conclusion of a valid purchase contract, you send us an inquiry by e-mail, via a contact form or via other communication channels, we will process the data received in this way exclusively for the processing of pre-contractual measures.
The legal basis for this processing is Art. 6 para. 1 b) DSGVO.
In order to fulfill the contract, we may pass on your data to shipping service providers, hosting providers or payment service providers.
Storage period:
We retain the necessary personal data that we receive from you for the performance of the contract until the expiry of the statutory warranty and contractual guarantee periods(if any).
Processed data that we have received during pre-contractual measures will be deleted as soon as the request has been processed and it is evident that no sales contract has been concluded.
All required data according to commercial and tax law, we keep until the expiry of the legally determined periods, usually ten years (see §257 HGB, §147 AO).
5) Reviews
If you publish a review of a product, your data, such as your pseudonym/name, e-mail address or website, will only be processed for the purpose of publishing your review.
For reasons of transparency and opinion formation, we are legitimately interested in the public exchange of user opinions. We offer you the possibility to publish a rating via an anonymous pseudonym in order to preserve your personal interest in data protection.
The legal basis for this processing is Art. 6 para. 1 f) DSGVO.
Storage period:
No fixed storage period is provided for. You have the option to request the deletion of your rating at any time.
6) Newsletter
If you register for our newsletter, we will use your e-mail address for advertising purposes. In doing so, we will inform you about products from our range within the scope of the newsletter. For statistical purposes, we can create an evaluation of which links were clicked in the newsletter. However, we cannot recognize which specific person, which link, has clicked.
You can give your consent to the newsletter in the course of the ordering process. Of course, you can revoke this at any time, with effect for the future. For this purpose, please contact us via the e-mail address given in the imprint.
The legal basis for this processing is Art. 6 para. 1 a) DSGVO.
Storage period:
We store your email address, for the newsletter dispatch, only for the duration of the desired registration.
7) Registration
As a customer you have the possibility to register and create a user account. This serves to offer you a possibility to show your past orders in an overview and to simplify the ordering process of future orders by automatically filling in the delivery and billing address.
It is not necessary to create a user account to use the website. For registration, it is necessary for the user to provide an e-mail address. This is used to recover the password in case of loss. Further personal data is only collected if the user provides it voluntarily.
Registration is voluntary and can be revoked at any time. Furthermore, you can delete individual personal data, or your entire account, at any time and without giving any reason. By registering, you will be provided with extended functionalities.
The legal basis for the collection of personal data, is based on the legitimate interest of the responsible party according to Art. 6. para. 1 lit. f DSGVO, in order to be able to offer the given functionalities of the website at all. The collection of data by consent of the user when creating a user account takes place in accordance with the European data protection requirement under Art. 6 para. 1 lit. a DSGVO. In addition, there is the possibility to use the website without registration and without the aforementioned additional functionalities.
Storage period:
All data provided will remain stored after registration until the user deletes individual data or his complete account.
8) Right of objection
As soon as your personal data are processed on the basis of legitimate interests, pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing thereof, pursuant to Art. 21 DSGVO, insofar as you can provide reasons for this that arise from your particular situation.
The naming of reasons can be waived if your objection is directed against direct marketing. You are then not obliged to provide any particular information.
9) Use of the rating and verification seal provider Trustami
In order to provide you with a collection of ratings from various rating portals and social media platforms, we have integrated the Trustami trustmark on this website.
Optimal marketing of our products offered on this website is our legitimate interest and takes place in accordance with the legal basis of Art. 6 Abs. 1 S. 1 lit. f DSGVO.
The Trustami trustmark and the associated services are offered by Trustami GmbH, located at Friedrich-Wilhelm Straße 68 in 12103 Berlin.
When you access our website, the Trustami trustmark is automatically integrated. This involves access to the servers of Trustami GmbH. These servers automatically store access data in the form of a server log file, which contains the time, date, IP address and the requested provider. The stored data is not evaluated.
Storage period:
All access logs stored on the servers of Trustami GmbH are automatically deleted or overwritten seven days after the end of your visit to the site.
10) Data subject rights
As soon as personal data of yours is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights, vis-à-vis us:
(a) Right to rectification:
If the personal data we have collected concerning you is incomplete or inaccurate, you have the right to rectification.We must make the rectification without undue delay.
b) Right to information:
If you have asserted the right to rectification, restriction or erasure against us, we will comply with the obligation to notify the change to all recipients to whom we have disclosed the personal data in question. If this proves impossible or involves a disproportionate effort, we may not do so.
In addition, you have the right to be informed about all recipients.
c) Right to information:
You have the right to request information from us about whether personal data concerning you is being processed by us.
In the event that such processing is taking place, you may request information about the following:
-> The specified duration of the storage of your personal data. If specific information on this is not available, criteria for determining the storage period must be provided as a substitute.
-> Any available information about the origin, not you collected personal data.
-> The purposes for which the personal data are processed.
-> The existence of a right of appeal to a supervisory authority.
-> A list of all categories of personal data processed.
-> The existence of a right to erasure, rectification, restriction of processing by us or a right to object to it, or rectification of your personal data.
-> A list of recipients or categories of recipients to whom we disclose or will disclose your personal data in the future.
-> The existence of automated decision-making, including profiling in accordance with Art.22(1) and (4) of the GDPR, and meaningful information about the effects and logic involved in this processing.
-> Whether your personal data will be transferred to an international organization or a third country. In this case, you can also request information about appropriate safeguards for the transfer in accordance with Art.46 DSGVO.
d) Right to deletion:
Disclosure information to third parties ->
We will inform third parties to whom we have disclosed your personal data, taking into account the implementation costs and available technologies, of your request for the erasure of your personal data or copies and replications thereof.
Obligation to delete ->
If one of the following reasons applies, you may request that we delete your personal data without undue delay:
-> You object to the processing pursuant to Art.21 para.1 DSGVO or Art.21 para.2. We shall comply with your objection pursuant to Art.21 para.1 DSGVO as long as there are no overriding legitimate grounds for the processing.
-> Your personal data has been collected in relation to information society services offered pursuant to Art.8 para.1 DSGVO.
-> Your personal data is no longer necessary for the purposes originally collected.
-> Your personal data have been processed unlawfully.
-> You submit a revocation against your consent on which the further processing was based according to Art.6 para.1 lit.a or Art.9 para.2 lit.a DSGVO and there is no other legal basis for the processing of your data.
-> We are obliged to delete your personal data due to an applicable Union law or the law of the member states.
Exceptions ->
Your right to erasure only exists as long as the processing of your personal data is no longer necessary.
The personal data concerning you may not be deleted by the following exceptions:
-> For necessary reasons in the area of public health, which are of interest to the public Art.9 para.2 lit.h and i as well as Art.9 para.3 DSGVO.
-> For the exercise of the right to freedom of expression and information.
-> For the assertion, exercise or defense of legal claims.
-> We are obliged to preserve the data on the basis of an applicable Union law, the law of the member states or for the performance of a task that is in the public interest.
-> For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art.89(1) DSGVO, to the extent that the right referred to in the section Obligation to erase is likely to render impossible or seriously prejudice the achievement of the purposes of such processing.
e) Right to restriction of processing:
If the following conditions are met, you may request the restriction of the processing of your personal data:
-> If your personal data has been processed unlawfully, but you object to its erasure and instead request the restriction of its use.
-> If you have objected to the processing of your personal data pursuant to Art.21 para.1 DSGVO and it is not yet clear whether the legitimate grounds to which we are entitled outweigh your grounds.
-> If your personal data is no longer needed for the purpose of processing, but you need it to assert, defend or exercise legal claims.
-> If you object to the accuracy of your personal data for a period of time during which it is possible for us to verify the accuracy of such data.
If the processing of your personal data has been restricted, such data may, apart from being stored, only be processed for the protection of the rights of another natural or legal person, for reasons of important public interest of the Union or a Member State, or for the establishment, exercise or defense of legal claims. If you give consent for your data to be processed, it may also be processed.
If we establish a restriction on processing in accordance with the above conditions, you will be informed by us in this regard before the restriction is lifted.
f) Right to lodge a complaint with a supervisory authority:
If you consider that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, without prejudice to any other judicial or administrative remedy.
The competent supervisory authority that has received your complaint has the obligation to inform the complainant about the current status and the results of the complaint, including the possibility of a judicial remedy pursuant to Art.78 GDPR.
g) Right to data portability:
You have the right to receive your personal data, which you have entered in the ordering process, in a common, machine-readable and structured format. In addition, you have the right to transfer this data to another responsible party, without hindrance, provided that the processing is based on consent pursuant to Art.6 para.1 lit.a DSGVO or Art.9 para.2 lit.a DSGVO or on a contract pursuant to Art.6 para.1 lit.b DSGVO and the processing is carried out with the help of automated processes.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
In addition, you have the right to have your personal data transferred directly from us to another controller, if this is technically feasible. The rights and freedoms of other persons must not be affected by this.
h) Right of objection:
You have the right at any time to object, on grounds relating to your particular situation, to the processing of your personal data that is carried out on the basis of Art.6(1)(e) or (f) DSGVO. This also applies to profiling based on these provisions. Your data will then no longer be processed unless we can demonstrate compelling legitimate grounds for the processing that override your interests, freedoms and rights. In addition, despite an objection, your data must continue to be processed if the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object to this use. This also applies to profiling, insofar as it can be associated with such direct marketing.
Notwithstanding Directive 2002/58/EC, you have the possibility, in connection with the use of information society services, to exercise your right to object by means of automated procedures using certain technical specifications.
i) Right of withdrawal of the declaration of consent under data protection law:
You are entitled to withdraw your declaration of consent under data protection law at any time. This withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
j) Automated decision in individual cases including profiling:
Data protection rules ensure that you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you. This does not apply if one of the following conditions applies:
-> If, as a result of Union or Member State legislation, the operation is lawful and is carried out with your consent or such legislation contains measures to safeguard your rights and freedoms, as well as your legitimate interests.
-> If this is necessary for the performance of the sales contract between you and us.
These decisions may not be based on special categories of personal data Art.9 para.1 DSGVO, unless Art.9 para.2 lit.a or g applies and measures have been taken to protect the rights and freedoms, as well as your legitimate interests.
Person responsible for data processing:
Kimberly Zumfeld
Am Sünderkamp 22f
30629 Hanover
Phone: +4915205853380
info@kcandles.de