Privacy Policy

 

  1. Privacy Policy at a Glance

 

General Notes

The following section offers a general overview of how your personal data will be used when you visit this website. Personal data includes all information relating to an identified or identifiable natural person. For more information about Data Protection, please see the relevant section of this Privacy Policy.

 

How Data Is Collected Through This Website

Who Uses This Website to Collect Data?

The website owner is responsible for handling all data collected through this website. You can find their contact details in the Legal Notice linked at the bottom of this web page.

 

How Do We Collect Your Data?

In some cases, data is given to us directly by you. This could include, for example, data that you submit in a contact form.

Other data is collected automatically by our IT systems when you visit our website. This is primarily technical information (such as your web browser, your operating system or the time of your visit). This data is collected automatically when you access this website.

 

How Do We Use Your Data?

Certain data is required to ensure that the website can function correctly. Other data is collected so that we can analyze user behavior.

 

What Rights Do You Have in Relation to Your Data?

You have the right to request information relating to how your stored personal data was obtained, who obtained it and for what purposes it was obtained. You can request this information at any time and you will be provided with it free of charge. You also have the right to request that this information be rectified or erased. If you have any further questions relating to our data protection practices, you are free to contact us at any time via the address provided in our Legal Notice. Additionally, you have the right to lodge a complaint with a relevant supervisory authority.

Under certain circumstances, you also have the right to restrict the processing of your personal data. For more information, see the section of the Privacy Policy entitled "Right to Restrict Processing".

 

  1. General Notes and Mandatory Information

Data Protection

The owner of this website takes the privacy of your personal data very seriously. We will handle your personal data with the utmost discretion and in accordance with the applicable data protection laws, as well as the provisions outlined in this Privacy Policy.

When you use this website, personal data is collected from you in various ways. Personal data includes all information relating to an identified or identifiable natural person. This Privacy Policy outlines which data we collect and how we use this data. It also outlines the purposes of this data usage and how it takes place.

Please note that, whenever data is transferred through the Internet (e.g. via email) data breaches may occur. It is not possible to offer total protection against third party access.

 

Data Controller

The data controller for this website is:

 

My Cottage Garden
Sarah Stiller
Georgenstr. 78
80799 München

Germany

Telephone: +49 1626 090155
Email: [email protected]

 

A data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

 

Right to Withdraw Consent

A number of data processing operations may only be carried out where your explicit consent has been granted. You have the right to withdraw consent at any time. To do so, simply contact us via email. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

Right to object in certain circumstances, including where data is collected for direct marketing purposes (Art. 21, GDPR)

"The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims." (Direct quote taken from Article 21(1) of the GDPR.)

"Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes." (Direct quote taken Article 21, paragraphs 2 and 3 of the GDPR.)

 

Right to Lodge a Complaint with a Supervisory Authority

In cases when the GDPR has been breached, any affected party has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

 

Right to Data Portability

Where data is processed on the basis of consent, as part of a contract, or if processing is carried out by automated means, you have the right to request a copy of this data to be transmitted in a structured, commonly used and machine-readable format. You have the right to transmit this data to a third party. You have the right to have your personal data transmitted directly to another data controller, but only where this is technically feasible.

 

SSL/TLS Encryption

This website uses SSL/TLS encryption. This is for security purposes and also to protect sensitive information during data transmission, for example when you submit orders and inquiries directly through the website. You can tell if a website offers secure browsing by checking the address bar on your web browser. A lock symbol should be displayed and you should also see "https://" instead of "http://" at the start of the web address.

When this SSL/TLS encryption is active, it is not possible for third party users to intercept data that you transmit through the website.

Online Store

If you want to place an order through our online store, we will need to process your personal data (name, address, contact and payment details). This data will be used solely for the purpose of placing your order and, if you wish, to allow you to open a customer account.

Where necessary, this data will be shared with our trusted suppliers and payment service providers (Stripe Inc. or PayPal Inc.).

We use Shopify to operate our online store, a service provided by Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5. Shopify provides an E-commerce platform that we use to sell our products. While your order is being processed, the data you provide will be stored on one of Shopify's servers in the USA. For more information, see Shopify's privacy policy at http://www.shopify.com/legal/privacy.

 

Secure Payments on This Website

To complete a transaction, your payment details (e.g. bank account number for direct debit authorization) will need to be transferred so that your payment can be processed.

For whichever payment method you choose (Visa/MasterCard/Direct Debit) this transaction will take place through a secure SSL/TLS connection. You can tell if a website offers secure browsing by checking the address bar on your web browser. A lock symbol should be displayed and you should also see "https://" instead of "http://" at the start of the web address.

Using encrypted communication means that the payment details you provide us with cannot be intercepted by third party users.

 

Erasure, Rectification and the Right to Be Informed

In accordance with current privacy regulations, you have the right to request information regarding your personal data, including how it was collected, who collected it and how it is being used. This information can be requested at any time and must be provided free of charge. You also have the right to request that this data be rectified or deleted. If you have any further questions relating to personal data, you are free to contact us at any time via the address provided in our Legal Notice.

 

Right to Restrict Processing

You have the right to restrict processing of your personal data in certain circumstances. If you would like to do this, please contact us via the address provided in our Legal Notice. You have the right to restrict processing of your data in the following circumstances:

  • When you are contesting the accuracy of your stored personal data, we will usually need time to verify this. While this process is taking place, you have the right to restrict the processing of your data.
  • If your data has been unlawfully processed, instead of erasure, you could request restriction of processing.
  • If we no longer need your personal data, but you need to keep it in order to establish, exercise or defend a legal claim, you could request restriction of processing, instead of erasure.
  • In the event that you object to our processing of your data under Article 21(1) of the GDPR, we will require an assessment period to take your objection into consideration. During this time, you have the right to request that we restrict the processing of your personal data.

 

If you restrict the processing of your personal data, apart from storing it, we will not use your data in any way, unless we have your consent; it is for the establishment, exercise or defense of legal claims; it is for the protection of the rights of another person (natural or legal); or it is for reasons of important public interest to the European Union or a Member State.

 

  1. How Data Is Collected Through This Website

 

Cookies

All websites use cookies to a certain extent. Cookies will not cause damage to your computer and they do not contain viruses. We use cookies to offer you a more user-friendly, effective and secure browsing experience. Cookies are small text files that are placed on your computer and stored by your browser.

Most of the cookies used by this website are known as "session cookies". They are automatically deleted at the end of your browsing session. Other cookies will remain stored on your device until you delete them. These cookies allow us to identify your browser the next time you visit.

You can choose to set your web browser so that you will always be informed when cookies are placed, allowing you to permit them on an individual basis. You can also choose to disable cookies in all or certain situations. It is possible to set your browser so that cookies are automatically deleted when you close your web browser. If you choose to disable cookies, this website may not function fully or as intended.

Cookies that are essential for you to browse this website and use its features (e.g. the shopping cart), can be lawfully stored according to Art. 6(1) point (f) of the GDPR. The website owner has legitimate grounds to store these cookies, in order to prevent technical failures and provide a better experience and service to you. Provided that consent has been granted (e.g. consent to store cookies) the website owner has grounds to process this data on the basis of Art. 6(1) point (a) of the GDPR. You have the right to withdraw consent at any time.

As regards storing other cookies (e.g. cookies that analyze your browsing habits) these will be discussed separately in this Privacy Policy.

 

Server Log Files

This website collects and automatically stores information in the form of server log files. Your browser then automatically transfers these files to us. These include:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of accessing computer
  • Time of server request
  • IP address

This data is not collated with data from other sources.

This data is collected on the basis of Art. 6(1) point (f) of the GDPR. The website owner has a legitimate interest in the smooth running and optimization of their website. The data log files are collected for this purpose.

 

Processing Data (Customer Data and Contract Data)

We collect, process and use personal data in so far as it is necessary to establish, develop or modify a legal relationship (inventory data). This is lawful under Art. 6(1) point (b) of the GDPR, which allows data to be processed for the performance of a contract or in order to take steps prior to entering into a contract. Personal data relating to use of this website (usage data) is only collected, processed and used in so far as is necessary to allow users to use the service or pay for it.

The customer data that we collect will be deleted after their order has been fulfilled or our business relationship has been terminated. This does not affect statutory retention periods.

 

Data Transfer at the End of a Contract for Services and Digital Content

We will only ever transfer your personal data to third parties if it is necessary to process a payment through an appointed financial institution as part of processing a contract.

Data will not be transferred for any other purposes, unless you have explicitly consented to it. Your data will never be passed on to third parties for marketing purposes without your explicit consent.

Processing data this way is lawful under Art. 6(1) point (b) of the GDPR, which allows data to be processed for the performance of a contract or in order to take steps prior to entering into a contract.

 

  1. Social Media

 

Facebook Plugins

This website uses plugins provided by the social network, Facebook, address: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. These Facebook plugins are clearly recognizable on the website because they feature the Facebook logo or the like button. You can find an overview of Facebook plugins here: https://developers.facebook.com/docs/plugins.

When you visit this website, plugins create a direct connection between your browser and the Facebook server. This means that Facebook will receive the information that you have accessed this website with your IP address. If you click the Facebook like button while logged into your Facebook account, you may link content from this website to your Facebook profile. Facebook could use this to connect your visit to this website to your user account. Please note that the owners of this site do not know the exact contents of the data that is transferred to Facebook or how it is used. You'll find more information about Facebook's privacy policy at: https://www.facebook.com/privacy/explanation.

 

If you don't want Facebook to be able to link your Facebook user account to your visit to this website, then please log out of your Facebook user account.

Use of Facebook plugins is lawful under Art. 6(1) point (f) of the GDPR. The website owner has a legitimate interest in increasing their visibility on social media.

 

  1. Analytics Tools and Marketing

 

Google Analytics

This website uses a web analytics service provided by Google Analytics. This is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies. These are text files that are stored on your computer and allow us to analyze how our website is being used. Information related to how you use this website is generated through cookies and much of this is transferred to a Google server located in the USA and stored there.

Storing Google Analytics cookies and using analytical tools is lawful under Art. 6(1) point (f) of the GDPR. The website owner has a legitimate interest in analyzing user behavior for the purposes of marketing and improving website content. Provided that consent has been granted (e.g. consent to store cookies) the website owner has grounds to process this data on the basis of Art. 6(1) point (a) of the GDPR. You have the right to withdraw consent at any time.

 

IP Anonymization

We have activated a function that anonymizes IP addresses collected through this website. This means that if you are located within a European Member State or an area covered by the European Economic Area Agreement, Google will shorten your IP address before it is transmitted to the USA. Only in exceptional circumstances will your full IP address be transferred to a Google server in the USA before being shortened there. As part of an agreement with the owner of the website, Google will use your information to analyze how you use the website, to compile reports about website activity and to provide other services to the website owner related to website and internet usage. Although your IP address is transmitted to Google through Google Analytics, it will not be collated with other Google data.

 

Browser Plugin

You may choose to disable cookies in your web browser. Please note that, if you do this, certain features of the website may not function fully or as intended. If you wish, you can also stop Google from collecting and processing data relating to your usage of this website (including your IP address) by downloading and installing the browser plugin available at the link below: https://tools.google.com/dlpage/gaoptout.

 

Object to Data Collection

You can stop Google Analytics from collecting your data by clicking on the following link. It places an opt-out cookie that will stop your data from being collected during future visits to this website. It deactivates Google Analytics.

More information about how Google Analytics handles user data is available in Google's privacy policy under: https://support.google.com/analytics/answer/6004245?hl=.

 

Data Processing Terms

We have accepted Google's Data Processing Terms, which ensure that Google Analytics is used in a manner that is fully compliant with the strict provisions put into place by German data protection authorities.

 

Retention Period

After 14 months, Google will anonymize or delete any of the user-level or event-level data it may be storing that is associated with cookies, user-identifiers (e.g. User-ID) and advertising identifiers (DoubleClick cookies, Android’s Advertising ID). Please see the link below for more information: https://support.google.com/analytics/answer/7667196?hl=

 

  1. Newsletter

This website uses Kajabi to send out newsletters. The provider is Kajabi, LLC, 15495 Sand Canyon Ave Suite #300, Irvine, CA 92618.

Kajabi is a service, which amongst other things, allows us to send out newsletters and analyze the results. Data that you provide us with in relation to our newsletter will be stored on Kajabi's server in the USA.

If you do not want Kajabi to analyze your data, you will have to unsubscribe from our newsletter. Each newsletter we send out includes a link that allows you to do this. You can also unsubscribe from our newsletter through our website.

 

Analyzing Data

Kajabi allows us to analyze our newsletter campaign. It means that we can see things, such as if the newsletter has been opened and which links have been clicked. This allows us to establish information, such as which links are clicked the most.

We can also identify if a set of predefined actions have been carried out once the newsletter has been opened or a link has been clicked (conversion rate). For example, we'll know if you purchase something after clicking on the newsletter.

Kajabi also allows us to divide our newsletter readers into different categories (clusters). This means that we divide up our newsletter readers according to characteristics, such as age, gender or place of residence. This allows use to adapt our newsletter to better suit our target readers.

For more information about how Kajabi operates, please see the following link: https://kajabi.com/solutions/email-marketing/.

 

Legal Basis

It is lawful to process your data in the above-mentioned ways on the grounds that you have given consent (Art. 6(1) point of the GDPR). You can withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

Retention Period

Personal data provided by you for the purposes of subscribing to the newsletter will be stored by us or the newsletter service provider until you make the decision to unsubscribe. Once you do this, your data will be deleted. Data we are storing for other purposes will remain unaffected.

When you ask to be removed from the newsletter mailing list, your email address will be saved to a blacklist by either us or the newsletter service provider. This is to prevent you from receiving any future emails from us. Data on the blacklist is not used for any other purpose and it will never be collated with other data. This serves both your interests and our own, because it ensures that we are able to comply with legal requirements related to the distribution of newsletters (legitimate interests of the kind referenced in Art. 6(1) point (f) of the GDPR). There is no limit on how long we may store your data on a blacklist. You can object to your data being stored in this way if you believe that your own interests outweigh our legitimate interests.

For more information, take a look at Kajabi's privacy policy at: https://learn.kajabi.com/resources/5ikpdoaoycc4g8oaq08ssa/.

 

Data Processing Addendum

We have entered into an agreement with Kajabi, which means that they are obligated to protect our customer data and never pass it along to third parties. You can see a copy of the Addendum by following the link below: 

https://kajabi.com/policies/dpa/

  

  1. Plugins and Tools

 

YouTube Advanced Data Protection

This website contains embedded YouTube videos. These are provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube's Privacy-Enhanced Mode. According to YouTube, using this mode means that YouTube will not store information about visitors to this website unless you click to play one of their videos. Privacy-Enhanced Mode does not, however, necessarily mean that data will not be passed on to YouTube partners. Regardless of whether you watch a video, YouTube establishes a link to Google's DoubleClick network.

As soon as you start playing a YouTube video on this website, a connection is created to the YouTube server. This means that YouTube will know which of our web pages you have visited. If you are logged into your YouTube account, YouTube will be able to link your personal profile with your browsing activities. You can stop this from happening by logging out of your YouTube account.

When you start playing a YouTube video, YouTube will also place various cookies on your device. YouTube can use these cookies to collect information about visitors to this website. This information is used for purposes, such as compiling video statistics, making services more user-friendly and preventing fraud. These cookies will be stored on your device until you delete them.

Other data processing operations may be triggered when you click to play a YouTube video, but we have no control over this.

We use YouTube to attractively display our online offers. This is a legitimate interest, as referenced under Art. 6(1) point (f) of the GDPR. Provided that consent has been granted (e.g. consent to store cookies) the website owner has grounds to process this data on the basis of Art. 6(1) point (a) of the GDPR. You have the right to withdraw consent at any time.

For more information about data protection at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=.