Privacy Policy

Data Privacy Statement

Thank you for your interest in our company. Data protection is a very high priority for the management of Just Fashion GmbH.
It is in principle possible to visit the website of Just Fashion GmbH without entering any personal data. It may be necessary to process personal data, however, if a person wishes to use or purchase particular services offered by our company through our website. Where this is necessary, personal data are processed on the basis of point (b) of Art. 6 (1) of the European General Data Protection Regulation (GDPR).

The processing of personal data, such as the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in compliance with the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). This Data Privacy Statement sets out the type and scope of personal data collected by our company and informs the public about the purposes for which they are used and processed. Data subjects are also advised of their rights in this Data Privacy Statement.

As the controller responsible for the data processing, Just Fashion GmbH has put numerous technical and organisational measures in place to ensure the best possible protection of personal data processed via this website. Gaps in security may arise when transmitting data over the internet, however, therefore absolute protection cannot be guaranteed. For this reason, every data subject is free to use alternative ways of providing us with personal data, such as by telephone.

1. Definition of terms

This Data Privacy Statement is based on the terms used by European regulators when adopting the General Data Protection Regulation (GDPR). Our Data Privacy Statement is intended to be easy to read and understand, both for the public and for our customers and business partners. We would like to begin by explaining the terms used so as to guarantee that we have achieved this intention.
Some of the terms used in this Data Privacy Statement are defined below:

a) Personal data

Personal data are pieces of information relating to an identified or identifiable natural person (referred to below as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, or to an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for their processing.

c) Processing

Processing is the term used to denote any operation or series of operations which is performed in connection with personal data, with or without the aid of automated procedures, such as collection, recording, organisation, filing, storage, adaptation, modification, readout, retrieval, usage, disclosure by transmission, dissemination or other form of provision, alignment or connection, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is a procedure in connection with stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling is any form of automated processing of personal data which involves the use of these personal data to evaluate certain aspects relating to a natural person, in particular to analyse or predict aspects pertaining to the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of this person.

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or party responsible for the processing

The controller or the party responsible for the processing is the natural or legal person, public authority, agency or other body who or which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

The processor is a natural or legal person, public authority, agency or other body who or which processes personal data on behalf of the controller.

i) Recipient

The recipient is a natural or legal person, public authority, agency or another body to whom or to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who or which, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of wishes by which the data subject signifies agreement to the processing of his or her personal data by a statement or by clear affirmative action.

2. Name and address of the controller for processing

The controller as defined in the General Data Protection Regulation, the Federal Data Protection Act (BDSG) and other data protection legislation is:
Just Fashion GmbH
Paul-Seydel-Straße 13
09212 Limbach-Oberfrohna
Tel.: 03722/6002-37
email: info@cottoncandy-fashion.de
Web: http://www.cottoncandy-fashion.de

3. Name and address of the company data protection officer

An external data protection officer has been appointed for Merchtex GmbH. You can contact our company data protection officer at the following address:
Mr Darian Weber
Secuda Solutions
Schulstraße 9
09481 Scheibenberg
Mobile: 0179 2497316
email: info@cottoncandy-fashion.de

4. Cookies

The website uses cookies. Cookies are text files which are placed and stored on a computer system via an internet browser.

A large number of websites and servers use cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which web pages and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the web pages visited and the servers to distinguish the individual browser of the data subject from other internet browsers which contain other cookies. A specific internet browser can be recognised and identified by the unique cookie ID.

The use of cookies makes it possible to provide the users of this website with more user-friendly services than would be possible without cookies.

The information and features offered on our website can be optimised for the user by means of a cookie. As already mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for visitors to use our website.

The data subject can prevent the setting of cookies by our website at any time by setting the internet browser as appropriate and permanently objecting to the setting of cookies. Furthermore, cookies which have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all commonly used internet browsers. If the data subject disables the setting of cookies in the internet browser, it may not be possible to make full use of all the functions on our website.

5. Use of web fonts

External fonts (Google Fonts) are used on this website. Google Fonts is a service provided by Google Inc. (“Google”). These web fonts are integrated by means of a server request, usually through a Google server in the USA. In the process, the server will be told which of our web pages you have visited. The IP address of the browser of the end device used by the visitor to these web pages will also be stored by Google. Further information can be found in the Google data privacy policy which you can access here:
www.google.com/policies/privacy/
https://fonts.google.com/about

6. Use of Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). The Google Analytics service uses “cookies” which are text files placed on your computer enabling an analysis of your use of the website. The information generated by the cookie about your use of this website is generally sent to a Google server in the USA and stored there. If you enable the IP address anonymity function on this website, however, then your IP address will be abbreviated beforehand by Google within Member States of the European Union and in other signatories to the Treaty on the European Economic Area. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of our website, to compile reports on the website activities and to provide additional services to the website operator in connection with the use of the website and the internet. The IP address transmitted by your browser as part of Google Analytics will not be associated with other Google data. You can prevent the storing of cookies on your computer by making the corresponding settings in your browser software. Please note, however, that if you do so you may not be able to make full use of all functions of this website. You may also prevent Google from tracking and processing the data generated by the cookies relating to your use of the website (including your IP address) by clicking on the following link and downloading and installing the browser plug-in provided (insert link here. The current link is: http://tools.google.com/dlpage/gaoptout?hl=de). In view of the discussion about the use of analysis tools with full IP addresses, we would like to point out that this website uses Google Analytics with the extension “_anonymizeIp()” and therefore IP addresses are only processed in abbreviated form in order to prevent direct personal reference.

7. Use of Google reCAPTCHA

In order to ensure sufficient data security during the transmission of forms, we use the reCAPTCHA service provided by Google Inc. in certain cases, primarily to distinguish whether the data are being entered by a natural person or by machine and automated processing tools and so uncover abusive practices. The service includes sending the IP address to Google along with any other data required by Google for the reCAPTCHA service. The differing data privacy terms set out by Google Inc. apply in this case. For more information about the Google Inc. data privacy policy, please visit http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/

8. Collection of general data and information

Every time a data subject or an automated system accesses the website, the website collects a series of general data and information. These general data and information are stored in the server log files. The data recorded may include (1) the browser types and versions used, (2) the operating system used by the system accessing the site, (3) the website from which a system gains access to our website (known as the referrer), (4) the subpages which are visited on our website through the system gaining access, (5) the date and time of the website visit, (6) an Internet Protocol address (IP address), (7) the internet service provider of the system gaining access, and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.

When using these general data and information, the controllers do not determine the identity of the data subject. This information is required to (1) deliver our website content correctly, (2) to optimise our website content and the advertising for the website, (3) to ensure the permanent operability of our information technology systems and our website technology, and (4) to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack. These data and information are collected anonymously and are therefore evaluated statistically by the controllers on the one hand and also with the aim of increasing data protection and data security in our company with the ultimate aim of ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all the personal data provided by a data subject.

9. Contact via the website

Due to statutory regulations, the website contains information which enables rapid electronic contact with our company and direct communication with us, also including a general address for electronic mail (email address). If a data subject contacts the data controller by email or by means of a contact form, the personal data transmitted by the data subject will be saved automatically. Any such personal data voluntarily sent to the controller responsible for data processing by a data subject will be saved for the purposes of processing the case or contacting the data subject. These personal data will not be passed on to third parties.

10. Google Maps plug-in

We use a plug-in of the internet service Google Maps on our website. Google Maps is operated by Google Inc. located in the USA, CA 94043, 1600 Amphitheatre Parkway, Mountain View. When you use Google Maps on our website, information about the use of this website and your IP address will be transmitted to a Google server in the USA and also stored on this server. We have no knowledge of the exact content of the data transmitted, nor of their use by Google. In this context, the company does not allow the linking of data with information from other Google services and the collection of personal data. However, Google may transfer the information to third parties. If you disable JavaScript in your browser, you will prevent Google Maps from running, but then you will not be able to use the map displayed on our website. By using our website, you consent to the collection and processing of the information by Google Inc. More details on the data privacy policy and the terms of use for Google Maps can be found here: https://www.google.com/intl/de_de/help/terms_maps.html.

11. Routine erasure and blocking of personal data

The controller responsible for data processing will process and store the personal data of the data subject only for the time necessary to achieve the purpose for which the data are stored, or to the extent dictated by European regulators or by another legislator in laws or regulations to which the controller is subject. If the storage purpose ceases to apply, or if a storage period prescribed by European regulators or by another legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

12. Rights of the data subject

a) Right to confirmation

Every data subject is granted the right by European regulators to ask the controller for confirmation as to whether personal data concerning the data subject are being processed. Any data subject wishing to exercise this right to confirmation may contact our data protection officer or another employee of the data controller at any time.

b) Right of access

Any data subject whose personal data are processed is granted the right by European regulators to obtain, at any time and free of charge, information from the controller about the personal data concerning the data subject which are stored and a copy of this information. The data subject also has a right of access to information as to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information on the appropriate safeguards in connection with the transfer. Any data subject wishing to exercise this right of access to information may contact our data protection officer at any time.

c) Right to rectification

Any data subject whose personal data are processed is granted the right by European regulators to request the rectification of incorrect personal data without undue delay. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement. Any data subject wishing to exercise this right to rectification may contact our data protection officer at any time.

d) Right to erasure (right to be forgotten)

Any data subject whose personal data are processed is granted the right by European regulators to ask the data controller to erase the personal data concerning the data subject without undue delay where one of the following grounds applies and insofar as the processing is not necessary:

The personal data are no longer needed for the purposes for which they were collected or otherwise processed.
The data subject withdraws consent on which the processing was based pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR and there is no other legal basis for the processing.
The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
The personal data have been processed unlawfully.
The erasure of the personal data is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.
The personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
If one of the aforementioned grounds applies and a data subject wishes to have personal data stored by the controller erased, the data subject may contact our data protection officer at any time. The data protection officer will arrange for the request for erasure to be complied with without delay.

e) Right to restriction of processing

Any data subject whose personal data are processed is granted the right by European regulators to ask the controller to restrict the data processing if one of the following conditions applies:
The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of their use.
The controller no longer needs the personal data for the relevant processing purposes but they are required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to the processing pursuant to Art. 21 (1) GDPR pending verification as to whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions applies and a data subject wishes to request the restriction of personal data stored by the controller, the data subject may contact our data protection officer at any time. The data protection officer will arrange for processing to be restricted.

f) Right to data portability

Any data subject whose personal data are processed is granted the right by European regulators to receive the personal data which have been provided by the data subject to a controller in a structured, commonly used and machine-readable format. The data subject also has the right to transmit these data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR or on a contract pursuant to point (b) of Art. 6 (1) GDPR and where the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In exercising the right to data portability pursuant to Art. 20 (1) GDPR, the data subject also has the right to have the personal data transmitted directly from one controller to another, where this is technically feasible and does not adversely affect the rights and freedoms of others. The data subject may contact the data protection officer appointed by the controllers at any time in order to exercise the right to data portability.

g) Right to object

Any data subject whose personal data are processed is granted the right by European regulators to object, on grounds relating to his or her particular situation, at any time to the processing of his or her personal data which is carried out on the basis of point (e) or point (f) of Art. 6 (1) GDPR. This also applies to any profiling based on these provisions. Where objections are raised, the controllers will then no longer process the personal data unless we can show compelling legitimate grounds for their processing which override the interests, rights and freedoms of the data subject, or if the data are processed for the establishment, exercise or defence of legal claims. The data subject may contact the data protection officer appointed by the controllers at any time in order to exercise the right to object.

h) Right to withdraw consent pursuant to data privacy law

Any data subject whose personal data are processed is granted the right by European regulators to withdraw consent to the processing of the personal data at any time. The data subject may contact the data protection officer appointed by the controllers at any time in order to exercise the right to withdraw consent.

i) Right to lodge a complaint with a supervisory authority

Any data subject who considers that the processing of his or her personal data infringes the GDPR has the right to lodge a complaint with a supervisory authority. The supervisory body for Just Fashion GmbH is the commissioner for data protection in the federal state of Saxony (Der Sächsische Landesdatenschutzbeauftragte). For further information please visit https://www.saechsdsb.de .

13. Legal basis for the processing

Personal data are processed for the fulfilment of a contract to which the data subject is a party. This might be the case, for example, if processing operations are necessary for the delivery of goods or the provision of another service or consideration. The processing is therefore based on point (b) of Art. 6 (1) GDPR.

14. Duration of storage of personal data

The statutory retention period which applies in any given case is the relevant criterion for the term of storage of personal data. Once the term has expired, the corresponding data will be routinely erased, provided that they are no longer required for the fulfilment or initiation of a contract.

15. Statutory or contractual regulations governing the provision of personal data; necessity for conclusion of contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide the data

We should advise you that the provision of personal data is prescribed by law in some cases (e.g. tax regulations) or may also be required as a result of contractual arrangements (e.g. information on the contractual partner). It may occasionally be necessary, in respect of the conclusion of a contract, for a data subject to provide us with personal data which must subsequently be processed by us. The data subject is obliged to provide us with personal data if, for example, our company enters into a contract with the data subject. Failure to provide the personal data would render it impossible to enter into the contract with the data subject. The data subject is required to contact our data protection officer before providing personal data. Our data protection officer will advise the data subject on a case-by-case basis as to whether the provision of personal data is prescribed by law, required under a contract or necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences would ensue from failure to provide the personal data.

16. Automated decision-making systems

As a responsible company, we do not engage in automated decision-making or profiling.