Privacy policy

PRIVACY POLICY

1) Introduction and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how your personal data is handled when using our website. Personal data refers to all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is
Fabian Paradis, Hopfenstraße 10–12, 47441 Moers, Germany,
Phone: +49 176 61413134,
Email: info@haven-living.store.

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data collection when visiting our website

2.1 When using our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the server (so-called “server log files”). When accessing our website, we collect the following data, which is technically necessary to display the website to you:

  • Website visited

  • Date and time of access

  • Amount of data sent in bytes

  • Source/referrer from which you accessed the page

  • Browser used

  • Operating system used

  • IP address (if applicable, in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used otherwise. However, we reserve the right to review server log files retrospectively if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries). You can recognize an encrypted connection by the “https://” string and the lock symbol in your browser.

3) Hosting & Content Delivery Network

Shopify

We use the system of the following provider to host our website and display page content:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).

Data may also be transferred to:
Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable certain functions, we use cookies, i.e. small text files that are stored on your device. Some cookies are deleted automatically after closing your browser (“session cookies”), while others remain on your device and allow page settings to be saved (“persistent cookies”). The storage duration of persistent cookies can be found in your browser’s cookie settings overview.

If personal data is processed through individual cookies, processing takes place in accordance with:

  • Art. 6(1)(b) GDPR for contract performance,

  • Art. 6(1)(a) GDPR based on consent, or

  • Art. 6(1)(f) GDPR based on our legitimate interest in ensuring the best possible functionality of the website.

You can configure your browser to inform you about cookies and allow you to decide individually whether to accept them or exclude cookies generally or in specific cases.

Please note that disabling cookies may limit the functionality of our website.

5) Contacting us

When you contact us (e.g. via contact form or email), personal data is processed solely for the purpose of handling and responding to your inquiry and only to the extent necessary.

The legal basis is our legitimate interest pursuant to Art. 6(1)(f) GDPR. If your inquiry is aimed at concluding a contract, Art. 6(1)(b) GDPR also applies. Data is deleted once the matter has been conclusively clarified, provided no statutory retention obligations apply.

6) Comment function

When using the comment function, the comment itself, the time of creation, and the chosen username are stored and published. Your IP address is also logged and stored for security reasons and in case of unlawful content.

Your email address is required to contact you if third parties object to your published content.

Legal bases are Art. 6(1)(b) and (f) GDPR. We reserve the right to delete comments if they are reported as unlawful by third parties.

7) Data processing when opening a customer account

Personal data is collected and processed in accordance with Art. 6(1)(b) GDPR when you provide it while opening a customer account. Required data can be seen in the registration form.

You may delete your customer account at any time by contacting the controller. After deletion, your data will be removed unless statutory retention periods apply or a legitimate interest in further storage exists.

8) Use of customer data for direct advertising

8.1 Newsletter subscription

If you subscribe to our newsletter, we regularly send you information about our offers. Only your email address is mandatory. Additional information is voluntary.

We use the double opt-in procedure. By activating the confirmation link, you consent to data processing pursuant to Art. 6(1)(a) GDPR. We store your IP address and the date and time of registration to prevent misuse.

You may unsubscribe at any time via the link in the newsletter or by contacting us. After unsubscribing, your email address will be deleted unless further lawful use applies.

8.2 Shopping cart reminder emails

If you abandon your purchase before completing an order, you may receive a one-time email reminder of your shopping cart.

Only your email address is required. We use the double opt-in procedure. Consent is granted pursuant to Art. 6(1)(a) GDPR.

You may unsubscribe at any time. After unsubscribing, your email address will be deleted unless further lawful use applies.

9) Data processing for order fulfillment

9.1 Personal data is passed on to transport companies and payment institutions as required for contract fulfillment pursuant to Art. 6(1)(b) GDPR.

If we owe updates for digital products, your contact data is processed pursuant to Art. 6(1)(c) GDPR solely for this purpose.

9.2 Shipping partners receive your name, delivery address, and, if required, your phone number solely for delivery purposes.

9.3 DSers

Order processing provider:
Bowers Enterprises, LLC, 109 Cloister Drive, Peachtree City, GA 30269, USA.

Data is transferred pursuant to Art. 6(1)(b) GDPR. The provider may also process accounting data based on Art. 6(1)(f) GDPR. Data transfers to the USA are safeguarded by EU Standard Contractual Clauses.

9.4 Payment service providers

Apple Pay and Shopify Payments are used for payment processing. Data processing is carried out exclusively for payment purposes pursuant to Art. 6(1)(b) GDPR. Apple processes anonymized transaction data to improve its services.

10) Retargeting / remarketing and conversion tracking

Meta Pixel

We use “Meta Pixel” by Meta Platforms Ireland Limited, Dublin, Ireland.

This allows us to display ads to users who have shown interest in our website and to track conversions. Data processing occurs only with your consent pursuant to Art. 6(1)(a) GDPR via the cookie consent tool.

Meta may transfer data to the USA. Meta participates in the EU-US Data Privacy Framework.

11) Website functionalities

11.1 Facebook plugins

11.2 Instagram plugins

Plugins are integrated using a two-click or Shariff solution. Data is only transmitted after your consent pursuant to Art. 6(1)(a) GDPR.

11.3 Google Maps API

Used for address validation during checkout. Processing is based on Art. 6(1)(f) GDPR. Data may be transferred to Google LLC (USA), which participates in the EU-US Data Privacy Framework.

12) Tools and other services

12.1 Lexware Office – cloud-based accounting software
12.2 Cookie consent tool – stores cookie preferences
12.3 Judge.me – customer review verification and publication

All processing is based on legitimate interest pursuant to Art. 6(1)(f) GDPR.

13) Rights of the data subject

You have the following rights under GDPR:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction of processing (Art. 18)

  • Right to notification (Art. 19)

  • Right to data portability (Art. 20)

  • Right to withdraw consent (Art. 7(3))

  • Right to lodge a complaint (Art. 77)

Right to object

You may object at any time to processing based on legitimate interests. If you object to processing for direct marketing purposes, such processing will cease.

14) Duration of storage of personal data

Personal data is stored only as long as necessary for the respective legal basis and purpose, or as required by statutory retention periods.

Once the purpose ceases to apply, the data is deleted unless further lawful retention is required.