Privacy policy

Privacy Policy

We are very pleased about your interest in our company. The protection of your personal data is important to us. We collect and use your personal data exclusively in accordance with and within the scope of the data protection laws applicable in Germany, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other applicable data protection provisions.

Below, we inform you about the nature, scope and purposes of the collection and use of personal data when using our website. You may access this information at any time on our website.

Personal data means any information relating to an identified or identifiable natural person (data subject), such as name, address, email address or the user behaviour of a natural person.

I. Name and Contact Details of the Controller and Contact Details of the Data Protection Officer

  1. The controller within the meaning of data protection laws (Art. 4 para. 7 GDPR) is:

Himalaya Textilhandels GmbH
Röthbargweg 2b
22145 Braak
Germany

Tel.: +49 40 524 77 5182
Email: sales@fristed.eu
Website: FRISTED.EU

We currently do not have a data protection officer. The requirements of Art. 37 para. 1 GDPR, under which a data protection officer must be appointed, are not met by our company.

II. General Principles

  1. Scope and Legal Bases of Processing

We process personal data only in accordance with the legal provisions. Personal data is processed in particular only if you have given your consent or if the processing is otherwise legally permitted.

Where we obtain the consent of the data subject for processing operations involving personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.

Where processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.

Where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and the interests, fundamental rights and freedoms of the data subject do not override such interests, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.

The respective legal basis for the processing is stated in connection with the information on the individual data processing operations in this Privacy Policy or when you provide your personal data.

  1. Disclosure of Data

Within our company, only those departments and persons receive access to your data who need it to safeguard our legitimate interests, to fulfil our contractual or legal obligations, or to respond to your enquiries.

In some cases, we use external service providers to process your data on our behalf as processors, for example for central IT services or for hosting our website. Service providers acting as processors for us may use the data exclusively in accordance with our instructions. In this case, we are legally responsible for ensuring appropriate data protection precautions at the companies commissioned by us. These companies have been carefully selected by us, commissioned in writing in accordance with the legal requirements, are bound by our instructions and are regularly monitored.

Your personal data will only be transferred to third parties if this is legally permissible, in particular if:

  • you have expressly given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR;

  • the disclosure is necessary pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you;

  • there is a legal obligation to disclose the data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR;

  • the disclosure is necessary pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR to safeguard our legitimate interests, provided that your interests do not override them.

If we intend to disclose personal data to third parties, you will find more detailed information in the information on the individual data processing operations in this Privacy Policy or when you provide your personal data.

  1. Duration of Storage and Deletion of Data

We process and store personal data only for the period necessary to achieve the purpose of processing. If the purpose of processing no longer applies, the data will be deleted unless legal retention obligations prevent deletion. In the latter case, processing will be restricted in order to comply with the retention obligations.

Further details can be found in connection with the information on the individual data processing operations in this Privacy Policy or when you provide your personal data.

  1. Data Security

We use SSL or TLS encryption during visits to our website and to protect the transmission of content. You can recognise this by the closed key or lock symbol displayed in the lower status bar of your browser when an SSL connection is active.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

  1. Rights as a Data Subject

You have the following rights with regard to the personal data concerning you:

  • Right to withdraw consent

  • Right of access

  • Right to rectification or erasure

  • Right to restriction of processing

  • Right to object to processing

  • Right to data portability

  • Right to lodge a complaint with a supervisory authority

Further information on these rights can be found under Section IV of this Privacy Policy.

III. Information on Individual Data Processing Operations

In the following provisions, you will receive more detailed information on the individual data processing operations, for example which personal data is collected, for which purposes it is used, on what basis we are authorised to collect the data, how long it is stored and, where applicable, to whom it is transferred.

  1. Data Processing When Visiting the Website

When you access our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until automated deletion:

IP address of the requesting computer,
date and time of access,
name and URL of the file accessed,
website from which access was made (referrer URL),
browser used and, where applicable, the operating system of your computer, and
names of downloaded files.

We process the aforementioned data for the following purposes:

displaying the website, ensuring a smooth connection to the website, ensuring comfortable use of our website, evaluating system security and stability, and for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes of data collection listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

We would like to point out that, in the case of data processing based on Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing in accordance with Art. 21 GDPR. Further information can be found under Section IV.10 of this Privacy Policy.

In addition, we use cookies when you visit our website. More detailed explanations can be found in Section 2 of this Privacy Policy.

  1. Cookies

We use cookies on our website. Cookies are small files that your browser automatically creates and stores on your device, such as a laptop, tablet or smartphone, when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware.

Information is stored in the cookie that arises in connection with the specific device used. However, this does not mean that we thereby obtain direct knowledge of your identity.

On the one hand, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our website. The use of cookies serves, among other things, to make the use of our offering more pleasant and user-friendly for you. Some elements of our website require the accessing server to be identifiable even after a page change. For example, items in the shopping cart are stored via cookies so that the items remain in the cart when you access another page during the ordering process.

In addition, we use temporary cookies to optimise user-friendliness. These are stored on your device for a specific period, which may vary depending on the cookie. If you visit our website again in order to use our services, it is automatically recognised that you have already visited us and which entries and settings you have made, so that you do not have to enter them again. You may also delete cookies at any time in the security settings of your browser.

We use cookies to make your visit to our website more pleasant and easier. Data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in storing cookies for the technically error-free and optimised provision of our services.

Most browsers accept cookies automatically. However, you can configure your browser according to your preferences, for example so that no cookies are stored on your computer or so that a notice always appears before a new cookie is created. You may also delete cookies at any time in the security settings of your browser.

However, completely disabling cookies may mean that you cannot use all functions of our website.

Google Ads and Google Conversion Tracking

This website uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

As part of Google Ads, we use so-called conversion tracking. When you click on an advertisement placed by Google, a cookie for conversion tracking is set. Cookies are small text files that the internet browser stores on the user’s computer. These cookies expire after 30 days and are not used for the personal identification of users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the advertisement and was redirected to this page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked across the websites of Google Ads customers. The information obtained using the conversion cookie is used to compile conversion statistics for Google Ads customers who have opted for conversion tracking. Customers receive the total number of users who clicked on their advertisement and were redirected to a page equipped with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in tracking, you can object to this use by easily disabling the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.

The storage of “conversion cookies” and the use of this tracking tool are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. Where corresponding consent has been requested, for example consent to the storage of cookies, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent may be withdrawn at any time.

More information on Google Ads and Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be restricted.

  1. Data Processing When Contacting Us by Email

If you contact us via the email address provided, the data you provide will be stored by us and used only to process your enquiry and to contact you for the purpose of handling your enquiry.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from processing your enquiry, to which no overriding interests on your part are opposed, since you contact us voluntarily for this purpose.

We would like to point out that, in the case of data processing based on Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing in accordance with Art. 21 GDPR. Further information can be found under Section IV.10 of this Privacy Policy.

If the contact is aimed at concluding a contract, an additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

The data will be automatically deleted by us when storage is no longer required, in particular when the processing of your enquiry has been completed. Further use of data stored by us for other purposes and for which we are authorised to process on another legal basis, for example data required for contract processing, remains unaffected. If legal retention obligations exist, we restrict processing to the extent necessary to comply with them. Irrespective of this, your rights as a data subject remain unaffected. Please refer to our information on the rights of data subjects under Section IV of this Privacy Policy.

  1. Data Processing for Orders in Our Webshop

a) If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide us with certain personal data, such as first name, surname, billing address and email address, which we need to process your order. Mandatory information required for contract processing is marked separately; further information, such as a different delivery address or telephone number, may be voluntary. We also use this voluntarily provided data to process your order, for example for queries regarding your order or for delivery to a different delivery address.

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR. If you do not provide us with mandatory information, this may mean that the contract cannot be concluded.

b) Where necessary for processing your order, we are entitled to pass on your data. For example, we pass on your personal data to the shipping company commissioned by us for delivery. The shipping company uses your personal data exclusively to process the order.

The purpose of transmitting the data is contract processing. The legal basis for the disclosure of your data is Art. 6 para. 1 sentence 1 lit. b GDPR.

c) Depending on the payment method selected by you, your data will be transferred to the corresponding payment service provider. The payment service provider is responsible for your data processed by it. The personal data exchanged between us and the payment service provider may, under certain circumstances, be transmitted to credit agencies. The payment service provider may also disclose personal data to affiliated companies, service providers or subcontractors where this is necessary to fulfil contractual obligations or where the data is to be processed on behalf of the payment service provider.

If you wish to pay with PayPal, we will redirect you to a PayPal page so that you can process the payment there. PayPal is an online payment service. The provider is PayPal (Europe) S.à r.l. et Cie, 22-24 Boulevard Royal, L-2449 Luxembourg, email: impressum@paypal.com S.C.A.

For the purpose of processing the payment, data that you have provided to us during the ordering process is automatically transmitted to the payment service provider. This generally includes your email address, transaction number and invoice amount. All other data required for payment is collected directly by PayPal and is not made accessible to us.

PayPal is responsible for your data processed by PayPal. The personal data exchanged between PayPal and us may, under certain circumstances, be transmitted by PayPal to credit agencies. PayPal may also disclose personal data to affiliated companies, service providers or subcontractors where this is necessary to fulfil contractual obligations or where the data is to be processed on behalf of PayPal.

Further information on data processing by PayPal can be found in PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-prev.

The purpose of transmitting the data is payment processing, which is carried out via the payment provider at your request. The legal basis for the disclosure of your data is Art. 6 para. 1 sentence 1 lit. b and f GDPR.

If you select “credit card” as the payment method during the ordering process in our online shop, we will redirect you to the payment service of the payment provider Stripe, through which the payment is processed. For the purpose of processing the payment, data that you have provided to us during the ordering process is automatically transmitted to the payment service provider.

The provider is Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Stripe itself is responsible for the collection and processing of personal data carried out in this context. Stripe’s privacy policy will be displayed to you when the payment is carried out and is available at any time on the website of Stripe, Inc. The current privacy policy can be found at the following link: https://stripe.com/de/privacy.

We would like to point out that, in the case of data processing based on Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing in accordance with Art. 21 GDPR. Further information can be found under Section IV.10 of this Privacy Policy.

Klarna stores information about you as a customer in order to provide you with our services. However, you retain the right to request copies of the data we collect about you. You have the right to request a copy of your personal data. Klarna’s current privacy policy can be found at the following link: https://www.klarna.com/de/datenschutz/.

d) Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, after two years we restrict processing, meaning that your data is used only to comply with legal obligations.

e) The ordering process is encrypted using TLS technology to protect your data.

  1. Data Processing When Registering a Customer Account

You may voluntarily create a customer account. When you register, the registration data entered in the registration form is transmitted to us and stored. Further data is also stored in your customer account, for example orders placed after logging into the customer account, billing addresses and delivery addresses. This function is intended, for example, to make future order processes easier for you, as you can access your already stored data by logging into your customer account during later purchases and do not have to enter your data again. You also have the option, among other things, to view previous orders.

As part of the registration process, consent is obtained with reference to this Privacy Policy, confirming that you agree to the registration of a customer account. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a GDPR based on your voluntarily given consent. You may withdraw this consent at any time with effect for the future. For example, an email to sales@fristed.eu is sufficient. Further details can be found in our information on the rights of data subjects under Section IV.1 and on exercising this right under Section IV.8 of this Privacy Policy.

We delete the data in the customer account or the customer account itself if you withdraw your consent or otherwise request deletion. However, such deletion does not include data stored by us for other purposes, for example data relating to orders placed that we need for contract processing.

  1. Data Processing for the Purpose of Sending Newsletters

If you have subscribed to our newsletter, we use the data you enter in the input form exclusively to send you our newsletter with current information about products, services and marketing promotions, trade fairs and other news. To receive the newsletter, it is sufficient to provide an email address; you may voluntarily provide your name. If you provide us with your name, we will use it only to address you personally. The data will not be passed on to third parties.

For registration for our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we send an email to the email address provided asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. Data processing is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

You may withdraw your consent to receive the newsletter at any time and unsubscribe from the newsletter. Further details can be found in our information on the rights of data subjects under Section IV.1 and on exercising this right under Section IV.8 of this Privacy Policy. You may declare your withdrawal by clicking the link provided in every newsletter email, by email or by sending a message to the contact details stated in the legal notice.

When registering for the newsletter, the following data is also collected:

  • the IP address of the computer system used at the time of registration; and

  • the date and time of registration and confirmation.

The collection of this data is necessary in order to be able to verify your registration and to investigate any possible misuse of your email address at a later date. The collection of this data therefore serves our legal protection. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. We would like to point out that, in the case of data processing based on Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing in accordance with Art. 21 GDPR. Further information can be found under Section IV.10 of this Privacy Policy. Since storage is necessary for our legal protection, you must unsubscribe from the newsletter in order to object to this storage.

Your data will be stored for as long as you subscribe to the newsletter. After unsubscribing, the data will be deleted. Further use of data stored by us for other purposes and which we are legally authorised to process on another legal basis, for example data required for contract processing, remains unaffected.

IV. Rights of the Data Subject

As a data subject, you have the following rights:

  1. Right to Withdraw Consent

If you have given consent to the processing of your data, you have the right pursuant to Art. 7 para. 3 GDPR to withdraw your consent at any time vis-à-vis us. This means that we may no longer continue the data processing, to the extent that it was permitted on the basis of your consent, for the future. The lawfulness of the processing carried out until the withdrawal remains unaffected, meaning that processing carried out in the past on the basis of consent remains lawful.

  1. Right to Confirmation and Access

Pursuant to Art. 15 GDPR, you have the right to obtain confirmation from us as to whether personal data concerning you is being processed. You also have the right to free access to your personal data processed by us. In particular, you may request information about:

  • the purposes of processing;

  • the categories of personal data;

  • the categories of recipients to whom your data has been or will be disclosed;

  • the planned storage period;

  • the existence of a right to rectification, erasure, restriction of processing or objection;

  • the existence of a right to lodge a complaint;

  • all available information on the source of your data, where it was not collected from us; and

  • the existence of automated decision-making, including profiling, and, where applicable, meaningful information about its details.

  1. Right to Rectification

Pursuant to Art. 16 GDPR, you have the right to request the immediate rectification of inaccurate personal data stored by us or the completion of incomplete personal data.

  1. Right to Erasure

Pursuant to Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us if one of the following reasons applies:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

  • You withdraw your consent on which the processing was based, and there is no other legal basis for the processing.

  • You object to processing carried out on the basis of Art. 6 para. 1 sentence 1 lit. b or f GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing of data for direct marketing purposes.

  • The personal data has been unlawfully processed.

  • Erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which we are subject.

  • The personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

This does not apply where processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

  1. Right to Restriction of Processing

Pursuant to Art. 18 GDPR, you have the right to request restriction of the processing of your personal data if:

  • you contest the accuracy of the data for a period enabling us to verify the accuracy of your data;

  • the processing is unlawful, but you oppose the erasure of the data and instead request restriction of processing;

  • we no longer need the data, but you require it for the establishment, exercise or defence of legal claims; or

  • you have objected to processing pursuant to Art. 21 GDPR, pending verification of whether our legitimate grounds override yours.

In this case, your data may, apart from storage, only be processed with your consent or for certain legally defined purposes, in particular for the assertion of legal claims and for the protection of the rights of other persons. We will notify you before the restriction is lifted.

  1. Right to Data Portability

Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller.

  1. Right to Object to Processing

Under certain conditions, you also have the right pursuant to Art. 21 GDPR to object to the processing of your personal data. Please read our separate information under Section 10: Separate Information on Your Right to Object pursuant to Art. 21 GDPR.

  1. Information on Exercising the Rights Pursuant to Sections 1–7

If you wish to exercise any of the aforementioned rights, you may contact us at any time via sales@fristed.eu or via the contact details provided in the legal notice and in this Privacy Policy.

  1. Right to Lodge a Complaint with a Supervisory Authority

Pursuant to Art. 77 GDPR, you also have the right to lodge a complaint with a supervisory authority. For example, you may contact the supervisory authority of your usual place of residence, your workplace or our registered office. A list of supervisory authorities can be found here:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

  1. Separate Information on Your Right to Object Pursuant to Art. 21 GDPR

In the following, we would like to draw your particular attention to your right to object pursuant to Art. 21 GDPR:

Right to Object

a) Right to Object on Grounds Relating to Your Particular Situation Pursuant to Art. 21 para. 1 GDPR

The prerequisite for this right to object is that data processing is carried out on the basis of the provisions of Art. 6 para. 1 sentence 1 lit. e or f GDPR.

Art. 6 para. 1 sentence 1 lit. e GDPR governs the case where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. This primarily applies to public authorities such as federal and state authorities and their agencies, or private persons entrusted with public authority.

Art. 6 para. 1 sentence 1 lit. f GDPR permits processing where it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests or fundamental rights and freedoms of the data subject do not override those interests.

If data processing is carried out on one of these bases, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you. This also applies to profiling based on these provisions.

Consequence of the objection: After an objection, we will no longer process the data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defence of legal claims.

b) Right to Object to the Processing of Data for Direct Marketing

The prerequisite for this right to object is that your data is processed for the purpose of direct marketing.

In this case, you have the right to object at any time to the processing of your data for the purpose of such advertising. This also applies to profiling insofar as it is related to such direct marketing.

The consequence of the objection is that the data will no longer be processed for these purposes.

c) Exercising the Right to Object

If you wish to exercise your right to object pursuant to a) or b), you may contact us at any time via sales@fristed.eu or via the contact details provided in the legal notice and in this Privacy Policy.

V. Period of Validity

In order to ensure that our privacy information always complies with current legal requirements, we reserve the right to make changes at any time. This also applies if the privacy information needs to be adapted due to new or revised offers or services. You may access and print out the current Privacy Policy at any time on the website under /privacy-policy.