Datenschutz

Data protection

We are very pleased that you are interested in our company. The protection of your personal data is important to us. We collect and use your personal data exclusively in accordance with and within the framework of the data protection law applicable in Germany, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other applicable data protection regulations.

Below we inform you about the type, scope and purpose of the collection and use of personal data when using our website. You can access this information at any time on our website.

Personal data is all data with which a natural person (data subject) can be identified directly or indirectly, e.g. name, address, e-mail address, user behavior of a natural person.

I. Name and contact details of the person responsible and contact details of the data protection officer

1. The person responsible within the meaning of data protection laws (Art. 4 Para. 7 GDPR) is:

Himalaya Textilhandels GmbH

Röthbargweg 2b (near the Braaker Mill)

22145 Braak

Phone: 040/ 524 77 5181

Email: service@himalayashop.de

Website: www.himalayashop.de

We do not currently have a data protection officer. The requirements of Art. 37 Para. 1 GDPR, which require the appointment of a data protection officer, are not met at our company.

II. General principles

1 . Scope and legal basis of processing

We only process personal data in accordance with legal regulations. In particular, personal data is only processed if you have given your consent or if the processing is otherwise legally permitted.

If we obtain consent from the data subject for processing personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Art. 6 (1) sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) sentence 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) sentence 1 lit. d GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis for processing.

We indicate the respective legal basis for processing in connection with the information on the individual data processing operations in this data protection declaration or when you provide your personal data.

2. Transfer of data

Within our company, only those departments that need your data to protect our legitimate interests or to fulfill our contractual or legal obligations or to answer your inquiries will have access to your data.

In some cases, we use external service providers to process your data, who process data on our behalf as contract processors (e.g. for central IT services or hosting our website). Service providers who act as contract processors for us may only use the data in accordance with our instructions. In this case, we are legally responsible for ensuring that the companies we commission take appropriate data protection precautions. The companies were carefully selected by us, commissioned in writing in accordance with the legal requirements, are bound by our instructions and are regularly monitored.

Your personal data will only be transferred to third parties if this is legally permissible, in particular if

-You have expressly given your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR,

-the transfer according to Art. 6 Para. 1 Clause 1 Letter b of GDPR is necessary for the processing of contractual relationships with you,

-there is a legal obligation to disclose data pursuant to Art. 6 (1) sentence 1 lit. c GDPR,

- the transfer according to Art. 6 Paragraph 1 Clause 1 Letter f of GDPR is necessary to protect our legitimate interests, unless your interests outweigh them.

If we intend to pass on personal data to third parties, you will find more information about this in the information on the individual data processing operations in this data protection declaration or when you provide your personal data.

3. Duration of storage and deletion of data

We process and store personal data only for the period necessary to achieve the purpose of processing. If the purpose of processing no longer applies, the data will be deleted unless legal retention obligations prevent deletion. In the latter case, processing will be restricted in order to fulfill the retention obligations.

You will find more information in connection with the information on the individual data processing operations in this data protection declaration or when you provide your personal data.

4. Data security

We use SSL or TLS encryption when visiting the website and to protect the transmission of content. You can recognize this by the closed representation of the key or lock symbol in the lower status bar of your browser, which your browser displays when there is an SSL connection.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

5. Rights as a data subject

You have the following rights with regard to the personal data concerning you:

- Right to withdraw consent

- Right to information

- Right to rectification or erasure

- Right to restriction of processing

- Right to object to processing

- Right to data portability

- Right to lodge a complaint with a supervisory authority.

Further information on these rights can be found under IV. of this policy.

III. Information on individual data processing operations

In the following provisions you will receive more detailed information on the individual data processing operations, for example which personal data is collected, for what purposes it is used, on what basis we are entitled to collect the data, how long it is stored and, if applicable, to whom it is transmitted:

1. Data processing when visiting the website

When you visit our website, the browser used on your device automatically sends information to our website's server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

IP address of the requesting computer,
Date and time of access,
Name and URL of the retrieved file,
Website from which access is made (referrer URL),
browser used and, if applicable, the operating system of your computer and
Names of downloaded files.

We process the above data for the following purposes:

Display of the website,

Ensuring a smooth connection to the website,

Ensuring comfortable use of our website,

Evaluation of system security and stability as well as

for further administrative purposes.

The legal basis for data processing is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Our legitimate interest arises from the purposes for data collection listed above. Under no circumstances do we use the data collected to draw conclusions about you personally.

We would like to point out that if data is processed based on Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, you have the right to object to processing in accordance with Art. 21 GDPR. You can find more information on this under Section IV. 10 of this data protection declaration.

We also use cookies when you visit our website. You can find more detailed information about this in section 2 of this privacy policy.

2. Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device and do not contain any viruses, Trojans or other malware.

The cookie stores information that is related to the specific device used. However, this does not mean that we receive direct knowledge of your identity.

We use so-called session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted after you leave our website. The use of cookies serves to make the use of our services more pleasant and user-friendly for you. Some elements of our website require that the calling server can be identified even after a page change. For example, the items in the shopping cart are stored using cookies so that the items remain in the shopping cart when you visit another page during the ordering process.

In addition, we use temporary cookies to optimize user-friendliness. These are stored on your device for a specific period of time, which may vary depending on the cookie. If you visit our website again to use our services, it will automatically recognize that you have already visited us and what entries and settings you have made so that you do not have to enter them again. You can also delete the cookies at any time in the security settings of your browser.

We use cookies to make your visit to our website more pleasant and easier. Data processing is carried out on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, as we have a legitimate interest in storing cookies to ensure technically error-free and optimized provision of our services.

Most browsers accept cookies automatically. However, you can configure your browser to suit your needs, for example so that no cookies are stored on your computer or a warning always appears before a new cookie is created. You can also delete cookies at any time in the security settings of your browser.

However, completely deactivating cookies may mean that you cannot use all the functions of our website.

We do not use cookies to analyze your surfing behavior.

3. Data processing when contacting us by email

If you contact us via the email address provided, the data you provide will be stored by us and used only to process your request and to contact you to process your request.

The legal basis for the processing of data transmitted when sending an email is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Our legitimate interest arises from processing your request, which is not conflicted by any overriding interests on your part, since you contact us voluntarily for this purpose.

If the contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) sentence 1 lit. b GDPR.

We automatically delete the data when storage is no longer required, in particular when processing of your request has been completed. The further use of data that has been stored by us for other purposes and which we are entitled to process on the basis of another legal basis (e.g. in relation to data required for contract processing) remains unaffected. If there are statutory retention periods, we limit processing to the extent necessary to fulfil them. Irrespective of this, you are entitled to your rights as the data subject. For more information, please refer to our information on the rights of the data subject under Section IV of the data protection declaration.

4. Data processing for orders in our webshop

a) If you would like to order from our webshop, it is necessary for the conclusion of the contract that you provide us with certain personal data (e.g. first name, last name, billing address and email address) that we need to process your order. Mandatory information required to process the contracts is marked separately, other information (e.g. if necessary, providing a different delivery address or a telephone number) is voluntary. We also use this voluntarily provided data to process your order, for example for queries regarding your order or to send it to a different delivery address.

The legal basis for the processing is Art. 6 Paragraph 1 Clause 1 Letter b of GDPR. If you do not provide us with mandatory information, this may result in the contract not being able to be concluded.

b) We are entitled to pass on your data to the extent that this is necessary to process your order. For example, we pass on your personal data to the shipping company commissioned by us to deliver the goods. The shipping company uses your personal data exclusively to process the order.

The purpose of transmitting the data is to process the contract. The legal basis for the transfer of your data is Art. 6 Paragraph 1 Clause 1 Letter b of GDPR.

c) Depending on the payment method you have selected, your data will be transmitted to the relevant payment service provider. The payment service provider is responsible for your data processed by the payment service provider. The personal data exchanged between us and the payment service provider may be transmitted to credit agencies. The payment service provider may pass on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil the contractual obligations or if the data is to be processed on behalf of the payment service provider.

If you would like to pay with PayPal, we will redirect you to a PayPal page so that you can process the payment there. PayPal is an online payment service. The provider is PayPal (Europe) S.à rl et Cie, 22-24 Boulevard Royal, L-2449 Luxembourg, email: impressum@paypal.com SCA

To process the payment, data that you sent to us during the ordering process is automatically transmitted to the payment service provider. This is usually your email address, transaction number and invoice amount. All other data required for payment is collected directly via PayPal and is not made available to us.

PayPal is responsible for your data processed by PayPal. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reporting agencies. PayPal may pass on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data is to be processed on behalf of PayPal.

For more information about data processing by PayPal, please see PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-prev .

If you select "Sofort" as a payment option during the ordering process in our online shop, we will forward you to the payment service of Sofort GmbH, which is part of the Klarna Group, through which the payment is made. In order to process the payment, data that you sent to us as part of the ordering process is automatically transmitted to the payment service provider. The provider is Sofort GmbH, Theresienhöhe 12 in 80339 Munich. When you use SOFORT Überweisung, you directly instruct SOFORT GmbH to set up the transfer in your online banking portal. SOFORT GmbH is therefore responsible for the collection and processing of personal data that occurs in the process. The data protection declaration of Sofort GmbH is displayed to you when you carry out the Sofort Überweisung and can be accessed via the demo payment form on the website https://www.klarna.com/sofort/ . You can currently find the data protection declaration under the following link:

https://www.sofort.com/payment/wizard/getCmsContent/data_protection/DE/0/de

If you select "credit card" as a payment option during the ordering process in our online shop, we will redirect you to the payment service of the payment provider STRIPE, through which the payment will be made. In order to process the payment, data that you sent to us during the ordering process will be automatically transmitted to the payment service provider.

The provider is Stripe, Inc. 510 Townsend Street San Francisco, CA 94103, USA. STRIPE is responsible for the collection and processing of personal data. STRIPE's privacy policy will be displayed to you when you make a payment and can be accessed at any time on the Stripe, Inc. website. You can currently find the privacy policy at the following link: https://stripe.com/de/privacy

If you select “Giropay” as your payment option, payment will be made via the payment service provider GiroSolution. To process the payment, data that you sent to us during the ordering process will be automatically transmitted to the payment service provider.

The provider is GiroSolution GmbH, Hauptstraße 27, 88699 Frickingen, telephone: +49 7554 97090-00, fax: +49 7554 97090-09 , https://www.girosolution.de/ ; email: info(at)girosolution.de. The payment service provider itself is responsible for the collection and processing of personal data. You can find GiroSolution's privacy policy on the payment service provider's website at https://www.girosolution.de/

The purpose of transmitting the data is to process the payment, which will be carried out via the payment provider at your request. The legal basis for the transfer of your data is Art. 6 Paragraph 1 Clause 1 Letters b and f of GDPR.

d) Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, after two years we restrict processing, i.e. your data will only be used to comply with legal obligations.

e) The ordering process is encrypted using TLS technology to ensure the security of your data.

5. Data processing when registering a customer account

You can voluntarily create a customer account. When you register, the registration data entered in the registration form is sent to us and saved. In addition, other data is saved in your customer account, e.g. orders made after logging into your customer account, billing and delivery addresses. With this function, we want to make future ordering processes easier for you, for example, by allowing you to access your already saved data when making subsequent purchases by logging into your customer account and not having to enter your data again. You also have the option of viewing previous orders, among other things.

As part of the registration process, your consent will be obtained with reference to this data protection declaration that you agree to the registration of a customer account. The legal basis for the processing is Art. 6 Paragraph 1 Clause 1 Letter a of GDPR based on your voluntarily given consent. You can revoke this consent at any time with effect for the future. For example, an email to service@himalayashop.de is sufficient. For more information, please refer to our information on the rights of the data subject under Section IV. 1 and on the exercise of this right under Section IV. 8 of this data protection declaration.

We delete the data in the customer account or the customer account if you revoke your consent or otherwise request that we delete it. However, the deletion does not include data that we have stored for other purposes (e.g. data based on orders placed that we need to process the contract).

6. Data processing for the purpose of sending newsletters

If you have subscribed to our newsletter, we will use the data you enter in the input mask exclusively to send you our newsletter with current information about products, services and marketing campaigns, trade fairs and other news. To receive the newsletter, it is sufficient to provide an email address; you can provide your name voluntarily. If you provide us with your name, we will only use it to address you personally. The data will not be passed on to third parties.

We use the so-called double opt-in procedure to register for our newsletter. This means that after you register, we will send you an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. The data processing is based on your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR.

You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. For more information, please see our information on the rights of the data subject under Section IV. 1 and on exercising this right under Section IV. 8 of this data protection declaration. You can revoke your consent by clicking on the link provided in each newsletter email, by email to service@himalayashop.de or by sending a message to the contact details provided in the imprint.

When you register for the newsletter, the following data is also collected:

-the IP address of the computer system used at the time of registration and

-Date and time of registration and confirmation.

The collection of this data is necessary in order to be able to prove your registration and to be able to check for any misuse of your email address at a later date. The collection of this data therefore serves our legal protection. The legal basis is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. We would like to point out that if data is processed on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, you have the right to object to the processing in accordance with Art. 21 of GDPR. You can find more information on this under Section IV. 10 of this data protection declaration. Since the storage is necessary for our legal protection, you must unsubscribe from the newsletter.

Your data will be stored as long as you subscribe to the newsletter. After unsubscribing, the data will be deleted. The further use of data that has been stored by us for other purposes and which we are legally entitled to process on the basis of another legal basis (e.g. in relation to data required for contract processing) remains unaffected.

IV. Rights of the data subject

As a data subject, you have the following rights:

1. Right to withdraw consent

If you have given your consent to the processing of your data, you have the right to revoke your consent at any time in accordance with Art. 7 Para. 3 GDPR. This means that we may no longer continue data processing in the future to the extent that we were permitted to do so based on your consent. The legality of the processing carried out up to the time of revocation remains unaffected, i.e. the processing carried out in the past based on the consent remains lawful.

2. Right to confirmation and information

You have the right, in accordance with Art. 15 GDPR, to request confirmation from us as to whether personal data concerning you is being processed. Furthermore, you have the right to receive information about your personal data processed by us free of charge. In particular, you can request information about

-the purposes of processing,

- the category of personal data,

- the categories of recipients to whom your data have been or will be disclosed,

- the planned storage period,

- the existence of a right to rectification, erasure, restriction of processing or a right to object,

- the existence of a right of appeal,

- all available information about the origin of your data, if it was not collected from us,

- as well as the existence of automated decision-making, including profiling, and, where appropriate, meaningful information about its details.

3. Right to rectification

You have the right to request the immediate correction of inaccurate or incomplete personal data stored by us in accordance with Art. 16 GDPR.

4. Right to erasure

You have the right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR if one of the following reasons applies:

-The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

-You withdraw your consent on which the processing is based and there is no other legal ground for the processing.

-You object to the processing based on Art. 6 Paragraph 1 Clause 1 Letter b or f of GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing of data for direct marketing purposes.

-The personal data were processed unlawfully.

-The erasure of personal data is necessary to fulfill a legal obligation under Union or Member State law to which we are subject.

-The personal data were collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

This does not apply if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

5. Right to restriction of processing

You have the right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if

- you dispute the accuracy of the data for a period that enables us to verify the accuracy of your data,

-the processing is unlawful, but you oppose its erasure and request the restriction of processing instead,

-we no longer need the data, but you require it to assert, exercise or defend legal claims or

-You have objected to the processing pursuant to Art. 21 GDPR, as long as it has not been determined whether our legitimate reasons outweigh yours.

In this case, your data may only be processed, apart from storage, with your consent or for specific legally defined purposes, in particular for legal proceedings and to protect the rights of others. We will notify you before the restriction is lifted.

6. Right to data portability

According to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another responsible party.

7. Right to object to processing

Under certain circumstances, you also have the right to object to the processing of your personal data in accordance with Art. 21 GDPR. Please read our separate instructions under section 10: Separate information about your right of objection in accordance with Art. 21 GDPR.

8. Information on exercising the rights under sections 1 - 7

If you would like to exercise your aforementioned rights, you can contact us at any time via service@himalayashop.de or via the contact details provided in the imprint and in this privacy policy.

9. Right to lodge a complaint with a supervisory authority

Furthermore, according to Art. 77 GDPR, you have the right to complain to a supervisory authority. For example, you can contact the supervisory authority of your usual place of residence or work or our headquarters. You can find a list of supervisory authorities here:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

10. Separate information about your right of objection according to Article 21 GDPR

In the following, we would like to draw your particular attention to your right of objection in accordance with Art. 21 GDPR:

Right to object

a) Case-specific right of objection according to Art. 21 para. 1 GDPR

The prerequisite for this right of objection is that data processing is carried out on the basis of the provisions of Art. 6 Paragraph 1 Clause 1 Letter e or f of GDPR.

Art. 6 paragraph 1 sentence 1 letter e regulates the case where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. This primarily applies to bodies exercising sovereign power such as the federal government, the states and their authorities or entrusted private individuals.

Art. 6 (1) sentence 1 lit. f GDPR permits processing if it is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail.

If data processing is carried out on one of these grounds, you have the right to object at any time to the processing of personal data concerning you for reasons related to your particular situation. This also applies to profiling based on these provisions.

Consequences of the objection: After an objection, we will no longer process the data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

b) Right to object to the processing of data for direct marketing purposes

The prerequisite for this right of objection is that your data is processed for direct marketing purposes.

In this case, you have the right to object at any time to data processing for the purpose of such advertising. This also applies to profiling if it is related to direct advertising.

The consequence of the objection is that the data will no longer be processed for these purposes.

c) Exercise of the right to object

If you would like to exercise your right of objection in accordance with a) or b), you can contact us at any time via service@himalayashop.de or via the contact details provided in the imprint and in this privacy policy.

V. Period of validity

In order to ensure that our data protection information always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies if the data protection information has to be adjusted due to new or revised offers or services. You can access and print out the current data protection declaration at any time on the website at https://himalayashop.de/pages/datenschutz .

Your cart

Your cart is empty

data protection

Availability

Your cart

Your cart is empty

10 € Gutschein