Data protection – Creature Toys Shop

Personal data (hereinafter mostly referred to as “data”) are only processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data, such as collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosing through transmission, dissemination or any other form of provision, comparison or the linking, the restriction, the deletion or the destruction.

With the following data protection declaration we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, as far as we decide either alone or together with others about the purposes and means of processing. In addition, we will inform you below about the third-party components we use for optimization purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.

Our privacy policy is structured as follows:

Additional Information
Rights of users and data subjects
Rights of users and data subjects
Linking social media via graphic or text link
Additional Information

1) INFORMATION ABOUT US AS RESPONSIBLE

Responsible provider of this website in terms of data protection law is: CreatureToys GbR Hainstraße 65 35216 Biedenkopf Deutschland E-Mail: [email protected]

2) USER AND DATA SUBJECT RIGHTS

With a view to the data processing described in more detail below, users and data subjects have the right

for confirmation as to whether the data concerning you is being processed, for information about the processed data, for further information about data processing and for copies of the data (see also Art. 15 GDPR);
to correct or complete incorrect or incomplete data (see also Art. 16 GDPR);
to the immediate deletion of the data concerning them (see also Art. 17 GDPR), or, alternatively, if further processing in accordance with Art. 17 Para. 3 GDPR is required to restrict processing in accordance with Art. 18 GDPR;
to receive the data concerning them and provided by them and to transfer this data to other providers / responsible parties (cf. also Art. 20 GDPR);
to complain to the supervisory authority if they are of the opinion that the data concerning them are being processed by the provider in violation of data protection regulations (see also Art. 77 GDPR).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or the restriction of processing that is based on Articles 16, 17 para. 1, 18 GDPR. However, this obligation does not exist if this notification is impossible or involves disproportionate effort. Irrespective of this, the user has a right to information about these recipients.

In accordance with Art. 21 GDPR, users and data subjects also have the right to object to the future processing of the data concerning them, provided that the data is provided by the provider in accordance with Art. 6 Para. 1 lit. f) GDPR are processed. In particular, an objection to data processing for the purpose of direct advertising is permitted.

3) INFORMATION ON DATA PROCESSING

Your data processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data does not conflict with any statutory retention requirements and no other information on individual processing methods is given below.

SERVER DATA

For technical reasons, in particular to ensure a secure and stable website, your internet browser transmits data to us or to our web space provider. With these so-called server log files, among other things, the type and version of your Internet browser, the operating system, the website from which you switched to our website (referrer URL), the website (s) of our website that you are visiting, the date and time of the respective access as well as the IP address of the internet connection from which our website is used.

This data collected in this way is temporarily stored, but not together with other data from you.

This storage takes place on the legal basis of Art. 6 Para. 1 lit.f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data will be deleted after seven days at the latest, unless further storage is required for evidence purposes. Otherwise, the data will be wholly or partially excluded from deletion until an incident has been finally clarified.

COOKIES

We use so-called cookies on our website. Cookies are small text files or other storage technologies that are stored and stored on your device by the internet browser you use. These cookies process certain information about you on an individual basis, such as your browser or location data or your IP address.

This processing makes our website more user-friendly, more effective and safer, as the processing enables, for example, the reproduction of our website in different languages or the offer of a shopping cart function.

The legal basis for this processing is Art. 6 Paragraph 1 lit b.) GDPR, provided that these cookies are used to process data to initiate or process contracts.

If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Article 6 (1) (f) GDPR.

Most of the cookies used on our site are so-called “session cookies”. These are automatically deleted at the end of your visit. Other cookies remain stored on your device for up to 90 days or until you delete them. These cookies enable us to recognize your browser the next time you visit and to save the page settings you have made.

Our website may also use cookies from partner companies with whom we work for the purpose of advertising, analysis or the functionalities of our website.

Please refer to the following information for details on this, in particular on the purposes and legal basis for processing such third-party cookies.

You can prevent or restrict the installation of cookies by setting your internet browser. You can also delete cookies that have already been saved at any time. The steps and measures required for this, however, depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called flash cookies, however, processing cannot be prevented via the browser settings. Instead, you have to change the setting of your Flash player. The steps and measures required for this also depend on the specific Flash player you are using. If you have any questions, please use the help function or documentation of your Flash player or contact the manufacturer or user support.

However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.

Wenn du einen Kommentar auf unserer Website schreibst, kann das eine Einwilligung sein, deinen Namen, E-Mail-Adresse und Website in Cookies zu speichern. Dies ist eine Komfortfunktion, damit du nicht, wenn du einen weiteren Kommentar schreibst, all diese Daten erneut eingeben musst. Diese Cookies werden ein Jahr lang gespeichert.

Falls du ein Konto hast und dich auf dieser Website anmeldest, werden wir ein temporäres Cookie setzen, um festzustellen, ob dein Browser Cookies akzeptiert. Dieses Cookie enthält keine personenbezogenen Daten und wird verworfen, wenn du deinen Browser schließt.

Wenn du dich anmeldest, werden wir einige Cookies einrichten, um deine Anmeldeinformationen und Anzeigeoptionen zu speichern. Anmelde-Cookies verfallen nach zwei Tagen und Cookies für die Anzeigeoptionen nach einem Jahr. Falls du bei der Anmeldung „Angemeldet bleiben“ auswählst, wird deine Anmeldung zwei Wochen lang aufrechterhalten. Mit der Abmeldung aus deinem Konto werden die Anmelde-Cookies gelöscht.

Wenn du einen Artikel bearbeitest oder veröffentlichst, wird ein zusätzlicher Cookie in deinem Browser gespeichert. Dieser Cookie enthält keine personenbezogenen Daten und verweist nur auf die Beitrags-ID des Artikels, den du gerade bearbeitet hast. Der Cookie verfällt nach einem Tag.

CONTRACT EXECUTION

The data transmitted by you to make use of our range of goods and / or services will be processed by us for the purpose of processing the contract and are required in this respect. It is not possible to conclude and process the contract without providing your data. The legal basis for the processing is Article 6 (1) lit. b) GDPR.

When you place an order in our shop, we process your name and the delivery address as you give it in the course of the ordering process. If you voluntarily provide additional data when placing your order (e.g. a different billing address, a telephone number, or an email address), we will also process this data.

We process this data electronically for the proper fulfillment of the contract, in particular for delivery, invoicing, booking payments and processing returns and complaints. This data processing takes place on the basis of Art. 6 Para. 1 lit. b) GDPR.

We keep this data stored until all mutual claims from the respective contractual relationship with you have been completely settled and the retention periods under commercial and tax law to which we are subject have expired.

As part of the contract processing, we pass on your data to the transport company commissioned with the delivery of goods, including Deutsche Post (Deutsche Post AG, 53113 Bonn), DHL (DHL Paket GmbH, 53113 Bonn) and Hermes (Hermes Europe GmbH, 22419 Hamburg), insofar as this the transfer is necessary for the delivery of the goods. The legal basis for forwarding the data is then Art. 6 Para. 1 lit. b) GDPR.

The order processing and the transfer of data to the financial service provider are handled by the Etsy shop platform (Etsy Ireland UC, Dublin 1, Ireland). When using the website and the mobile application of Etsy (Etsy Ireland UC, Dublin 1, Ireland), the storage, processing and transfer of all personal data, as well as the use of cookies and general data collection and processing are subject to the data protection provisions of the company mentioned.

https://www.etsy.com/de/legal/privacy/?ref=ftr

CONTACT INQUIRIES / CONTACT FORM

If you contact us via the contact form or email, the data you provide will be used to process your request. The specification of the data is necessary for processing and answering your request – without this provision we cannot answer your request, or at most only to a limited extent.

The legal basis for this processing is Article 6 (1) lit. b) GDPR.

Your data will be deleted if your request has been finally answered and the deletion does not conflict with any statutory retention requirements, for example in the event of a subsequent contract processing.

CLOUDFLARE

On our website we use functions of the technology service provider Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA, hereinafter referred to as “Cloudflare”. Cloudflare offers a worldwide distributed content delivery network (“CDN”) with DNS. Technically, the information transfer between your browser and our website is directed via the CloudFlare network. A content delivery network is an online service with the help of which, in particular, large media files (such as graphics, page content or scripts) are delivered through a network of regionally distributed servers connected via the Internet. The use of the Content Delivery Network from Cloudflare helps us to optimize the loading speeds of our website.

If you visit our website, your inquiries will be routed via the CloudFlare server. Statistical access data is collected about your visit to our website and a cookie is saved on your device by CloudFlare via your internet browser. The access data includes

Your IP address
the website (s) you have accessed on our website
Type and version of the internet browser you are using
the operating system you are using
the website from which you switched to our website (referrer URL)
Your length of stay on our website
the frequency with which our website is accessed

The data is used by CloudFlare for the purpose of statistical evaluations of the accesses as well as for security and optimization of the offer. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. You can find details on this under the heading “Cookies” above.

The processing takes place in accordance with Art. 6 Paragraph 1 lit. f GDPR on the basis of our legitimate interest in a secure and efficient provision, as well as improvement of the stability and functionality of our website. Cloudflare, based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. For more information, see the Cloudflare privacy policy at:

https://www.cloudflare.com/privacypolicy

https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active

GOOGLE FONTS

We use Google Fonts on our website to display external fonts. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

Through certification according to the EU-US data protection shield (“EU-US Privacy Shield”), Google guarantees that the EU’s data protection requirements are also complied with when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

In order to enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.

The legal basis for the processing is Article 6 (1) lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our website.

Through the connection to Google established when you visit our website, Google can determine from which website your request was sent and to which IP address the representation of the font is to be transmitted.

Google offers further information at

https://adssettings.google.com/authenticated

https://policies.google.com/privacy

, in particular on the possibilities of preventing the use of data.

FACEBOOK

To advertise our products and services and to communicate with interested parties or customers, we operate a company presence on the Facebook platform.

We are jointly responsible for this social media platform with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland.

The data protection officer of Facebook can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated joint responsibility in an agreement with regard to the respective obligations within the meaning of the GDPR. This agreement, from which the mutual obligations arise, can be accessed under the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of personal data that takes place as a result and is reproduced below is Article 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, communication as well as the sale and promotion of our products and services.

The legal basis can also be the consent of the user in accordance with Article 6 (1) (a) GDPR to the platform operator. The user can revoke his consent to this at any time in accordance with Art. 7 Para. 3 GDPR by notifying the platform operator for the future.

When you visit our online presence on the Facebook platform, Facebook Ireland Ltd. as the operator of the platform in the EU processes user data (e.g. personal information, IP address, etc.).

This user data is used for statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. Based on these profiles, Facebook Ireland Ltd. For example, it is possible to advertise users within and outside of Facebook based on their interests. If the user is logged into his account on Facebook at the time of access, Facebook Ireland Ltd. can also link the data with the respective user account.

If the user contacts us via Facebook, the personal data entered on this occasion will be used to process the request. The user’s data will be deleted by us, provided that the user’s request has been finally answered and there are no statutory retention requirements, e.g. in the case of subsequent contract processing.

Facebook Ireland Ltd. possibly also sets cookies.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the settings of the browser, but by the corresponding setting of the Flash player. Should the user prevent or restrict the installation of cookies, this may mean that not all Facebook functions can be used to their full extent.

More information about the processing activities, their prevention and the deletion of the data processed by Facebook can be found in Facebook’s data policy:

https://www.facebook.com/privacy/explanation

It cannot be ruled out that the processing by Facebook Ireland Ltd. also via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Facebook Inc. has submitted to the “EU-US Privacy Shield” and thereby declares compliance with EU data protection requirements when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

TWITTER

We maintain an online presence on Twitter to present our company and our services and to communicate with customers / interested parties. Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

In this respect, we would like to point out that there is a possibility that user data will be processed outside the European Union, in particular in the USA. This can result in increased risks for the user insofar as, for example, later access to the user data can be made more difficult. We also have no access to this user data. The possibility of access lies exclusively with Twitter. Twitter Inc. is certified under the Privacy Shield and has thus committed itself to complying with European data protection standards

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

You can find Twitter’s data protection information at

https://twitter.com/de/privacy

INSTAGRAM

To advertise our products and services and to communicate with interested parties or customers, we operate a company presence on the Instagram platform.

We are jointly responsible for this social media platform with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland.

Instagram’s data protection officer can be reached using a contact form:

https://www.facebook.com/help/contact/540977946302970

https://www.facebook.com/legal/terms/page_controller_addendum

When you visit our online presence on the Instagram platform, Facebook Ireland Ltd. as the operator of the platform in the EU processes user data (e.g. personal information, IP address, etc.).

This user data is used for statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. Based on these profiles, Facebook Ireland Ltd. For example, it is possible to advertise users within and outside of Instagram based on their interests. If the user is logged into his Instagram account at the time of access, Facebook Ireland Ltd. also link the data with the respective user account.

If the user contacts Instagram, the personal data entered by the user on this occasion will be used to process the request. The user’s data will be deleted by us, provided that the user’s request has been finally answered and there are no statutory retention requirements, e.g. in the case of subsequent contract processing.

Facebook Ireland Ltd. possibly also sets cookies.

More information on the processing activities, their prevention and the deletion of the data processed by Instagram can be found in Instagram’s data policy:

https://help.instagram.com/519522125107875

It cannot be ruled out that the processing by Facebook Ireland Ltd. also via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Facebook Inc. has submitted to the “EU-US Privacy Shield” and thereby declares compliance with EU data protection requirements when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

4) LINKING SOCIAL MEDIA VIA GRAPHICS OR TEXTLINK

We also advertise presences on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents that when a website that has a social media application is called up, a connection is automatically established to the respective server of the social network in order to display a graphic of the respective network itself. The user is only forwarded to the service of the respective social network by clicking on the corresponding graphic.

After the user has been forwarded, information about the user is recorded by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.

This is initially data such as the IP address, date, time and page visited. If the user is logged into their user account of the respective network during this time, the network operator can, if necessary, assign the information collected from the specific visit of the user to the personal account of the user. If the user interacts via a “share” button on the respective network, this information can be saved in the user’s personal user account and, if necessary, published. If the user wants to prevent the information collected from being directly assigned to his user account, he must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are linked to our site:

Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Certification EU-US data protection (“EU-US Privacy Shield”):

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Twitter

Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA

Data protection: https://twitter.com/privacy

Certification EU-US data protection (“EU-US Privacy Shield”):

https://www.privacyshield.gov/…0000TORzAAO&status=Active

Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Data protection: https://www.facebook.com/policy.php

Certification EU-US data protection (“EU-US Privacy Shield”):

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

This data protection declaration was created with the help of, among other things Sample data protection of Anwaltskanzlei Weiß & Partner.

NOTES ACCORDING TO THE TELEMedia Act

Liability for content

The contents of our pages were created with great care. However, we cannot assume any liability for the correctness, completeness and topicality of the content. As a service provider, we are responsible for our own content on these pages in accordance with general law in accordance with Section 7, Paragraph 1 of the German Telemedia Act. According to §§ 8 to 10 TMG, as a service provider, we are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information according to general laws remain unaffected. However, liability in this regard is only possible from the point in time at which we become aware of a specific legal violation. As soon as we become aware of such legal violations, we will remove this content immediately.

Liability for links

Our offer contains links to external third-party websites over whose content we have no influence. Therefore, we cannot accept any liability for this third-party content. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time they were linked. No illegal content was found at the time the link was created. However, permanent monitoring of the content of the linked pages is unreasonable without concrete evidence of a violation of the law. As soon as we become aware of legal violations, we will remove such links immediately.

The content and works on these pages created by the website operator are subject to German copyright law. The duplication, processing, distribution and any kind of exploitation outside the limits of copyright law require the written consent of the respective author or creator. Downloads and copies of this website are only permitted for private, non-commercial use. Insofar as the content on this site was not created by the operator, the copyrights of third parties are observed. In particular contents of third parties are marked as such. If you should nevertheless become aware of a copyright infringement, we would ask you to notify us accordingly. If we become aware of legal violations, we will remove such content immediately.

5) ADDITIONAL INFORMATION

Comments

When visitors write comments on the website, we collect the data that is displayed in the comment form, as well as the visitor’s IP address and the user agent string (this is used to identify the browser) to support spam detection .

An anonymized string of characters (also called a hash) can be created from your email address and sent to the Gravatar service to check whether you are using it. You can find the data protection declaration of the Gravatar service here: https://automattic.com/privacy/. After your comment has been approved, your profile picture is publicly visible in the context of your comment.

How long we keep your data

If you write a comment, it will be saved indefinitely, including metadata. In this way, we can automatically recognize and approve follow-up comments instead of holding them in a moderation queue.

For users who register on our website, we also store the personal information that they provide in their user profiles. All users can view, change or delete their personal information at any time (the user name cannot be changed). Website administrators can also view and change this information.

What rights you have to your data

If you have an account on this website or have written comments, you can request an export of your personal data from us, including all data that you have given us. In addition, you can request the deletion of all personal data that we have stored about you. This does not include the data that we have to keep for administrative, legal or security reasons.

Where do we send your data to

Visitor comments could be checked by an automated spam detection service.