1) Introduction and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data is any data by which you can be personally identified.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Singh/Muric GbR, Sanddornweg 33, 24568 Kaltenkirchen, Deutschland, email: support@mia-xoxo.com. The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
When you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- The website you visited on our site
- Date and time of access
- Amount of data sent in bytes
- Source/referrer from which you reached the page
- Browser used
- Operating system used
- IP address used (where applicable in anonymised form)
Processing takes place in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not shared or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of unlawful use.
3) Hosting & content delivery network
Shopify
For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc.
All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider that ensures the protection of our visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission. For the transfer of data to the USA, the provider relies on the European Commission’s standard contractual clauses, which are intended to ensure compliance with the European level of data protection.
4) Cookies and consent management
To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted again after you close your browser (so-called “session cookies”), while others remain on your device for longer and enable page settings to be saved (so-called “persistent cookies”).
Insofar as personal data is also processed by individual cookies we use, processing takes place in accordance with Art. 6 (1) (b) GDPR either to perform the contract, in accordance with Art. 6 (1) (a) GDPR in the case of consent given, or in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
We only use cookies and comparable technologies that are not technically necessary — in particular for marketing and analytics purposes (see section 9) — if you have given us your express consent via our cookie consent tool in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future via the settings of the consent tool.
You can also set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or generally exclude the acceptance of cookies. Please note that if you do not accept cookies, the functionality of our website may be limited.
5) Contacting us
When you contact us (e.g. via the contact form or email), personal data is processed exclusively for the purpose of handling and responding to your request and only to the extent necessary for this. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided there are no statutory retention obligations to the contrary.
6) Data processing when opening a customer account
In accordance with Art. 6 (1) (b) GDPR, personal data continues to be collected and processed to the extent required if you provide it to us when opening a customer account. You can find out which data is required to open an account from the input form on our website.
Your customer account can be deleted at any time and this can be done by sending a message to the controller’s address above. After your customer account has been deleted, your data will be deleted, provided that all contracts concluded through it have been fully processed, no statutory retention periods apply and we no longer have a legitimate interest in continued storage.
7) Use of customer data for direct marketing
Signing up for our email newsletter
When you sign up for our email newsletter, we regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and is used to be able to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters once you have expressly confirmed your consent to receiving the newsletter by activating a verification link sent to the email address provided.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 (1) (a) GDPR. We store the IP address assigned by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later point in time.
For sending our newsletter, we work with an external service provider as a processor, to whom your registration data is passed on for the purpose of sending: [please add newsletter provider, e.g. Klaviyo Inc., 125 Summer St, Boston, MA 02110, USA]. We have concluded a data processing agreement with the provider. For any transfer of data to the USA, the provider relies on the European Commission’s standard contractual clauses.
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller named above. After unsubscribing, your email address will be deleted immediately from our newsletter distribution list, unless you have expressly consented to further use of your data.
8) Data processing for order fulfilment
8.1 Insofar as necessary for processing the contract for delivery and payment purposes, the personal data we collect is passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) (b) GDPR.
8.2 To fulfil our contractual obligations towards our customers, we work with external shipping partners. We pass on your name, your delivery address and, where required for delivery, your phone number exclusively for the purposes of delivering the goods in accordance with Art. 6 (1) (b) GDPR to a shipping partner selected by us.
8.3 Use of payment service providers
8.4 Shopify Payments
One or more online payment methods of the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. If you select a payment method of the provider, your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order is passed on to them in accordance with Art. 6 (1) (b) GDPR. Your data is passed on exclusively for the purpose of payment processing and only insofar as it is necessary for this. Card payments (Visa, Mastercard, American Express), among others, are processed via Shopify Payments.
8.5 Apple Pay
If you choose the “Apple Pay” payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the “Apple Pay” function of your device running iOS, watchOS or macOS by charging a payment card stored in “Apple Pay”. For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is passed on to Apple in encrypted form. Insofar as personal data is processed, processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR. Further information: support.apple.com/de-de/HT203027
8.6 Google Pay
If you choose the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment is processed via the “Google Pay” application of your mobile device by charging a payment card stored in Google Pay. For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is passed on to Google. Insofar as personal data is processed, processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.
8.7 Klarna
One or more online payment methods of the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden. If you select a payment method in which the provider makes advance performance (such as purchase on invoice or instalments), you will be asked during the ordering process to provide certain personal data. In order to safeguard our legitimate interest in determining the solvency of our customers, this data is forwarded to the provider for the purpose of a credit check in accordance with Art. 6 (1) (f) GDPR. The credit report may contain probability values (score values). You can object to this processing at any time by sending a message to us or to the provider.
8.8 PayPal
One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you select a payment method of the provider, your payment data and information about the content of your order is passed on in accordance with Art. 6 (1) (b) GDPR. For payment methods in which PayPal makes advance performance, a credit check may be carried out to safeguard our legitimate interest in accordance with Art. 6 (1) (f) GDPR. You can object to this processing at any time.
9) Online marketing
The marketing and tracking services described below use cookies or comparable technologies and are activated exclusively on the basis of your express consent in accordance with Art. 6 (1) (a) GDPR via our cookie consent tool. You can withdraw your consent at any time with effect for the future via the settings of the consent tool.
Meta-Pixel (Facebook & Instagram)
Within our online offering, we use the “Meta Pixel” service of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”). The Meta Pixel can be used to track whether users were redirected to our website after clicking on an ad on Facebook or Instagram and what actions they take there (so-called “conversion tracking”). The service also enables the creation of target groups for ad placement (so-called “custom audiences”). The information generated by Meta may be transferred to servers of Meta Platforms Inc. in the USA; for this, the provider relies on the European Commission’s standard contractual clauses. We have concluded a joint controllership agreement with the provider.
TikTok-Pixel
Within our online offering, we use the “TikTok Pixel” service of the following provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (and, where applicable, TikTok Information Technologies UK Limited). The TikTok Pixel allows us to track the behaviour of users after they have been redirected to our website by clicking on a TikTok ad (conversion tracking) and to create target groups for ad placement. This may involve a transfer of data to third countries (including outside the EU); for this, the provider relies on the European Commission’s standard contractual clauses.
Google Ads (Conversion-Tracking & Remarketing)
Within our online offering, we use the “Google Ads” service including conversion tracking and remarketing of the following provider: Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin 4, Ireland (“Google”). We use Google Ads to draw attention to our offers on external websites by means of advertising material (so-called Google Ads) and to evaluate which advertising measures lead to a conversion (e.g. a purchase). For this, Google sets a cookie as soon as you reach our website via a Google ad. The information may be transferred to Google servers in the USA; for this, the provider relies on the European Commission’s standard contractual clauses.
10) Rights of the data subject
10.1 Applicable data protection law grants you the following data subject rights vis-à-vis the controller with regard to the processing of your personal data:
- Right of access pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to be informed pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent given pursuant to Art. 7 (3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
10.2 Right to object
If we process your personal data on the basis of our overriding legitimate interest as part of a balancing of interests, you have the right to object to this processing at any time with effect for the future on grounds relating to your particular situation. If you exercise your right to object, we will stop processing the data concerned. Further processing remains reserved if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.
If we process your personal data to carry out direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.
11) Duration of storage of personal data
The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and — where applicable — additionally by the respective statutory retention period (e.g. commercial and tax retention periods).
When processing personal data on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data concerned is stored until you withdraw your consent. If statutory retention periods exist for data processed in the context of legal obligations on the basis of Art. 6 (1) (b) GDPR, this data is routinely deleted after the retention periods have expired, provided it is no longer required for the performance or initiation of the contract and/or we no longer have a legitimate interest in continued storage.
Unless otherwise stated in the other information in this declaration, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.