Privacy Policy
1) Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Camelia Deleu, Ringenwalder Straße 26, 12679 Berlin, Germany, Tel.: 017672385123, E-Mail: pionii.candle@gmail.com. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data Collection When Visiting Our Website
2.1 When you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
-Our visited website
-Date and time of access
-Amount of data sent in bytes
-Source/referring URL from which you came to the site
-Browser used
-Operating system used
-IP address used (if applicable: in anonymized form)
Processing is carried out in accordance with Art. 6 (1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. Data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser’s address bar.
3) Hosting & Content Delivery Network
3.1 Shopify
We use the system of the following provider for hosting our website and displaying the pages:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
3.2 Fastly
We use a content delivery network (CDN) provided by the following provider:
Fastly Inc., 475 Brannan St. #300, San Francisco, CA 94107, USA
This service enables us to deliver large media files such as graphics, content, or scripts more quickly via regionally distributed servers. Processing takes place to safeguard our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 (1)(f) GDPR.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
4) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are deleted after you close your browser (so-called "session cookies"), while others remain on your device longer and allow us to save page settings (so-called "persistent cookies"). You can find the storage duration of each cookie in your browser’s cookie settings overview.
Where cookies process personal data, such processing is carried out either in accordance with Art. 6 (1)(b) GDPR for the performance of a contract, Art. 6 (1)(a) GDPR if consent is given, or Art. 6 (1)(f) GDPR to safeguard our legitimate interest in ensuring the best possible functionality of the website and a user-friendly and effective experience.
You can configure your browser to inform you when cookies are set and decide individually whether to accept them or reject cookies for specific cases or in general.
Please note that disabling cookies may limit the functionality of our website.
5) Contacting Us
As part of contacting us (e.g. via contact form or email), personal data is collected – exclusively for the purpose of processing and responding to your request, and only to the extent necessary.
The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 (1)(f) GDPR. If your contact aims to conclude a contract, the additional legal basis is Art. 6 (1)(b) GDPR. Your data will be deleted once it is clear from the circumstances that the relevant matter has been conclusively resolved and no legal retention obligations prevent deletion.
6) Data Processing When Opening a Customer Account
In accordance with Art. 6 (1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it when opening a customer account. The required data for account registration is shown in the input form on our website.
You can delete your customer account at any time by sending a message to the above-mentioned contact address. After deletion, your data will be deleted provided all related contracts have been fully processed, there are no legal retention obligations, and we have no legitimate interest in retaining the data.
7) Use of Customer Data for Direct Marketing
7.1 Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only required information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally.
We use the so-called double opt-in procedure to ensure that you only receive newsletters after explicitly confirming your subscription via a verification link sent to your email.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1)(a) GDPR. We record your IP address and the time of registration to detect possible misuse of your email address.
Your data is used exclusively for sending the newsletter. You can unsubscribe at any time via the link in the newsletter or by contacting us directly. After unsubscribing, your email address will be deleted from our mailing list unless you have expressly consented to further use of your data or we reserve the right to use data in ways permitted by law.
7.2 Klaviyo
We send our newsletters via the following provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA.
Based on our legitimate interest in effective and user-friendly newsletter marketing (Art. 6 (1)(f) GDPR), we pass on the data provided when subscribing to the newsletter to this provider.
With your explicit consent (Art. 6 (1)(a) GDPR), the provider also performs statistical evaluations of newsletter campaigns using web beacons or tracking pixels to measure open rates and user interactions. Device information (e.g. IP address, browser, OS) may be collected, but not combined with other data.
You can revoke your consent for newsletter tracking at any time with future effect.
We have concluded a data processing agreement with the provider that protects our site visitors’ data and prohibits sharing with third parties.
For data transfers to the U.S., the provider adheres to the EU-U.S. Data Privacy Framework, ensuring compliance with EU data protection levels.
8) Data Processing for Order Fulfillment
8.1 If necessary for contract fulfillment for shipping and payment purposes, we will pass on the personal data collected by us to the contracted shipping company and the contracted financial institution, in accordance with Art. 6 (1)(b) GDPR.
If we are obliged under a relevant contract to provide updates for products with digital elements or for digital products, we will use the contact details you provided during ordering to inform you personally in accordance with our legal obligations under Art. 6 (1)(c) GDPR. Your contact details will be used strictly for this purpose and only to the extent necessary.
In order to fulfill your order, we also work with the following service provider(s), who support us either fully or partially in the execution of concluded contracts. Certain personal data is transmitted to these service providers as explained below.
8.2 Disclosure of Personal Data to Shipping Service Providers
- GLS
We use the following provider as a shipping service: General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 – 7, 36286 Neuenstein, Germany.
We may pass on your email address and/or phone number to the provider prior to delivery for the purpose of scheduling a delivery or providing delivery updates, provided you gave your explicit consent to this during the ordering process in accordance with Art. 6 (1)(a) GDPR.
Otherwise, we will only share the recipient's name and delivery address with the provider for the purpose of delivery in accordance with Art. 6 (1)(b) GDPR. The data will only be shared to the extent necessary for the delivery of the goods. In this case, advance delivery scheduling or notification is not possible.
You may revoke your consent at any time with future effect by contacting the above-mentioned data controller or the shipping provider directly.
8.3 Use of Payment Service Providers (Payment Services)
- Shopify Payments
This website offers one or more online payment methods via the following provider: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
If you select a payment method where you pay in advance (e.g. credit card), your payment data (including name, address, bank/card details, currency, and transaction number), as well as details of your order will be shared with the provider in accordance with Art. 6 (1)(b) GDPR.
Your data will be transmitted only as necessary for the processing of the payment.
9) Website Functionalities
Google Web Fonts
This site uses so-called web fonts provided by the following provider for uniform font display:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When you access a page, your browser loads the required web fonts into its cache to display texts and fonts correctly and establishes a direct connection to the provider's servers. Certain browser information, including your IP address, is transmitted to the provider in this process.
Data may also be transmitted to: Google LLC, USA.
The processing of personal data as part of connecting to the font provider only occurs if you have given us your explicit consent under Art. 6 (1)(a) GDPR. You can revoke your consent at any time with future effect by disabling this service in the “cookie consent tool” provided on our website. If your browser does not support web fonts, a standard font from your computer will be used.
The provider has joined the EU-U.S. Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
For more information on Google's data protection policy, visit:
https://business.safety.google/intl/en/privacy/
11) Rights of the Data Subject
11.1 Applicable data protection law grants you the following rights with respect to the processing of your personal data by the data controller (information and intervention rights), where reference is made to the relevant legal basis for each condition of exercise:
-Right of access according to Art. 15 GDPR;
-Right to rectification according to Art. 16 GDPR;
-Right to erasure according to Art. 17 GDPR;
-Right to restriction of processing according to Art. 18 GDPR;
-Right to notification according to Art. 19 GDPR;
-Right to data portability according to Art. 20 GDPR;
-Right to withdraw consent given according to Art. 7(3) GDPR;
-Right to lodge a complaint according to Art. 77 GDPR.
11.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THIS PROCESSING ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
12) Duration of Storage of Personal Data
The duration of the storage of personal data is determined based on the respective legal basis, the purpose of processing, and – if applicable – the statutory retention period (e.g. commercial and tax retention periods).
If personal data is processed on the basis of an explicit consent pursuant to Art. 6(1)(a) GDPR, such data is stored until the data subject withdraws their consent.
If statutory retention periods exist for data that is processed within the scope of contractual or quasi-contractual obligations on the basis of Art. 6(1)(b) GDPR, such data is routinely deleted after expiration of the retention periods, provided it is no longer required for contract performance or initiation and/or there is no legitimate interest on our part in continued storage.
If personal data is processed on the basis of Art. 6(1)(f) GDPR, it is stored until the data subject exercises their right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or if the processing serves the establishment, exercise, or defense of legal claims.
If personal data is processed for the purpose of direct marketing on the basis of Art. 6(1)(f) GDPR, such data is stored until the data subject exercises their right to object under Art. 21(2) GDPR.
Unless otherwise stated in the specific information in this privacy policy, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
Copyright Notice: These legal texts (General Terms and Conditions and Privacy Policy) were created by the specialist lawyers of the IT-Recht Kanzlei and are protected by copyright. (https://www.it-recht-kanzlei.de)
