Privacy policy
1) Information on the Collection of Personal Data and Contact Details of the Controller
1.1 We are pleased that you are visiting our www.kokoandclay.com internet presentation (hereinafter “website”) and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The controller in charge for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Koko & Clay Cosmetics, E-Mail: hello@kokoandclay.com. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Contacting
In the context of contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration. The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided that there are no legal storage obligations to the contrary.
3) Processing of Data for the Purpose of Order Handling
3.1 The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution within the framework of payment processing, if this is necessary for payment handling. If payment service providers are used, we explicitly inform you of this below. The legal basis for the transfer of data is Art. 6 (1) point b GDPR.
3.2 When paying by credit card via PayPal or by direct debit via PayPal, we pass your payment data on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 (1) point b GDPR and only insofar as necessary for payment processing.
4) Rights of the Data Subject
4.1 The applicable data protection law grants you comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data, about which we inform you below:
- Right of access by the data subject pursuant to Art. 15 GDPR: In particular, you have a right of access to your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, deletion, restriction of processing, objection to processing, a complaint to a supervisory authority, the origin of your data, if that was not collected from you by us, the existence of an automated decision-making process including profiling and, if applicable, meaningful information on the logic involved, the scope and intended effects of such processing concerning you, as well as your right to be informed about the guarantees provided for in Art. 46 GDPR for the transfer of your data to third countries;
- Right to rectification pursuant to Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and/or completion of your incomplete data stored by us;
- Right to erase pursuant to Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 (1) GDPR are met. However, this right shall not apply if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Right to restricting of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data, as long as the accuracy of your data contested is verified, if you refuse to have your data deleted due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data because its purpose has been achieved, or if you have filed an objection for reasons of your particular situation, as long as it is not yet clear whether our justified reasons will prevail;
- Right to be informed pursuant to Art. 19 GDPR: If you have exercised your right to rectify, delete or restrict the processing vis-à-vis the controller, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed regarding this rectification, deletion of the data or restriction on processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability pursuant to Art. 20 GDPR: You have the right to receive the personal data you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible, insofar as this is technically feasible;
- Right to withdraw a given consent pursuant to Art. 7 (3) GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation;
- Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of your personal data infringes the GDPR, you have the right of appeal to a supervisory authority, in particular in the member state where you reside or work or in the place of the suspected infringement, without prejudice to any other administrative or judicial remedy.
4.2 RIGHT TO OBJECT
IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.
5) Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely deleted, provided they are no longer necessary for the performance or initiation of the contract and/or there is no longer any legitimate interest on our part in the further storage.