Privacy Policy
1. Information on the Collection of Personal Data and Controller Details
1.1
Thank you for visiting oliviascoastboutique.com. In this Privacy Policy, we explain how your personal data is collected, used, and protected when you use our website. Personal data means any information that can identify you personally.
1.2
The data controller responsible for processing personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Olivia's Coast Boutique
The controller is the natural or legal person who determines the purposes and means of processing personal data, either alone or jointly with others.
1.3
For security reasons and to protect the transmission of personal data and other confidential content, such as orders or inquiries, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” in your browser’s address bar and the lock icon displayed there.
2. Data Collection When Visiting Our Website
If you use our website for informational purposes only, meaning you do not register or otherwise submit information to us, we only collect the data that your browser automatically transmits to our server. These so-called server log files are technically necessary to display the website properly and ensure stability and functionality.
The data collected may include:
- The pages visited on our website
- Date and time of access
- Amount of data transmitted
- Referring website or source
- Browser type and version
- Operating system used
- IP address, where applicable in anonymized form
This data is processed in accordance with Article 6(1)(f) GDPR based on our legitimate interest in maintaining and improving the stability and functionality of our website.
This data will not be used for other purposes or shared with third parties unless there is a concrete indication of unlawful use.
3. Cookies
To make your visit to our website more user-friendly and to enable certain features, we use cookies on various pages. Cookies are small text files that are stored on your device.
Some cookies are deleted automatically when you close your browser. These are known as session cookies. Other cookies remain stored on your device and allow us or our partners to recognize your browser the next time you visit the website. These are called persistent cookies.
Cookies may collect and process certain information, such as:
- Browser information
- Location data
- IP address values
Persistent cookies are automatically deleted after a predefined period, which may vary depending on the cookie.
In some cases, cookies are used to simplify the ordering process by saving settings, for example the contents of a shopping cart for a later visit.
Where personal data is processed by cookies set by us, the processing is carried out either:
- in accordance with Article 6(1)(b) GDPR for the performance of a contract, or
- in accordance with Article 6(1)(f) GDPR based on our legitimate interest in providing a functional, effective, and user-friendly website.
We may also work with advertising partners who place cookies on your device to make our website and advertising more relevant to you. If this is the case, details about those cookies and the scope of data processing will be provided separately in this Privacy Policy.
You can configure your browser to notify you about the use of cookies and decide individually whether to accept or reject them, either in specific cases or generally.
Please note that disabling cookies may limit the functionality of this website.
4. Contacting Us
If you contact us, for example by email or through a contact form, personal data is collected. The data collected through a contact form can be seen in the respective form.
This data is used solely for the purpose of responding to your inquiry and for the related technical administration.
The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Article 6(1)(f) GDPR. If your inquiry is related to the conclusion of a contract, the additional legal basis is Article 6(1)(b) GDPR.
Your data will be deleted once your request has been fully processed, provided there are no legal retention obligations requiring longer storage.
5. Data Processing When Opening a Customer Account and for Contract Fulfillment
If you provide us with personal data for the purpose of placing an order or opening a customer account, we collect and process that data in accordance with Article 6(1)(b) GDPR.
The data collected can be seen in the respective input forms.
You may request deletion of your customer account at any time by contacting us. We use the data you provide to process your contract and fulfill your order.
Once the contract has been fully completed or your account has been deleted, your data will be restricted in accordance with applicable tax and commercial retention periods and deleted after those periods expire, unless you have expressly consented to further use of your data or unless further use is legally permitted.
6. Use of Your Data for Direct Marketing
6.1 Newsletter Subscription
If you subscribe to our email newsletter, we will send you regular information about our offers. The only mandatory information for receiving the newsletter is your email address. Any additional information is voluntary and may be used to address you personally.
We use a double opt-in procedure. This means that we will only send you newsletters if you first confirm your subscription through a confirmation email.
When you subscribe, we store your IP address and the date and time of your registration in order to verify your subscription and prevent misuse of your email address.
The legal basis for this processing is your consent under Article 6(1)(a) GDPR.
You may unsubscribe from the newsletter at any time using the unsubscribe link included in every newsletter or by contacting us directly. Once you unsubscribe, your email address will be removed from our newsletter mailing list immediately unless further storage is legally permitted or you have expressly consented to another use.
6.2 Newsletter for Existing Customers
If you provide your email address during a purchase, we may use it to send you information about our own similar products or services, provided you have not objected to this use.
This processing is based on our legitimate interest in direct marketing in accordance with Article 6(1)(f) GDPR.
You may object to the use of your email address for marketing purposes at any time with future effect by contacting us. After receiving your objection, we will stop using your email address for such purposes immediately.
7. Data Processing for Order Handling
7.1
To fulfill your order, we may share your personal data with the shipping company responsible for delivery, but only to the extent necessary for delivery.
We may also share your payment data with the financial institution or payment provider responsible for processing the payment, insofar as this is necessary.
The legal basis for this transfer is Article 6(1)(b) GDPR.
7.2 Payment Service Providers
PayPal
If you choose to pay via PayPal, credit card via PayPal, direct debit via PayPal, or if offered, purchase on account or installment payment via PayPal, your payment data will be transmitted to:
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg
This transfer is carried out in accordance with Article 6(1)(b) GDPR and only to the extent necessary for payment processing.
PayPal may perform a credit check for certain payment methods. This is done on the basis of PayPal’s legitimate interest in determining your creditworthiness under Article 6(1)(f) GDPR.
For more information, please refer to PayPal’s Privacy Policy.
SOFORT
If you choose the payment method SOFORT, payment processing is carried out by:
SOFORT GmbH
Theresienhöhe 12
80339 Munich
Germany
SOFORT is part of the Klarna Group.
The data necessary for payment processing and order completion will be transmitted to SOFORT in accordance with Article 6(1)(b) GDPR.
Further information can be found in SOFORT’s Privacy Policy.
8. Review Reminder
If you have expressly consented during or after your order, we may use your email address to send you a one-time reminder to leave a review of your purchase.
This processing is based on your consent under Article 6(1)(a) GDPR.
You may withdraw your consent at any time by contacting us.
9. Social Media Plugins
9.1 Facebook Plugins (Shariff Solution)
This website may use social plugins from Facebook. To better protect your privacy, these buttons are not directly integrated as plugins, but only as HTML links using the Shariff solution. This means no connection to Facebook’s servers is established unless you actively click the button.
Once clicked, a new browser window opens and connects to Facebook, where you may interact with the plugin after logging in.
Further details can be found in Facebook’s Privacy Policy.
9.2 Google+ Plugins (Shariff Solution)
This website may use plugins from Google+ in the same privacy-friendly Shariff format. No direct connection is made to Google’s servers unless you click the relevant button.
Further information is available in Google’s Privacy Policy.
9.3 Instagram Plugins (Shariff Solution)
This website may also use plugins from Instagram using the Shariff solution. A connection to Instagram is only established when you actively click on the corresponding button.
Further details can be found in Instagram’s Privacy Policy.
10. Online Marketing
10.1 DoubleClick by Google
This website may use DoubleClick by Google, an online marketing service provided by Google LLC.
DoubleClick uses cookies to show relevant advertisements, improve campaign performance reports, and avoid showing the same ad multiple times.
The processing is based on our legitimate interest in optimizing our online marketing under Article 6(1)(f) GDPR.
DoubleClick may also record conversions, for example when a user clicks on an ad and later makes a purchase on the advertiser’s website.
You can disable cookies used for advertising purposes in your browser settings or through Google’s advertising settings.
10.2 Google Ads Conversion Tracking
This website may also use Google Ads conversion tracking. A cookie is set when you click on a Google ad. These cookies help us understand whether users complete certain actions on our website after clicking on an advertisement.
The data collected is used to generate conversion statistics and is processed based on our legitimate interest in targeted advertising under Article 6(1)(f) GDPR.
You can disable conversion tracking by changing your browser settings or using Google’s opt-out tools.
11. Web Analytics Services
Google (Universal) Analytics
This website may use Google Analytics, a web analytics service provided by Google LLC.
Google Analytics uses cookies to help us analyze how users interact with our website. The information generated by the cookie, including your abbreviated IP address, may be transmitted to and stored on Google servers in the United States.
We use Google Analytics only with IP anonymization enabled, so your IP address is shortened before transmission within the European Union or the European Economic Area whenever possible.
The processing is based on our legitimate interest in analyzing user behavior to optimize our website and marketing activities under Article 6(1)(f) GDPR.
You may prevent Google Analytics from collecting your data by adjusting your browser settings or installing the browser add-on provided by Google.
12. Retargeting / Remarketing / Recommendation Advertising
Facebook Custom Audience via Pixel
This website may use the Facebook Pixel to measure the effectiveness of Facebook ads and to show interest-based advertising.
This allows user behavior to be tracked after users click on or view a Facebook advertisement. The data collected is anonymous to us, but Facebook may link it to your Facebook account.
This processing is carried out only with your express consent in accordance with Article 6(1)(a) GDPR.
You can disable Facebook cookie-based advertising through your browser settings or via the Digital Advertising Alliance website.
Google Ads Remarketing
This website may use Google Ads Remarketing to advertise our products in Google search results and on third-party websites.
Google uses cookies to show ads based on your previous visits to our website. This is done on the basis of our legitimate interest in effective marketing under Article 6(1)(f) GDPR.
You can opt out of personalized advertising by adjusting your Google ad settings or by installing the appropriate browser plugin.
13. Rights of Data Subjects
Under applicable data protection law, you have the following rights regarding the processing of your personal data:
- Right of access under Article 15 GDPR
- Right to rectification under Article 16 GDPR
- Right to erasure under Article 17 GDPR
- Right to restriction of processing under Article 18 GDPR
- Right to notification under Article 19 GDPR
- Right to data portability under Article 20 GDPR
- Right to withdraw consent under Article 7(3) GDPR
- Right to lodge a complaint with a supervisory authority under Article 77 GDPR
Right to Object
If we process your personal data on the basis of our legitimate interests, you have the right to object at any time on grounds relating to your particular situation.
If you object, we will stop processing the affected data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing. If you exercise this right, we will stop processing your data for direct marketing purposes immediately.
14. Retention Period of Personal Data
The length of time we retain personal data depends on the relevant legal retention periods, especially under tax and commercial law.
After those periods expire, the data will be routinely deleted, unless it is still required for the performance or initiation of a contract or unless we have a legitimate interest in retaining it further.