Privacy policy

 

Privacy Policy

 


Data protection is of particularly high importance to L’Charmé (Owner: Mirela Cajsa) (hereinafter: Provider). Use of the Provider’s website is generally possible without providing any personal data. However, if a data subject wishes to use special services offered via our website, processing of personal data may become necessary. Where such processing is necessary and there is no statutory basis for it, we generally obtain the consent of the data subject.


The processing of personal data, such as the name, address, email address or telephone number of a data subject, shall always be in line with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the Provider. By means of this privacy policy, our company would like to inform the public about the nature, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed of the rights to which they are entitled.


As the controller, the Provider has implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed through this website. Nevertheless, internet-based data transmissions may generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.


 

Definitions

 


The Provider’s privacy policy is based on the terms used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.


In this privacy policy, we use, among others, the following terms:


 

Personal Data

 


Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


 

Data Subject

 


A data subject is any identified or identifiable natural person whose personal data is processed by the controller.


 

Processing

 


Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


 

Restriction of Processing

 


Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.


 

Profiling

 


Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of that natural person.


 

Pseudonymization

 


Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.


 

Controller or Controller Responsible for Processing

 


Controller means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.


 

Processor

 


Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


 

Recipient

 


Recipient means a natural or legal person, public authority, agency or another body, to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry under Union or Member State law shall not be regarded as recipients.


 

Third Party

 


Third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.


 

Consent

 


Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


 

Name and Address of the Controller

 


Controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions related to data protection is:


L’Charmé (Owner: Mirela Cajsa)

Vilniusstr. 31

80992 Munich

Germany

Email: info@lcharme.de

Website: www.lcharme.de


 

Name and Address of the Data Protection Officer

 


 

Cookies

 


The Provider’s website uses cookies. Cookies are text files which are stored on a computer system via an internet browser.


Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified using the unique cookie ID.


Through the use of cookies, the Provider can provide users of this website with more user-friendly services that would not be possible without the cookie setting.


By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies enable us, as already mentioned, to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to enter access data again each time the website is accessed, because this is taken over by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online shop remembers the articles a customer has placed in the virtual shopping cart via a cookie.


The data subject may, at any time, prevent the setting of cookies by our website by means of a corresponding setting of the internet browser used, and may thus permanently object to the setting of cookies. Furthermore, cookies already set may be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.


 

Collection of General Data and Information

 


The Provider’s website collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following may be collected:

(1) browser types and versions used,

(2) the operating system used by the accessing system,

(3) the website from which an accessing system reaches our website (so-called referrers),

(4) the sub-websites which are accessed on our website via an accessing system,

(5) the date and time of access to the website,

(6) an internet protocol address (IP address),

(7) the internet service provider of the accessing system, and

(8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.


When using this general data and information, the Provider does not draw any conclusions about the data subject. Rather, this information is needed to

(1) correctly deliver the content of our website,

(2) optimize the content of our website as well as advertising for it,

(3) ensure the long-term functionality of our information technology systems and the technology of our website, and

(4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.


Therefore, this anonymously collected data and information is evaluated statistically and also with the aim of increasing data protection and data security in our company, in order ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.


 

Registration on Our Website

 


The data subject has the possibility to register on the controller’s website by providing personal data. Which personal data are transmitted to the controller results from the respective input mask used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the transfer to one or more processors, for example a parcel service provider, who also uses the personal data exclusively for an internal use attributable to the controller.


By registering on the website of the controller, the IP address assigned by the internet service provider (ISP) of the data subject, the date and time of registration are also stored. The storage of this data takes place against the background that this is the only way to prevent misuse of our services, and, if necessary, this data makes it possible to investigate committed offences. In this respect, the storage of this data is necessary to safeguard the controller. As a matter of principle, this data is not passed on to third parties, unless there is a legal obligation to pass it on or the transfer serves criminal prosecution.


The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer the data subject content or services that, by their nature, can only be offered to registered users. Registered persons are free to change the personal data specified during registration at any time or to have them completely deleted from the controller’s database.


The controller shall, at any time, provide information upon request to each data subject as to what personal data are stored about the data subject. Furthermore, the controller shall correct or erase personal data at the request or indication of the data subject, insofar as there are no legal storage obligations to the contrary. The entirety of the employees of the controller are available to the data subject in this context as contact persons.


 

Subscription to Our Newsletter

 


On the Provider’s website, users are given the opportunity to subscribe to our company’s newsletter. Which personal data are transmitted to the controller when ordering the newsletter is determined by the input mask used for this purpose.


The Provider informs its customers and business partners regularly by means of a newsletter about the company’s offers. The company’s newsletter may generally only be received by the data subject if

(1) the data subject has a valid email address, and

(2) the data subject registers for the newsletter mailing.

For legal reasons, a confirmation email is sent to the email address entered by a data subject for the first time for newsletter mailing in the double opt-in procedure. This confirmation email serves to verify whether the owner of the email address, as the data subject, has authorized receipt of the newsletter.


When registering for the newsletter, we also store the IP address assigned by the internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to understand the possible misuse of a data subject’s email address at a later date and therefore serves the legal protection of the controller.


The personal data collected as part of the registration for the newsletter will be used exclusively for sending our newsletter. Furthermore, newsletter subscribers may be informed by email if this is necessary for the operation of the newsletter service or related registration, as may be the case in the event of changes to the newsletter offer or changes in the technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data that the data subject has given us for sending the newsletter may be revoked at any time. For the purpose of revoking consent, a corresponding link is found in every newsletter. Furthermore, it is possible to unsubscribe from the newsletter at any time directly on the website of the controller or to inform the controller of this in another way.


 

Newsletter Tracking

 


The Provider’s newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the Provider may determine whether and when an email was opened by a data subject and which links contained in the email were accessed by the data subject.


Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the controller in order to optimize the newsletter dispatch and adapt the content of future newsletters even better to the interests of the data subject. This personal data is not passed on to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given via the double opt-in procedure. After revocation, this personal data will be deleted by the controller. The Provider automatically regards unsubscribing from the newsletter as revocation.


 

Contact Possibility via the Website

 


The Provider’s website contains information required by law that enables a quick electronic contact to our company and direct communication with us, which also includes a general address of the so-called electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.


 

Comment Function in the Blog on the Website

 


The Provider offers users, on a blog located on the website of the controller, the possibility to leave individual comments on individual blog contributions. A blog is a portal maintained on a website, usually publicly visible, in which one or more persons, called bloggers or web-bloggers, can post articles or write thoughts in so-called blog posts. Blog posts can usually be commented on by third parties.


If a data subject leaves a comment in the blog published on this website, the comments left by the data subject and information on the time of the comment entry and on the username (pseudonym) chosen by the data subject are stored and published. In addition, the IP address assigned by the internet service provider (ISP) of the data subject is also logged. This storage of the IP address takes place for security reasons and in case the data subject violates the rights of third parties or posts unlawful content through a submitted comment. The storage of this personal data is therefore in the controller’s own interest so that it could exculpate itself in the event of an infringement. This collected personal data will not be passed on to third parties unless such transfer is required by law or serves the legal defense of the controller.


 

Data Protection in Applications and in the Application Process

 


The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. The processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to the controller electronically, for example by email or via a web form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the legal provisions. If no employment contract is concluded with the applicant by the controller, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller oppose deletion. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).


 

Routine Erasure and Blocking of Personal Data

 


The controller shall process and store the personal data of the data subject only for the period necessary to achieve the storage purpose or insofar as this is provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.


If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.


 

Rights of the Data Subject

 


 

Right to Confirmation

 


Every data subject has the right granted by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed.


 

Right of Access

 


Every data subject affected by the processing of personal data has the right granted by the European legislator to obtain at any time from the controller free information about the personal data stored concerning him or her and a copy of this information. Furthermore, the data subject shall have access to the following information:

 

  • the purposes of the processing

  • the categories of personal data concerned

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed

  • where possible, the envisaged period for which the personal data will be stored

  • the existence of the right to request rectification or erasure of personal data or restriction of processing

  • the existence of the right to lodge a complaint with a supervisory authority

  • where the personal data are not collected from the data subject: any available information as to their source

  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR

 


 

Right to Rectification

 


Every data subject has the right to obtain without undue delay the rectification of inaccurate personal data concerning him or her and the completion of incomplete personal data.


 

Right to Erasure (Right to be Forgotten)

 


Every data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds laid down in the GDPR applies and insofar as processing is not necessary.


 

Right to Restriction of Processing

 


Every data subject has the right to obtain restriction of processing where one of the conditions laid down in the GDPR applies.


 

Right to Data Portability

 


Every data subject has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and to transmit those data to another controller.


 

Right to Object

 


Every data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her based on Article 6(1)(e) or (f) GDPR.


 

Automated Individual Decision-Making, Including Profiling

 


Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.


 

Right to Withdraw Data Protection Consent

 


Every data subject has the right to withdraw consent to processing of personal data at any time.


 

Special Data Protection Provisions

 


 

Data Protection Provisions on the Application and Use of ActiveCampaign

 


The controller has integrated components of ActiveCampaign on this website. ActiveCampaign, LLC is a marketing platform that enables users to reach customers and understand how they interact with communications and other content. This is intended to tailor marketing based on customer interests.


Operating company: ActiveCampaign LLC, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602.


Information is collected that you provide directly, for example when you create an account, fill in a form, make a purchase, participate in a promotion, communicate via social media, request support or otherwise interact. Types of information collected may include:

(1) identifiers such as full name, phone number, email address, postal address, online ID, IP address

(2) commercial information such as records of products or services purchased or considered

(3) professional or employment-related information such as company name and business contact details

(4) any other information you choose to provide


Log information, transaction information, device information and information collected through cookies and other tracking technologies are also collected. ActiveCampaign uses cookies.


ActiveCampaign engages third parties and individuals to assist in operating and providing services. These third parties only have limited access to your information and may use it only on behalf of ActiveCampaign.


To provide the subscribed or requested services, information about you may be transferred to ActiveCampaign locations in the USA, Australia and Ireland as well as to countries in which service providers are located.


You have the right to withdraw your consent to the processing of your personal data where processing is based on consent.


Further information: www.activecampaign.com/legal/privacy-policy


 

Data Protection Provisions on the Application and Use of Digistore24

 


The controller has integrated components of Digistore24 on this website. Digistore24 is an online sales platform.


Operating company: Digistore24 GmbH, St.-Godehard-Str. 32, 31139 Hildesheim.


Digistore24 automatically collects data when the user’s website is accessed, including browser type, operating system, ISP, IP address, date and time of access and websites from which the user reached our website. Temporary storage of the IP address is necessary to deliver the website.


Digistore24 uses cookies. Some cookies are stored until the end of the session; others may be stored for up to 185 days for affiliate tracking, screen size, permissions, preventing duplicate orders, language settings, “stay logged in” function and products placed in a shopping cart.


Further information: www.digistore24.com


 

Data Protection Provisions on the Application and Use of Facebook

 


The controller has integrated Facebook components on this website. Facebook is a social network.


Operating company: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For users outside the USA and Canada: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.


Whenever a page of this website containing a Facebook component is accessed, the browser automatically downloads the corresponding Facebook component. Facebook thereby receives information about which subpage is visited. If the data subject is logged into Facebook at the same time, Facebook can associate this information with the user’s Facebook account.


Further information: de-de.facebook.com/about/privacy/


 

Data Protection Provisions on the Application and Use of Facebook Pixel

 


The controller has integrated Facebook Pixel on this website. Facebook Pixel is a JavaScript code snippet enabling Facebook to track user actions if they came to the user’s website through Facebook ads.


Operating company: Meta Platforms, Inc. / Meta Platforms Ireland Limited.


Facebook Pixel helps tailor advertising measures more closely to user interests and is also used for analysis purposes and Facebook’s own advertising.


Further information: de-de.facebook.com/business/gdpr


 

Data Protection Provisions on the Application and Use of Google Drive

 


The controller has integrated Google Drive on this website. Google Drive is an online file hosting service that allows storage, sharing and editing of documents in the cloud.


Operating company: Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.


Cookies may store personal information such as access time, place from which access originated and frequency of visits. This data, including the IP address, may be transmitted to Google in the USA.


Further information:

https://www.google.com/intl/de/drive/

www.google.de/intl/de/policies/privacy/


 

Data Protection Provisions on the Application and Use of Google reCAPTCHA

 


The controller has integrated Google reCAPTCHA on this website. This service attempts to distinguish whether an action on the internet is made by a human or by a bot.


Operating company: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.


The service serves to prevent misuse and spam and may involve the transfer of the IP address and other data to Google.


Further information: www.google.com/intl/de/policies/privacy/


 

Data Protection Provisions on the Application and Use of Klarna as a Payment Method

 


The controller has integrated Klarna on this website. Klarna is an online payment service provider.


Operating company: Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.


If the data subject selects “purchase on account” or “installment purchase,” personal data required for payment processing, identity verification and credit assessment may be transmitted to Klarna.


Further information: cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf


 

Data Protection Provisions on the Application and Use of Microsoft 365

 


The controller has integrated Microsoft 365 components on this website.


Operating company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.


Microsoft 365 includes productivity and collaboration tools such as Teams, Outlook, Word, Excel, PowerPoint, OneNote, SharePoint and OneDrive. These tools collect and use data to provide services tailored to individuals and organizations.


Further information: https://privacy.microsoft.com/de-de/privacystatement


 

Data Protection Provisions on the Application and Use of PayPal as a Payment Method

 


The controller has integrated PayPal on this website. PayPal is an online payment service provider.


European operating company: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.


If “PayPal” is selected during the ordering process, personal data required for payment processing may be transmitted to PayPal.


Further information: www.paypal.com/de/webapps/mpp/ua/privacy-full


 

Data Protection Provisions on the Application and Use of Skrill as a Payment Method

 


The controller has integrated Skrill on this website. Skrill is an online payment service provider.


Operating company: Skrill Limited, Floor 27, 25 Canada Square, London, E14 5LQ, United Kingdom.


If “Skrill” is selected, personal data necessary for payment processing may be transmitted to Skrill.


Further information: www.skrill.com/de/fusszeile/datenschutzbestimmungen/


 

Data Protection Provisions on the Application and Use of Sofortüberweisung as a Payment Method

 


The controller has integrated Sofortüberweisung on this website.


Operating company: SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.


If “Sofortüberweisung” is selected, personal data necessary for payment processing may be transmitted to Sofortüberweisung.


Further information: www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/


 

Data Protection Provisions on the Application and Use of TikTok

 


The controller has integrated TikTok components on this website. TikTok is a social network.


For users permanently resident in Germany and Austria, TikTok is provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.


Whenever a page containing a TikTok component is accessed, TikTok may receive information about which specific subpage was visited. If the data subject is logged into TikTok at the same time, TikTok can associate this information with the user’s account.


Further information: www.tiktok.com/legal/page/eea/privacy-policy/de-DE


 

Data Protection Provisions on the Application and Use of TradeTracker

 


The controller has integrated components of TradeTracker on this website. TradeTracker is an affiliate network.


Operating company: TradeTracker Deutschland GmbH, Eiffestraße 426, 20537 Hamburg, Germany.


TradeTracker sets a cookie that stores no personal data, but rather the affiliate identification number, the visitor order number and the clicked advertising material.


Further information: tradetracker.com/de/privacy-policy/


 

Data Protection Provisions on the Application and Use of YouTube

 


The controller has integrated YouTube components on this website.


Operating company: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google Inc.


Whenever a page containing a YouTube video is accessed, YouTube and Google may receive information about which specific subpage was visited. If the data subject is logged into YouTube at the same time, the information can be associated with the user’s YouTube account.


Further information: www.google.de/intl/de/policies/privacy/


 

Legal Basis for Processing

 


Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If processing of personal data is necessary for the performance of a contract, the processing is based on Article 6(1)(b) GDPR. This also applies to processing operations necessary to carry out pre-contractual measures. If our company is subject to a legal obligation requiring the processing of personal data, such processing is based on Article 6(1)(c) GDPR. In rare cases, processing may be necessary to protect the vital interests of the data subject or another natural person, in which case Article 6(1)(d) GDPR applies. Finally, processing operations may be based on Article 6(1)(f) GDPR, where processing is necessary for the purposes of legitimate interests pursued by our company or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.


 

Legitimate Interests Pursued by the Controller or a Third Party

 


Where processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and shareholders.


 

Period for Which the Personal Data Will Be Stored

 


The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided it is no longer required for the fulfillment or initiation of a contract.


 

Legal or Contractual Requirements to Provide Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Failure to Provide Such Data

 


We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for the conclusion of a contract that a data subject provides us with personal data that must subsequently be processed by us. Failure to provide personal data would mean that the contract with the data subject could not be concluded.


 

Existence of Automated Decision-Making

 


As a responsible company, we do not use automatic decision-making or profiling.

 

Please note: This English version is provided for convenience only. The original and legally binding version is the German version.