Data policy

Privacy policy

The person responsible for data processing is:
Isa Kara
Solomou 22
70014 Chersonissos 

Email: info@grand-white.de

 

Thank you for your interest in our online shop. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your data.

1. access data and hosting
You can visit our website without providing any personal information. Each time you visit a website, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the request, the amount of data transferred and the requesting provider (access data) and documents the request. This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving our services. This serves to protect our legitimate interests in the correct presentation of our offer, which are overriding in the context of a balancing of interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. All access data will be deleted at the latest seven days after your visit to the site has ended.

Hosting
The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our relationship with them, please contact them as described in this Privacy Policy.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined by decision that they provide an adequate level of data protection: Canada

Our service providers are located and/or use servers in the USA and in other countries outside the EU and the EEA. There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on standard data protection clauses of the European Commission.

2 Data processing for contract execution and for contacting us
2.1 Data processing for contract execution
For the purpose of contract processing (incl. enquiries about and processing of any warranty and performance claims that may exist as well as any statutory update obligations) in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, as in these cases we absolutely need the data to process the contract and we cannot send the order without their specification. Which data is collected can be seen from the respective input forms.

Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and dispatch processing, can be found in the following sections of this data protection declaration. After complete processing of the contract, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law in accordance with Art. 6 Para. 1 Sentence 1 lit. c DSGVO, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

2.2 Customer account
Insofar as you have given your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO by deciding to open a customer account, we will use your data for the purpose of opening a customer account as well as for storing your data for further future orders on our website. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. 

2.3 Contacting us
Within the scope of customer communication, we collect personal data in order to process your enquiries in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO if you voluntarily provide us with this data when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such because in these cases we absolutely need the data to process your contact. Which data is collected can be seen from the respective input forms. After your enquiry has been processed in full, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO or we reserve the right to use data in a way that goes beyond this, which is permitted by law and about which we inform you in this declaration.

3. data processing for the purpose of shipment processing
For the purpose of fulfilling the contract in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.

4. data processing for payment processing
When processing payments in our online shop, we work together with these partners: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction processing
Depending on the selected payment method, we pass on the data necessary for the processing of the payment transaction to our technical service providers, who work for us within the framework of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for the processing of the payment. This serves the fulfilment of the contract according to Art. 6 para. 1 p. 1 lit. b DSGVO. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
If you have any questions about our payment processing partners and the basis of our cooperation with them, please use the contact option described in this privacy policy.

4.2 Data processing for the purpose of fraud prevention and optimisation of our payment processes
Where applicable, we provide our service providers with further data, which they use together with the data necessary for the processing of the payment as our processors for the purpose of fraud prevention and optimisation of our payment processes (e.g. invoicing, processing of contested payments, accounting support). Pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, this serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests. 

5. contact options and your rights
5.1 Your rights
As a data subject, you have the following rights:

Pursuant to Art. 15 DSGVO, the right to request information about your personal data processed by us to the extent specified therein;
pursuant to Art. 16 DSGVO, the right to demand the correction of incorrect or incomplete personal data stored by us without undue delay;
in accordance with Article 17 of the GDPR, the right to request the erasure of your personal data stored by us, unless further processing is necessary for the exercise of the right to freedom of expression.
for the exercise of the right to freedom of expression and information;
to comply with a legal obligation;
for reasons of public interest; or
the assertion, exercise or defence of legal claims;
in accordance with Art. 18 DSGVO, the right to request the restriction of the processing of your personal data, insofar as
the accuracy of the data is disputed by you;
the processing is unlawful, but you object to its erasure;
we no longer need the data, but you need them to assert, exercise or defend legal claims, or
you have objected to the processing in accordance with Art. 21 DSGVO;
pursuant to Art. 20 DSGVO, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;
pursuant to Art. 77 DSGVO, the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
Right of objection

Insofar as we process personal data as explained above in order to protect our legitimate interests, which prevail in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object on grounds relating to your particular situation.

After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.

5.2 Contact options
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of consent given or objection to a specific use of data, please contact us directly using the contact details in our imprint.