Scope of the processing of personal data

In principle, we only process personal data about our users to the extent necessary to provide a functional website and our content and services. The processing of personal data for our users takes place regularly only with the user’s consent. An exception applies in cases where prior approval cannot be obtained for practical reasons and the processing of the data is permitted by law.

Legal basis for the processing of personal data

To the extent that we obtain the data subject’s consent for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) of the GDPR serves as the legal basis. This also applies to processing measures that are necessary to implement measures before the contract.

To the extent that the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) of the GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) of the GDPR is the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and if the data subject’s interests, fundamental rights and freedoms do not outweigh the former interest, Article 6 (1) (f) of the GDPR serves as the legal basis for the processing.

Data erasure and storage time

The person’s personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this is provided for by the European or national legislator in Union rules, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period provided for in the said standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

Providing the website and creating log files

Description and scope of data processing

Each time our website is opened, our system automatically collects data and information from the calling computer’s computer system.

The following information is collected:

Information about browser type and which version is used

2. The user’s operating system
3. The user’s ISP
4. The user’s IP address
5. Date and time of access
6. Websites from which the user’s system came to our website
7. Websites accessed by the user’s system via our website

The information is also stored in the log files in our system. This information is not stored together with other personal information about the user.

Legal basis for data processing

The legal basis for temporary storage of data and log files is Article 6 paragraph 1 lit. f GDPR.

Purpose of data processing

The system’s temporary storage of the IP address is necessary for the website to be delivered to the user’s computer. To do this, the user’s IP address must be saved throughout the session.

The storage in log files takes place to ensure the functionality of the website. In addition, we use the information to optimize the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing under Article 6 (1) (lit). f GDPR is also for these purposes.

Storage time

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. When it comes to collecting data for the provision of the website, this is the case when each session has ended.

If data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or removed so that it is no longer possible to assign the access client.

Options for opposition and removal

Collection of data for the provision of the website and storage of data in log files is crucial for the operation of the website. Consequently, there is no possibility for the user to object.

Use of cookies

1. a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the browser or by the browser on the user’s computer system. When a user calls a website, a cookie can be stored in the user’s operating system. This cookie contains a characteristic string of characters that allows the browser to be clearly identified when the website is reopened.

We use cookies to make our website more user-friendly. Some parts of our website require that the calling browser can also be identified after changing pages.

The following data is stored and transferred in the cookies:

1. language settings
2. Items in a shopping cart

Login information

1. b) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6 (1) (f) of the GDPR.

1. c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions on our website can not be offered without the use of cookies. For this, it is necessary that the browser is recognized even after page switching.

We need cookies for the following applications:

1. cart
2. Approval of language settings
3. Remember search terms

User data collected by technically necessary cookies is not used to create user profiles.

Our legitimate interest in the processing of personal data in accordance with Article 6, paragraph 1, lit. f GDPR lies in these purposes.

1. e) Storage time, possibility of objection and removal

Cookies are stored on the user’s computer and transferred to our website from there. As a user, you therefore have full control over the use of cookies. You can disable or restrict the transfer of cookies by changing the settings in your browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions on the website can be used to their full extent.

Registration

Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal information. The information is entered into an input mask and transferred to us and stored. Data is not transferred to third parties. The following information is collected during the registration process:

At the time of registration, the following information is also stored:

1. The user’s IP address
2. Date and time of registration

As part of the registration process, the user’s consent to the processing of this data is obtained.

Legal basis for data processing

If the user has given his consent, the legal basis for the processing of the data is Article 6 (1) (a) of the GDPR.

If the registration serves to fulfill an agreement to which the user is a party or to carry out actions before contractual agreements, the additional legal basis for the processing of the data is Article 6 (1) (b) of the GDPR.

Purpose of data processing

Registration of the user is required to fulfill an agreement with the user or to implement measures before the agreement.

Data processing at

entering into a contract If you register on one of our websites and / or enter into a purchase agreement with us, we will process the information required to enter into, implement or terminate the agreement with you. Which includes:

• First Name Last Name
• Billing and delivery address
• Email address

Invoicing and payment data

• Date of birth
• Telephone number

The legal basis for this is Article 6, paragraph 1, letters a) and b) GDPR, ie. you give us the information on the basis of the respective contractual relationship (eg to keep your customer / user account, process a sales contract) between you and us. The processing of your e-mail address in the event of a purchase via our websites, we also depend on legal requirements in the Civil Code (PGI for having to deliver), an electronic order confirmation, committed (Article 6.1, paragraph 1) c) DSGVO).

We store the information collected for the performance of the contract during the term of the contract and until the end of the statutory or any contractual guarantee and guarantee rights. After this period has expired, we retain the information about the contractual relationship required by business and tax law during the periods specified in the law. During this period, the data will only be processed again during an audit by the tax authorities.

The following data processing is also required to process a purchase agreement via our website:

Your payment information will be forwarded to payment service providers on behalf of us, who process the payment / payments. We pass on information about your delivery address to logistics companies and delivery partners on behalf of us. To ensure that the goods are delivered according to your wishes, we send your e-mail address and, where applicable, the telephone number to the logistics company and / or shipping partner we have ordered, who will take over the delivery. If needed, they will contact you before delivery to coordinate delivery information with you. The respective data is transferred only for the respective purpose and deleted again after delivery.

Storage time

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

This is the case during the registration process to fulfill a contract or to implement measures before contractual agreements when the information is no longer needed for the performance of the contract. Even after the agreement has been concluded, it may be necessary to save personal data about the contractual partner in order to fulfill contractual or legal obligations.

Options for opposition and removal

As a user, you have the opportunity to cancel your registration at any time. You can change the information about you at any time.

To do this, please inform us of your request by email to

piercingschoolonline@hotmail.com

If the information is required to fulfill a contract or to carry out actions before contractual agreements, premature deletion of the information is only possible if there are no contractual or legal obligations to prevent deletion.

Legal basis for data processing

If the user has given his consent, the legal basis for the processing of the data is Article 6 (1) (a) of the GDPR.

The legal basis for processing the data transmitted in the sending of an e-mail is Article 6 (1) (lit). f GDPR. If the purpose of the e-mail contact is to enter into a contract, the additional legal basis for the processing is Article 6, paragraph 1 lit. b GDPR.

Payments

We process your payment information for payment processing, eg when you buy a product via www.piercingschoolonline.com. Depending on the payment method, we pass on your payment information to third parties.

The legal basis for this data processing is Article 6 (1) (a), Article 6 (1) (b), GDPR and Article 6 (1) (f) of the GDPR.

 PayPal

When you pay via PayPal, your payment details will be forwarded to PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. PayPal reserves the right to make a credit check for the payment methods of the payment methods via PayPal, direct debit via PayPal or – if offered – “purchase on account” via PayPal. PayPal uses the results of the credit check with respect to the statistical probability of default in order to decide on the provision of the respective payment method. The credit report can contain probability values (so-called point values). In terms of credit values included in the results of the credit report, these are based on a scientifically recognized mathematical-statistical procedure. Address data is included in the calculation of the point values. For more information on data protection, including the credit bureaus used, see PayPal’s privacy policy:                                                    https: //www.paypal.com/de/webapps/mpp/ua/privacy-full

The data subject’s rights

If your personal data is processed, you are affected in accordance with the GDPR and you have the following rights towards the person responsible:

right to provide information

You can request confirmation from the person in charge if we process personal data concerning you.

If such treatment is available, you can request the following information from the responsible person:

(1) the purposes for which personal data are processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to whom personal information about you has been disclosed or is still disclosed;

(4) the planned duration of storage of your personal data or, if specific information is not available, criteria for determining the storage period;

(5) the existence of a right to the correction or deletion of your personal data, a right to restrict the processing of the responsible person or a right to object to this processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) all available information on the origin of the information if the personal data is not collected from the data subject;

(8) The existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information on the logic and scope and intended effects of such processing on the data subject.

You have the right to request information on whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request information on appropriate guarantees in accordance with Article 46 GDPR in connection with the transfer.

Right to rectification

You have the right to correction and / or supplementation towards the person responsible if the processed personal data about you is incorrect or incomplete. The person in charge must correct immediately.

Right to limitation of treatment

You can request that the processing of your personal data be restricted on the following conditions:

(1) if you dispute the accuracy of the personal data that applies to you during a period of time that enables the person responsible to check the accuracy of the personal data;

(2) the processing is illegal and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

(3) the person responsible no longer needs the personal data for the processing purposes, but you need them to assert, exercise or defend legal claims, or

(4) if you have objected to the treatment in accordance with Article 21 (1) of the GDPR and it has not yet been determined whether the legitimate reasons for the person responsible outweigh your reasons.

If the processing of your personal data has been restricted, in addition to storage – this data may only be permitted with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of great public interest processed by the Union or a Member State.

If the treatment restriction has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.

Right to cancel

1. Ironing obligation

You can request that the responsible person delete the personal data that concerns you immediately, and the responsible person is obliged to delete this data immediately if any of the following reasons apply:

(1) The personal data relating to you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You revoke your consent based on the processing in accordance with Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, and there is no other legal basis for the processing.

(3) You oppose the processing in accordance with Article 21 (1) of the GDPR and there are no compelling legitimate reasons for the processing, or you oppose the processing in accordance with Article 21 (2) of the GDPR.

(4) The personal data concerning you has been processed illegally.

(5) The erasure of your personal data is necessary in order to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

(6) The personal data relating to you was collected in relation to the information society services offered in accordance with Article 8 (1) of the GDPR.

Information to third parties

If the person responsible has published the personal data concerning you and is obliged to delete them in accordance with Article 17 (1) of the GDPR, he shall take appropriate measures, including technical measures, to take into account available technology and implementation costs, to make that person who is responsible for the data processing that processes the personal data, that you as a registrant have requested them to remove all links to this personal data or copies or replicas of this personal data.

Exception

The right to erasure does not exist if the treatment is necessary

(1) to exercise the right to freedom of expression and information;

(2) To fulfill a legal obligation requiring treatment under Union law or the Member States to which the person responsible is subject, or to perform a task which is in the public interest or in the exercise of official authority transferred to the person responsible;

(3) of public interest in the field of public health in accordance with Article 9 (2) and (h) and Article 9 (3) of the GDPR;

(4) for archiving in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, in so far as the right referred to in subparagraph (a) is likely to make the objectives of such processing impossible; severely impairs it, or

(5) for the establishment, exercise or defense of legal claims.

1. Right to be informed

If you have claimed the right to correct, delete or limit the processing against the person responsible, the responsible party is obliged to inform all recipients to whom the personal data about you has been disclosed about this correction or deletion of the data or restriction of the processing, unless this turns out to be impossible or involves a disproportionate effort.

You have the right to the person responsible to receive information about these recipients.

2. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, common and machine-readable format. You also have the right to transfer this information to another responsible person without hindrance from the person responsible to whom the personal data was provided, provided that

(1) the processing is based on consent in accordance with Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or on a contract in accordance with Article 6 (1) (b) of the GDPR; and

(2) the treatment is performed using automated procedures.

When you exercise this right, you also have the right to have the personal data about you transferred directly from one responsible person to another responsible person, insofar as it is technically feasible. This must not impair other people’s freedoms and rights.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is of public interest or takes place in the exercise of official authority that has been transferred to the person responsible.

3.Right to object

You have the right, for reasons arising from your specific situation, to object at any time to the processing of your personal data, which is based on Article 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these regulations.

The responsible person will no longer process the personal data concerning you unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing helps to assert, exercise or defend legal claims.

If the personal data related to you is processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of making such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, the personal data about you will no longer be processed for these purposes.

In connection with the use of information society services – notwithstanding Directive 2002/58 / EC – you have the opportunity to exercise your right to object by means of automated processes using technical specifications.

4. The right to revoke the declaration of consent according to the Data Protection Act

You have the right to revoke your consent at any time under the Data Protection Act. Revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until the revocation.

5. Automated decision in individual cases including profiling

You have the right not to be the subject of a decision that is based solely on automated processing – including profiling – that has legal effects on you or that significantly affects you in a similar way. This does not apply when you make the decision

(1) is necessary for the conclusion or implementation of an agreement between you and the responsible person;

(2) is permitted on the basis of Union or Member State law to which the person responsible is subject and this law contains appropriate measures to protect your rights and freedoms and your legitimate interests

(3) takes place with your express consent. However, these decisions may not be based on specific categories of personal data under Article 9 (1) of the GDPR, unless Article 9 (2) lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases mentioned in (1) and (3), the responsible person shall take appropriate measures to protect the rights and freedoms and your legitimate interests, including at least the right to have the intervention of a person by the person responsible, to express his own position and was heard to challenge the decision.

6. Right to complain to a supervisory authority

Without prejudice to other administrative or legal measures, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you live, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data is in breach of the GDPR. .

The supervisory authority to which the complaint was lodged informs the complainant of the status and outcome of the complaint, including the possibility of redress in accordance with Article 78 of the GDPR.

Data security

All information that you personally transfer, including your payment information, is transferred with the generally accepted and secure SSL standard (Secure Socket Layer). SSL is a secure and proven standard that is also used in, for example, online banking. You can recognize a secure SSL connection by connecting to http (ie https: // …) in the address bar of your browser or by the lock symbol in the lower part of the browser.

We also use appropriate technical and organizational security measures to protect your personal data stored by us against tampering, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technical developments

Email: piercingschoolonline@hotmail.com

Website: www.piercingschoolonline.com