Exchange points for discounts
WOMEN’S BEST GmbH
Eduard Bodem Gasse 3
6020 Innsbruck, Austria
gdpr@womensbest.com
1. Security and protection of your personal data when visiting our website
Women's Best GmbH (referred to hereafter as 'Women's Best' or 'we') takes the protection of your personal data very seriously and uses extreme care and the most advanced security standards to guarantee it.
We consider it our overriding responsibility to safeguard the confidentiality of the personal data provided by you and to protect them from unauthorized access.
2. Definitions
In order to ensure a transparent and easily understandable declaration regarding the processing of your personal data, we would like to inform you about the individual legal definitions used in this privacy policy:
a. Personal Data
'Personal data' means any information relating to an identified or identifiable natural person (hereafter referred to as 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b. Processing
'Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
c. Restriction of processing
'Restriction of processing' means the marking of stored personal data with the aim of limiting their processing in the future.
d. Profiling
'Profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
e. Pseudonymization
'Pseudonymization' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
f. Filing system
'File system' means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.
g. Data controller
'Data controller' means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h. Processor
'Processor' means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
i. Recipient
'Recipient' means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
j.Third party
'Third party' means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k. Consent
'Consent' of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. Lawfulness of processing
Processing shall be lawful only if there is a legal basis for processing data. Pursuant to Article 6 paragraph 1
points (a) – (f) GDPR such legal basis for processing data can be in particular:
a. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c. processing is necessary for compliance with a legal obligation to which the controller is subject;
d. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
4. Calling up and visiting our website – server log files; Hosted by Shopify
(1) In case of a merely informative use of the website, i.e. if you do not register, buy something, or disclose data to us in other ways, we collect only those personal data which your browser transmits to our server. For the purpose of the technical provision of the website, it is necessary for us to process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically recorded each time our website is accessed and automatically stored in so-called server log files. This includes:
- IP address
- Date and time of your inquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (actual page)
- Access status/HTTP status code
- Transmitted data volume
- Website from which the request is received
- Browser
- Operating system and its interface
- Language and version of the browser software.
The storage of the aforementioned access data is necessary to provide a functional website and to ensure system security for technical reasons. This also applies to the storage of your IP address, which is necessary and, under certain conditions, can at least theoretically enable an assignment to your person. In addition to the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimization of our website, purely statistically and without any conclusions about your person. This data is not merged with other data sources, and the data is not evaluated for marketing purposes.
The access data collected as part of the use of our website is only kept for the period for which this data is required to achieve the above purposes.
If you visit our website to find out about our range of products and services or to use them, the basis for the temporary storage and processing of the access data is Art. 6 (1) (b) GDPR (Legal basis) that allows the processing of data to fulfill a contract or to carry out pre-contractual measures. In addition, Art. 6 (1) (f) GDPR serves as the legal basis for the temporary storage of the technical access data. Our legitimate interest is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.
(2) Our shop is hosted by Shopify Inc. Shopify offers us an e-commerce platform that allows us to sell our goods and services to you. Your data are administered via data storage, a database and generally the Shopify app. Shopify stores your data on a secure server behind a firewall. If you pay by credit card, Shopify stores your credit card data. These are encrypted using the Payment Card Industry Data Security Standard (PCI-DSS). The data of your purchase will be stored only as necessary for the duration of your purchase. As soon as it is completed, your purchase data are erased. All direct payment portals are subject to the PCI-DSS standard and are administered by PCI Security Standards Council, a joint initiative by Visa, MasterCard, American Express and Discover. PCI-DSS conditions help to ensure secure payment transactions using your credit card information in our shop and with service providers. More detailed information can be found in the terms of use (https://www.shopify.com/legal/terms) or privacy policies (https://www.shopify.com/legal/privacy) of Shopify.
5. Processing of personal data when contacting, setting up a customer account and paying in the online shop
(1) If you contact us by email or via our contact form, the data disclosed by you to us (email address, if necessary, your name and your telephone number) are stored by us to allow us to answer your questions. We erase the data collected in this context after storage is no longer necessary or if processing is restricted, unless legal retention obligations exist. This data processing takes place on the basis of Art. 6 (1) (a) GDPR in connection with the consent you have given.
(2) If you buy products via our website or if you open a customer account for the administration of your current or future orders, we collect for this purpose, the data that we need for the performance of the contract. These can be seen in the respective input fields for registration (customer account) or the purchase order form. When you place an order, we need as a minimum, the obligatory data marked with a star (*). We use this data in accordance with Art. 6 (1) (b) GDPR to process the contract and to process your inquiries.
(3) Aside from payment by credit card, we also offer other payment methods for the use of our cybershop and for this purpose avail ourselves of various other payment service providers with whom we have signed third-party data processing agreements. We disclose different data to the various payment service providers depending on which payment method you have chosen. The legal basis for the transmission is – depending on the payment provider – Art. 6 (1) (a, b, or f) GDPR (see below).
Here are our payment service providers:
PayPal
If you pay for your purchase from us with PayPal, your personal data will be transmitted to PayPal. If you have not yet opened a PayPal account, you will be asked by PayPal to do so in the course of the payment process. When using or opening a PayPal account, you must provide PayPal with, among other data, your name, address, telephone number and email address. The legal basis for the transmission of the data is Art. 6 (1) (a) GDPR and Art. 6 (1) (b) GDPR.
The operator of the PayPal payment service is:
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg
Email: impressum@paypal.com
When choosing the PayPal payment option, you consent to the disclosure of your personal data such as name, address, telephone number and email address to PayPal. PayPal's privacy policy will indicate what other data will be collected by PayPal. It can be found under: https://www.paypal.com/webapps/mpp/ua/privacy-full
Klarna
When choosing payment via Klarna, your personal data are disclosed to Klarna Bank AB, which is the operator of the Klarna payment service provider. The legal basis for the disclosure of the data is Art. 6 (1) (a) GDPR and Art. 6 (1) (b) GDPR.
Klarna AB can be reached as follows:
Klarna Bank AB (publ)
Sveavägen 46
111 34 Stockholm
Sweden
Phone: 0046 8-120 120 00
Fax: 0046 8-120 120 99
Contact: info@klarna.de
Klarna collects the following data while handling the payment of orders in our online shop:
- Name, date of birth, title, billing and ship-to-address, email address, cellphone number
- Information about the ordered goods and services
- Information about income, debts, and payment notices
- Location-related information
- IP address
Klarna also carries out an identity and creditworthiness check. In this process, the data provided by you for the purchase are compared with the existing data of a credit rating agency. These data are processed based on an explicit consent granted by you, the legal principle being Art. 6 para. 1 clause 1 point (a) GDPR. In accordance with Art. 7 (3) GDPR, you may withdraw the granted consent effective for the future at any time and for any reason.
You will find detailed information about the privacy policy of Klarna Bank AB (publ) under https://www.klarna.com/uk/privacy/
Afterpay
The use of one of our Afterpay payment methods is offered to you by:
Arvato Payment Solutions GmbH
Gütersloher Str. 123
33415 Verl
Contact: APS@arvato.com
(hereafter: Afterpay). As data controller under the General Data Protection Regulation within the meaning of Regulation (EU) 2016/679 ('GDPR') it is responsible for the storage and processing of your personal data collected from you in the context of its services as well as for compliance with the applicable rules and regulations.
If you place an order on the website and want to use one of our Afterpay payment methods, or if you wish to contact us in the context of the payment process, Afterpay will collect the following information about you (either directly from you or via us):
- Information about the goods and services, such as information about the ordered articles (e.g. the purchase order value, product group, merchandise value, if necessary the source of the inquiry and delivery mode)
- Financial information such as your income, any credit obligations, notes about a negative payment history
- Historical information such as information about the progress of your order, the payment process and past creditworthiness
- Information about the interaction between you and Afterpay, such as the way you used the services, including information about unpaid and current liabilities and your (re-) payment history in case of Afterpay, your personal preferences as well as your interaction with the Afterpay customer service
- Information about the interaction between you and us, such as your communications with us, e.g. whether the goods were delivered
- IP address
- Device information ('User Agent')
Afterpay also might carry out an identity and creditworthiness check. In this process, the data provided by you for the purchase are compared with the existing data of a credit rating agency. These data are processed based on an explicit consent granted by you, the legal principle being Art. 6 para. 1 clause 1 point (a) GDPR. In accordance with Art. 7 (3) GDPR, you may withdraw the granted consent effective for the future at any time and for any reason.
You will find detailed information about the privacy policy of Afterpay under: https://documents.myafterpay.com/privacy-statement/en_se/
Clearpay
If you use the payment processing by our payment service provider
Clearpay Finance Limited
22 Long Acre
London, UK
WC2E 9LY
(hereafter: Clearpay), Clearpay will process the following personal data:
- Contact information such as name, address, telephone number, email, and other similar information.
- Payment information such as credit card numbers linked to your Clearpay account or transmitted by you to Clearpay.
- Other personal information such as date of birth, driver's license number or other identification information or documents.
Clearpay also might carry out an identity and creditworthiness check. In this process, the data provided by you for the purchase are compared with the existing data of a credit rating agency. These data are processed based on an explicit consent granted by you, the legal principle being Art. 6 para. 1 clause 1 point (a) GDPR. In accordance with Art. 7 (3) GDPR, you may withdraw the granted consent effective for the future at any time and for any reason.
You will find detailed information about the privacy policy of Clearpay under: https://www.clearpay.co.uk/en-GB/privacy-policy
Stripe
On our website, we offer payment via Stripe and the associated payment methods. The provider of this payment service is
Stripe Payments Europe Ltd
The One Building
Lower Grand Canal St
Dublin 2
Ireland
Contact: support@stripe.com
(hereafter: Stripe).
If you choose payment via Stripe, the payment data entered by you are disclosed to Stripe. The disclosure of your data to Stripe takes place on the basis of Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (processing for the performance of a contract). You have the option to withdraw your consent to the data processing at any time. A withdrawal does not affect the validity of past data processing operations. All data necessary for payment processing will be used exclusively for the execution of the payments and transmitted following 'SSL' procedures.
Stripe also might carry out an identity and creditworthiness check. In this process, the data provided by you for the purchase are compared with the existing data of a credit rating agency. These data are processed based on an explicit consent granted by you, the legal principle being Art. 6 para. 1 clause 1 point (a) GDPR. In accordance with Art. 7 (3) GDPR you may withdraw the granted consent effective for the future at any time and for any reason.
Detailed information on Stripe's privacy policy can be found here: https://stripe.com/en-gb-at/privacy
(5) We will also disclose your contact data to the responsible shipper if this is necessary for processing your order (here: delivery of the goods).
(6) Based on the rules and regulations of commercial and fiscal law, we are obligated to store your address as well as your payment and order data for the duration of ten years. However, we restrict processing after two years, i.e. your data will be used only in order to comply with legal obligations. Your data will only be used to comply with legal obligations. The legal basis for this is Art. 6 (1) (c) GDPR.
6. Newsletter
(1) With your consent, you may subscribe to our newsletter in which we inform you about our current special offers. The promoted goods and services are described in the declaration of consent. The legal basis is Art. 6 (1) (a) GDPR.
(2) We use the so-called double-opt-in procedure for the application to our newsletter, meaning that following your application we send you an email to the indicated email address, in which we ask you to confirm that you requested subscription to the newsletter. This means that after you have registered, we will send you an email to the email address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your application within 24 hours, your information will be blocked and erased automatically after one month. In addition, we store the IP addresses you used and the time of your application and confirmation. The purpose is to have proof of your application and if necessary to be able to clarify a possible misuse of your personal data.
(3) The only obligatory information for the subscription to our Newsletter is your email address. The provision of additional, separately marked data is voluntary and is used in addressing you personally. After your confirmation, we store your email address for the purpose of sending you the newsletter.
(4) You may withdraw your consent to the subscription of the Newsletter at any time and you may cancel the newsletter at any time. You may confirm the withdrawal by clicking on the link provided in each e-mailed newsletter or by sending a message to the contact data indicated in the imprint.
(5) We use the external service provider Emarsys as third-party processor for sending the Newsletter. We signed a separate third-party processing contract with the service provider in order to ensure the protection of your personal data. Further information about Emarsys is available on the website https://emarsys.com/.
7. Use of cookies and related features/technology
We can partially use so-called cookies on our website. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure, and to enable the provision of certain functions. Cookies are small text files placed on your computer and stored by your browser. A cookie contains a characteristic character string that enables your browser to be uniquely identified when you visit the website again.
Most of the cookies we use are so-called 'session cookies'. They are automatically deleted at the end of your visit or your browser session (so-called transient cookies). Other cookies remain stored on your end device for a specified period of time or until you delete them (so-called persistent cookies). These cookies enable us to recognize your browser on your next visit. On written request, we are happy to provide further information on the functional cookies used. Please use the above contact information.
You can set your browser so that you are informed about the settings of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. You can regularly obtain the procedure for deactivating cookies via the 'Help' function of your Internet browser. If cookies are deactivated, the functionality and/or the full availability of this website may be restricted. For further cookie-specific setting and deactivation options, please see the individual explanations below for the specific cookies and associated functions/technologies used when you visit our website.
Some of the cookies that we use on our website are from third parties that help us analyze the effectiveness of our website content and the interests of our visitors, measure the performance and performance of our website, or deliver tailored advertising and other content to our websites or other websites put. As part of our website, we use both first-party cookies (only visible from the domain you are currently visiting) and third-party cookies (visible across domains and regularly set by third parties).
The cookie-based data processing takes place on the basis of your consent in accordance with Art. 6 (1) (a) GDPR (legal basis) or on the basis of Art. (1) (f) GDPR (legal basis) to protect our legitimate interests. In particular, our legitimate interests lie in being able to provide you with a technically optimized, user-friendly and needs-based website and in guaranteeing the security of our systems. You can revoke consent that you have given us at any time, e.g. by deactivating the cookie-based tools/plugins listed in detail in the following overview. You can also object to processing based on legitimate interests by making the appropriate settings.
In detail, the following cookie-based tools/plugins are used on this website:
Google Analytics
We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; 'Google') on our website.
The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. For this purpose, Google will use the information obtained on our behalf as the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The following information, among others, can be collected: IP address, date and time of the page view, click path, information about the browser you are using and the device you are using (device), pages visited, referrer URL (website from which you accessed our website), location data, purchase activities. The IP address of your browser transmitted by Google Analytics is not linked to any other Google data.
Google Analytics uses technologies such as cookies, web storage in the browser and tracking pixels, which enable an analysis of your use of the website. The information about your use of our website generated by the Google Analytics cookies is normally transmitted to a Google server in the USA and stored there. There is no adequacy decision by the EU Commission for the USA. The data transmission takes place i.a. on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data and is available at: https://policies.google.com/privacy/frameworks and https://business.safety.google/ adsprocessorterms/. Both Google and US government agencies have access to your data. Your data may be linked by Google with other data, such as your search history, your personal accounts, your usage data from other devices and any other data that Google has about you.
IP anonymization is activated on this website. However, when you activate IP anonymization on our website, Google shortens your IP address within the Member States of the European Union or in other countries that are parties to the European Marketing Area Treaty. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
Cookies or comparable technologies are used with your consent on the basis of § 25 (1) TTDSG in conjunction with Art. 6 (1) (a) GDPR. Your personal data will be processed with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent up to the revocation.
You can find more information on terms of use and data protection at https://marketingplatform.google.com/about/analytics/terms/us/ or at https://policies.google.com/?hl=en&gl=de and at https://policies.google.com/technologies/cookies?hl=en. Our website also uses Google Analytics reports for performance, based on demographic characteristics and interests as well as reports to impressions in the Google Display Network. You may deactivate Google Analytics for display advertising and set the displays in the Google Display Network by accessing the display settings under this link: https://www.google.de/ads/preferences?ac_tld=de&continue=aHR0cHM6Ly9hZHNzZXR0aW5ncy5nb29nbGUuZGUvYW5vbnltb3Vz.
Google Tag Manager
This website uses Google Tag Manager. Google is a group of companies and consists of the companies Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google LLC.
This service allows you to administer so-called website tags centrally via an interface. Google Tag Manager implements only tags. No cookies are used and no personal data are collected.
Google has a suitable privacy policy for such data collection by third-party providers: https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/
However, Google Tag Manager does not access these data. If certain domains/websites or cookies were deactivated, it remains in place for all tracking tags provided that they are implemented using Google Tag Manager.
Facebook pixel for creating custom audiences with advanced data matching
Within our online offer, the so-called 'Facebook Pixel' of the social network Facebook is used in the mode of extended data comparison, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ('Facebook').
On the basis of their explicit consent, if a user clicks on an advertisement placed by us on Facebook, the URL of our linked page will be appended by Facebook Pixel. After forwarding, this URL parameter is then written to the user’s browser via cookie, which our linked page sets itself. In addition, specific customer data such as the email address, which we collect on our website linked to the Facebook ad for transactions such as purchases, account logins or registrations, is recorded by this cookie (extended data comparison). The cookie is then read by the Facebook pixel and enables the data, including specific customer data, to be forwarded to Facebook.
With the help of the Facebook pixel with extended data comparison, Facebook is able to precisely determine the visitors of our online offer as a target group for the display of advertisements (so-called 'Facebook Ads'). Accordingly, we use the Facebook pixel with extended data comparison in order to only display the Facebook ads we have placed to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are determined based on the websites visited), which we transmit to Facebook (so-called 'Custom Audiences'). With the help of the Facebook pixel with extended data comparison, we also want to ensure that our Facebook ads correspond to the potential interest of the user and are not annoying. In this way, we can further evaluate the effectiveness of the Facebook ads for statistical and market research purposes by understanding whether users were redirected to our website after clicking on a Facebook ad (so-called 'Conversion'). Compared to the standard version of Facebook Pixel, the advanced data comparison feature helps us to better measure the effectiveness of our advertising campaigns by recording more attributed conversions.
All transmitted data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage guidelines (https://www.facebook.com/about/privacy/). The data can enable Facebook and its partners to place advertisements on and outside of Facebook.
These processing operations only take place if you have given your explicit consent in accordance with Art. 6 (1) (a) GDPR. The information generated by Facebook is usually transmitted to a Facebook server and stored there. This can also result in transmission to the servers of Meta Platforms Inc. in the USA. If you wish to object to the use of Facebook's Website Custom Audiences, you may do so under https://www.facebook.com/settings/?tab=ads .
In addition, we use Customer Match Lists in the context of our Facebook advertising activities, e.g. for 'Lookalike Audiences' and remarketing. For the use of Customer Match, lists with encrypted user data are uploaded to Facebook. After uploading the data, the system checks which data are already known and assigns the users to a list. After the preparation of the Customer Match List, the encrypted customer data are again automatically erased. Facebook does not obtain any new addresses in this process (encryption).
Hotjar
This website uses the Hotjar web analytics service from Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788).
With this tool, movements on the websites on which Hotjar is used can be traced (so-called heat maps). For example, you can see how far users scroll and which buttons they click how often. It is also possible to use the tool to obtain feedback directly from the users of the website. In this way, we obtain valuable information in order to make our websites even faster and more customer-friendly. When using this tool, we pay particular attention to the protection of your personal data. So we can only track which buttons you click and how far you scroll. Areas of the website in which personal data of you or third parties is displayed are automatically hidden by Hotjar and are therefore not traceable at any time.
All of the processing described above, in particular the reading of information on the end device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 (1) (a) GDPR. You can find Hotjar’s privacy policy at https://www.hotjar.com/privacy/. You can object to the use of Hotjar. Instructions are available under https://www.hotjar.com/legal/compliance/opt-out/.
We use components of the service provider Twitter on our website. Twitter is a service offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.
Whenever you access our website featuring this component, this component causes your browser to download the respective version of Twitter's component. This process also informs Twitter which page of our website is currently visited.
We have no control over the data collected by Twitter in this process or over the range of the data collected by Twitter. As far as we know, Twitter records the URL of the respectively accessed website as well as the IP address of the user, but this information is not used for purposes other than for loading the respective version of the Twitter component. Additional information about this issue can be found in Twitter's privacy policy under http://twitter.com/en/privacy.
You may change your privacy settings in account settings under https://twitter.com/account/settings.
Ve
We use the services of Ve Interactive DACH GmbH (Französische Straße 47, 10117 Berlin; hereafter referred to as 'Ve'). In the course of providing its services, Ve collects personal data from the end users who visit our website. Ve hereby uses cookies and other comparable technologies. More information about the technologies used by Ve can be found in Ve's Cookie-Guidelines. A list of the purposes for which Ve collects personal data is shown in Ve's Privacy Policy. Generally speaking, Ve records the personal data of end users, in particular contact data and behavioral data, by using cookies. Ve uses these personal data to draw conclusions about the respective personal preferences of the end users and to personalize the web experience of the end user, for example, by displaying personalized offers when visiting customer websites or similar personalization of the customer website for the end user and by showing personalized ads during visits to customer websites or the websites of third parties. Pursuant to Art. 26 GDPR, Ve and we are joint data controllers when collecting personal data. For details, please refer to Ve’s Privacy Policy.
End users can prevent the processing of their personal data by Ve in various ways. The various methods for stopping the processing of data are contained in Ve's Data Privacy Policy, thus for example the use of the opt-out button under https://www.ve.com/legal/privacy-policy?lang=en#opting-out or the use of the opt-out mechanism of IAB Europe under https://www.youronlinechoices.com/opt-out-interface.
We use the services of Pinterest, Inc., 808 Brannan St, San Francisco, CA 94103, USA on our website. The embedded 'Pin it' button on the website informs Pinterest that you accessed the respective page of our website. If you are logged in with Pinterest, Pinterest is able to attribute this visit of our website to your Pinterest account and thus link the data. The data transmitted by clicking the 'Pin it' button are stored by Pinterest. You may access further information about the purpose and range of the collected data, their processing and use as well as about your rights and setting options for the protection of your privacy in the privacy policies of Pinterest: https://policy.pinterest.com/en/privacy-policy.
In order to prevent Pinterest from attributing your visit of our website to your Pinterest account, you must log out from your Pinterest account before visiting our website.
Zendesk
Our website uses technology provided by Zendesk International Ltd, 55 Charlemont Place, Saint Kevin’s, Dublin D02 F985, Ireland ('Zendesk') to collect and store pseudonymous data for the purposes of web analytics and to operate the ticketing system used to respond to support requests. User profiles can be created from this pseudonymized data under a pseudonym. Cookies can be used for this. The cookies enable, among other things, the recognition of the Internet browser. If the information collected in this way has a personal reference, the processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in effective customer service and the statistical analysis of user behavior for optimization purposes.
The data collected with the Zendesk technologies will not be used to personally identify the visitor to this website and will not be combined with personal data about the bearer of the pseudonym without the separate consent of the person concerned. In order to avoid the storage of Zendesk cookies, you can set your Internet browser so that no more cookies can be stored on your computer in the future or cookies that have already been stored are deleted. However, switching off all cookies can mean that some functions on our website can no longer be executed. You can deactivate the data collection and storage for the purpose of creating a pseudonymized user profile at any time with effect for the future by sending us your objection informally by email to the email address given in the imprint.
We have concluded an order processing agreement with Zendesk, with which we oblige Zendesk to protect our customers’ data and not to pass it on to third parties.
Personal data may be transmitted to Zendesk Inc. servers in the USA. For such data transfers, Zendesk follows Binding Corporate Rules (BCRs) which have been recognized by the Irish Data Protection Authority as appropriate safeguards for compliance with European data protection standards.
You can find more information about Zendesk’s data protection at https://www.zendesk.de/company/customers-partners/privacy-policy/.
Other cookies
Here is a list of other cookies that we use. We have listed them here so you can decide whether you would like to use cookies or not.
session_id, proprietary token, session-related, allowing Shopify to store information about your session (referrer, target website, etc.).
shopify_visit, no data storage, lasting for 30 minutes from your last visit, is used by the internal statistics tracker of our website provider to track the number of visitors.
shopify_uniq, no data storage, expires at midnight (relative to the visitor) of the next day, counts the number of shop visits by individual customers.
cart, proprietary token, lasting for 3 weeks, stores information about the content of your shopping cart.
secure_session_id, proprietary token, session-related
storefront_digest, proprietary token, unlimited duration, used if the shop has a password in order to determine whether the current customer has access.
We store this information for the duration of 12 months.
This data processing is based on the principles of Art. 6 (1) (f) GDPR for the protection of our legitimate interests, i.e. the optimization of our offer.
8. Rating via Trustpilot
If you have given us your explicit consent to this during or after your order in accordance with Art.6 (1) (a) GDPR, we will transmit your email address to the Trustpilot rating platform of Trustpilot A/S, Pilestræde 58, 1112 Copenhagen K, Denmark (www.trustpilot.com), so that it sends you a rating reminder by email.
You can revoke your consent at any time by sending a message to us or to the Trustpilot rating platform.
9. Your privacy rights vis-à-vis Women’s Best
(1) Revocability of consent, Article 7 GDPR
In accordance with Article 7 (3) GDPR, you have the right to revoke any consent you have given us to process your data at any time without giving any reason. You may send your withdrawal notice in no particular format to the mailing address or email address shown at the beginning of this privacy policy. Withdrawal of the consent does not affect the legality of the data processed up to the withdrawal based on your consent (Article 7 paragraph 3 clause 2 GDPR).
(2) Right of access to information, Article 1 GDPR
Pursuant to Article 15 paragraph 1 GDPR you have the right to know whether we process your personal data. If we do, you have a right to additional information (Article 15 paragraph 2 GDPR).
(3) Right to rectification, erasure or restriction of processing, Article 16, 17 and 18 GDPR
Under Article 16 GDPR you have the right to demand the immediate rectification of inaccurate personal data and the completion of incomplete data, including by means of a supplementary statement.
In particular, pursuant to Article 17 GDPR you have the right to demand the erasure of personal data concerning yourself if the processing of your personal data is not or no longer permitted.
(4) Right to object, Article 1 GDPR
Under Art. 6 (1) (e) or (f) GDPR you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation; this applies also to any profiling based on these provisions. We will then no longer process your data unless we demonstrate compelling legitimate grounds for such processing which override your own interests, rights, and freedoms.
You may exercise the right to object at any time by contacting us via the contact options specified in the imprint.
(5) Right to lodge a complaint with a supervisory authority, Article 77 GDPR
Without prejudice of another administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your job or the place of the presumed violation if you believe that the processing of your respective personal data is unlawful. The data protection agency of the Republic of Austria provides forms for the exercise of your legal rights and for a complaint under https://www.dsb.gv.at/download-links/dokumente.html. The following applies to our European customers: Your competent supervisory authority is that of your place of residence. A list of all supervisory authorities can be found under https://edpb.europa.eu/about-edpb/about-edpb/members_en.
For questions about the collection, processing or use of your personal data, or for information about, correction, restriction, or erasure of data as well as the withdrawal of a consent granted by you or an objection to a particular data use, please contact us directly using the contact data in our imprint.
Status of the privacy and data security policy: December 2, 2022
