When you use our website, personal information about you will be collected. This can be done by entering the data independently - such as e.g. your e-mail address. Our system also collects data from you automatically, while you visit our website. This is done regardless of which device or software you use our website.
Any input of data by you on our website is voluntary, there are no disadvantages for you in case of not providing your data. Without certain data, however, it is not possible for us to provide services or to conclude contracts. We will inform you about such mandatory information.
On this website, personal data of the user are collected only in the context of the applicable data protection law, in particular the General Data Protection Regulation (DSGVO). The technical terms used in the text are explained in more detail in Article 4 of the GDPR.
Data processing is permitted according to the GDPR, especially in three cases:
- according to article 6 paragraph 1 lit. b DSGVO, if the processing of your personal data is necessary for the initiation, conclusion or execution of a contractual relationship;
- according to article 6 paragraph 1 lit. f DSGVO, if, after a balancing of interests, the processing is necessary to safeguard our legitimate interests; this includes, in particular, our interests in analyzing, optimizing and securing the offer on our website - in particular an analysis of user behavior, the creation of profiles for advertising purposes and the storage of access data as well as the use of third-party providers.
Inventory data, usage data and advertising
We collect inventory data (e.g. name, e-mail address, possibly used services) as far as they are necessary for the establishment, content or modification of a contractual relationship between us and the user.
Furthermore, we collect usage data (e.g. visits to the website, interest in products) in order to enable and bill the use of the services on our website by the user.
The legal basis for this data processing are on the one hand our legitimate interests according to article 6 paragraph 1 lit. f DSGVO in the analysis of the website and its use, and if necessary, the legal permission to store data in the context of the initiation of a contractual relationship in accordance with article article 6 paragraph 1 lit. b DSGVO.
Furthermore, every time you use this website, our provider stores information, the so-called server log files, which are automatically transmitted by your browser. These are:
- Your IP-Adress,
- type and version of your browser,
- host name,
- visit time,
- the page from which you visited our site,
- name of the visited page,
- exact time of the visit, as well
- the transferred amount of data.
The data is used only for statistical purposes and do not allow us to identify you as a user.
Before sending any advertising, we will ask you for your explicit consent in accordance with Art. 4 No. 11 GDPR, as far as advertising of similar products that you have already purchased is concerned. This is done in particular if you give us the consent to send our newsletter or fill in a contact form.
As far as we ask you for your consent to process your data, we will inform you in clear language and easily accessible, for which cases you give your consent. Any consent requested by us is voluntary; any benefit that you wish to obtain by granting consent can be obtained without the consent, just ask us.
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
For each consent you have the right to revoke any consent given to us to process your personal information at any time. This can be done by an informal message, for example via our contact form, an e-mail to the e-mail address stated in the legal disclosure or an unsubscribe link (if offered by us). Your revocation does not affect the legality of the data processing carried out until then.
Your data will in general only be stored as long as the purpose of the respective data processing requires. Further storage is especially considered, if this is still necessary for the prosecution by us or due to our other legitimate interests or if we are legally obliged to keep your data (e.g. in the context of tax retention periods, which are in principle 6 or even 10 years).
Our website uses, within the scope of our legitimate interest in a technically flawless online offer and its economic-efficient design and optimization in accordance with article 6 paragraph 1 lit. f DSGVO, cookies, so that our offer can be used better, more effectively and more safely. Cookies are text files that are stored on your computer and store certain data about your user behavior on our site so that they can be used in a manner that corresponds to your previous use. These may be so-called "session cookies" that are automatically deleted at the end of your visit to our website. But there are also cookies that are permanently stored on your computer, unless you delete them. Then we will be able to recognize your browser the next time you visit our website and make offers to you that correspond to your previous use of our website.
You can permanently prevent the storage of cookies in your browser by downloading and installing the subsequently linked plugin. Here you will find more information.
Likewise, you may prevent the use of third-party cookies by opting out on the opt-out page of the Network Advertising Initiative in accordance with the instructions there. Here you will find more information. A similar offer can be found on this US website and this European service.
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
Transfer to third parties
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
We do not like spam any more than you do. Therefore, we will not share your data with third parties, unless this is permitted by law.
A transfer of your data can either
- be required for the fulfillment of a contract and then according to article 6 paragraph 1 lit. b DSGVO allowed or,
- based on our legitimate interest in an effective performance in accordance with article 6 paragraph 1 lit. f DSGVO be allowed,
- be covered by consent given by you or,
- become necessary if we have to deliver your data according to article 6 paragraph 1 lit. c DSGVO to a state or agency.
Transfer to foreign countries, especially USA
Our website uses external providers based outside the EU for various functions. In particular cookies, active Java scripts and other techniques may cause their data to be processed and stored outside the EU. However, we will not disclose your information to a third country unless the EU Commission has established comparable data protection as in the EU, or if you have given us your informed consent or if we have agreed with the provider the standard contractual clauses to protect your data. For the US, the Privacy Shield Agreement, see also https://www.privacyshield.gov/welcome, ensures that under certain conditions, sufficient data protection has been established again. For more information about your rights in each of the following transfers of information to the United States, see http://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf”
Rights of users Information
You can request information about the personal data stored by us at any time free of charge. This will require identification of your person to prevent abuse.
Deletion, correction, restriction
You may at any time request correction of incorrect data as well as a restriction or processing or the deletion of your data. We will then immediately correct, block or even delete your personal data, provided this does not conflict with legal reasons.
You may require us to transmit the data stored about you in machine-readable form.
Insofar as you feel that your rights have been infringed by our data processing, you can file a complaint with the competent supervisory authority (here you will find a list of authorities).
Encryption of data entry
When you enter data on our website, be it on a contact form, during a registration, log-in or for payment purposes, the website on which you enter the information is encrypted. As a result, third parties can not read what data you enter. You can see the encryption on the lock icon in your browser and that the address line starts with "https" instead of just "http".
Social Media Plugins
Social media plugins usually cause every visitor to be immediately tracked by these services with their IP address and their other browsing behavior logged. This can be done even if you do not press the button.
To prevent this, we use the Shariff method. In doing so, the direct contact between the social network and you will not be established by our social media buttons until you click on the respective share button. If you are already logged in to a social network, this will be done on Facebook and Google+ without another window.
You can publish our content on social networks without them being able to create complete surf profiles. The Shariff method is already being used by many websites to protect their users.
We use in the context of our legitimate interest in a technically flawless online offer and its economic-efficient design and optimization in accordance with article 6 (1) (f) DSGVO plugins of the social network of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. However, through the Shariff method, Facebook first learns about your IP address and your visit to our website when you have pressed the button. If you activate the plugin while you are logged in to Facebook, Facebook can assign your usage to your user account.
From the then possible collection and use of your data by Facebook, we have no knowledge and no influence. For more information, please visit the privacy statement of Facebook.
We use in the context of our legitimate interest in a technically flawless online offer and its economic-efficient design and optimization in accordance with article 6 (1) (f) DSGVO the tool Google Analytics by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94.043 USA. Thus the use of web pages can be analysed, thereby pseudonymous profiles of the users can be created from the data. For this purpose, Google uses various techniques, including cookies stored on your computer. These cookies store information about the use of our site, which we use to improve our offerings.
The data collected by Google are transmitted by Google to countries outside the EU, in particular the USA. Google has submitted to the Privacy Shield Framework, for more information about your rights, see http://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf
We have made additional arrangements to ensure that your data is adequately protected. We anonymize your IP address before sending it to Google. This was done by activating the Anonymizelp() function within the Google Analytics tracking code.
We've also entered into a data processing agreement with Google that will prevent Google from merging your information with other data collected by Google to determine your identity.
If this is not enough for you, you can also go to the link http://tools.google.com/dlpage/gaoptout?hl=de and download and install Google's browser plug-in to block Google Analytics, which blocks Google's collection and disclosure of your personal information.
Likewise, you can prevent the collection by Google Analytics by clicking on the following link: Deactivate Google Analytics
set an opt-out cookie, which also prevents the collection of your data.
If you order the newsletter offered on our site, we will inform you in detail about what we inform you about, what data of you is stored and what the data is used for. We will not share your information with third parties and will only use it to send you the newsletter.
We will only send the newsletter to you if you have given us your prior consent. For this you will receive an e-mail from us with a link and further information and a request for your consent. By clicking on this link, you agree to receive the newsletter and to advertise it to us.
Basis for the storage is your consent according to article 6 paragraph 1 lit. a DSGVO, which you give us by registering for the newsletter. You can revoke this consent at any time, an informal message to us is sufficient (e.g. by contact form or e-mail or unsubscribe link in each e-mail). The legality of the data processing carried out until then remains unaffected by this revocation.
Since we are legally bound to record your consent as part of the so-called double opt-in, your order of the newsletter, the sending of our consent mail and your consent by clicking on the link to place and time and your IP address will be logged and stored.
For the dispatch of the newsletter we (within the scope of our legitimate interest in a technically flawless processing of our customer information and analysis according to article 6 paragraph 1 letter f DSGVO) use the provider Klavixo Inc. (Klaviyo Inc., 225 Franklin St. Boston, Massachusetts 02110, USA) from the USA.
This will export your data to the US, but Klaviyo is registered with Privacy Shield and is required to comply with EU privacy rules. For more information about your rights, see http://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf.
Furthermore, our newsletter provider also uses this data, but only in pseudonymous form (i.e. without enabling your identification) to analyze and optimize your own service. Your data will never be used by you to contact you.
Your information will remain stored as long as it is stored in our e-mail list, it is still required to be stored by us or our other legitimate interests, as we are required by law to retain your information.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
We appreciate your visit to our website. First of all, we would like to introduce ourselves as a responsible body in the sense of data protection law:
Ferid Curri B2 Nr.2
10000 Pristina, XK
mail at girlysales.com
We would like to inform you about the collection and use of your personal information in accordance with our legal obligation.
When you click on links in our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Questions and contact information
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact us at mail at girlysales.com