a. Type and scope of data processing

On our website, we offer users the opportunity to purchase goods by providing personal information. The data required for this purpose is entered in an input field and transferred to us and stored by us. There is no transfer of the data to third parties. The following data is collected during the ordering process:

• Name
• Address
• Date of birth
• E-mail address
• Company name
• Telephone number

Your data will be forwarded to the shipping company engaged to perform delivery where this is necessary in order to deliver the goods to you. For processing of payments, we pass on your payment data to the bank responsible for payment. These companies may use your data only for purposes of order processing and not for any other purposes.

If you purchase goods on our website and provide your e-mail address there, we may use your e-mail address to send you a newsletter regarding similar goods or services provided by us.

b. Legal basis

Art. 6 (1) (b) GDPR is the legal basis for the processing of your personal data (see sec. 4.3 (a)) which is required to perform a contract of sale concluded with us. This also applies to processing operations required to carry out pre-contractual actions.

The legal basis for sending the newsletter following your purchase of goods is Art. 6 (1) (f) GDPR.

c. Storage period

Following complete performance of the contract and complete payment of the purchase price, your data will be blocked for further use and erased after expiry of the retention periods under tax law and commercial law, unless you have expressly consented to the further use of your data. In individual cases, we may store your data further if required by law.

4. Newsletter and contact

a. Type and scope of data processing

On our website, you have the option of subscribing to a free newsletter. In order to be in a position to send you our newsletter regularly, we will require the following information from you:

• Name
• E-mail address
• Address
• Telephone number
• Your request

No disclosure of your data to third parties takes place in connection with the forwarding of our newsletter to you.

For newsletter distribution, we use the so-called Double Opt-In procedure, i.e. we will only send you the newsletter if you confirm your registration via a confirmation e-mail sent to you for this purpose, using the link contained in it. We want to be sure that only you as the owner of the specified e-mail address can subscribe to the newsletter. Your confirmation must be sent to us promptly after receiving the confirmation e-mail, otherwise your newsletter subscription will automatically be deleted from our database.

b. Legal basis for despatch of newsletter

The processing of your e-mail address by MeloMelo Shop for forwarding our newsletter to you is based on the consent voluntarily provided by you in line with Art. 6 (1) (a) GDPR:

Consent:

By entering my data and pressing the “Send message” button, I declare my consent to the processing of my e-mail address, my name, my address, for regular newsletter mailings. I can unsubscribe at any time from the newsletter service by sending an e-mail to melomelo.pearls@gmail.com with the subject line “Unsubscribe”.

If you have not given your consent to the newsletter and you nevertheless have provided your e-mail address to MeloMelo Shop, processing will take place on the basis of Art. 6 (1) (f) GDPR (legitimate interest). You may object at any time to the forwarding of our newsletter in such case (see sec. 10).

c. Legal basis for contacts/customer database

The processing of your e-mail address by MeloMelo Shop for forwarding our newsletter to you is based on the consent voluntarily provided by you in line with Art. 6 (1) (a) GDPR:

Consent:

d. Storage period

Your e-mail address, first and last name, postal address, telephone number and the reason for your inquiry will remain stored so long as you have subscribed to the newsletter and/or wish to have your details entered on our customer database. After unsubscribing from the newsletter, your e-mail will only be used for contacting you personally. If you revoke the permission to process your personal data on our customer database, all of your personal data will be erased.

We may store your data further in individual cases, if required by law.

5. Contact

a. Type and scope of data processing

On our website, we offer you the option of contacting us via a form provided. As a part of the process of sending your inquiry to us using our contact form, we refer to this Privacy Policy in order to solicit your consent. If you use the contact form, the following personal data regarding you will be processed:

• E-mail address
• Title
• Name
• Telephone number
• Address

The provision of your e-mail address is for the purpose of being able to match your inquiry to you personally and respond to you. No disclosure of your personal data to third parties is made if you use our contact form.

b. Legal basis

The data processing described above (see sec. 4.5 (a)) for purposes of making contact is based on the consent voluntarily provided by you below in line with Art. 6 (1) (a) GDPR:

Consent:

By entering my data and pressing the “Send” button, I declare my consent to the processing of my e-mail address, my name, my telephone number and my address for responding to my contact inquiry.

I may revoke my consent to collection of the personal data collected during my use of the contact form at any time by emailing melomelo.pearls@gmail.com .

c. Storage period

As soon as we have dealt with the query you have sent to us and the matter in question has been concluded, the personal data which we have processed and you have provided via our contact form will be erased. In individual cases, we may store your data further if required by law.

Sec. 4 Disclosure of data

We will only disclose your data to third parties if:

• You have given your express consent in accordance with Art. 6 (1)(a) GDPR
• This is permitted by law and is required under Art. 6 (1) (b) GDPR in order to perform a contractual relationship with you
• A statutory obligation to disclose the data exists under Art. 6 (1) (c) GDPR
• Disclosure pursuant to Art. 6 (1) (f) GDPR is required to safeguard legitimate company interests and for purposes of asserting, exercising or defending legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data.

Sec. 5 Use of cookies

a. Type and scope of data processing

On our website, we use cookies. Cookies are small files that are sent to and stored by your devices’ browser as a part of your visit to our website. Some features of our website cannot be offered without the use of technically necessary cookies. Other cookies allow us to perform various analyses. Cookies are, for example, able to recognise the browser you are using when you visit our website again and are also able to forward various types of information to us. Amongst other things, we use cookies to make our website more user-friendly and effective, for example by tracking your use of our website and identifying your preferred settings (such as country and language settings). If third parties process information via cookies, they collect the information directly from your browser. Cookies do not damage your device. They cannot run programmes or contain any viruses.

Our website uses various types of cookies, the nature and function of which are explained in greater detail below.

Our website uses transient cookies, which are automatically deleted when you close your browser. This type of cookie allows us to record your session ID. This allows different requests from your browser to be matched with a single session, and enables us to recognise your device when you visit the website later on.

Through the use of these cookies, we are able to perform an analysis of your website usage and improve the performance and functionality of the website. For example, the cookies collect information about how our website is used by visitors, which pages are accessed most frequently, or whether error messages appear on certain pages.

b. Legal basis

Based on the purposes described (see sec. 6 (a)), the legal basis for processing personal data through the use of cookies is Art. 6 (1) (f) GDPR. If you have given us your consent to the use of cookies on the basis of a notice we have given on our website (“cookie banner”), the lawfulness of our use of your personal data will be additionally governed by Art. 6 (1) (a) GDPR.

c. Storage period

As soon as the data transferred to us via the cookies is no longer necessary for the purposes described above, we will erase the information. In individual cases, we may store your data further if required by law.

d. Configuration of browser settings

Most browsers are pre-set to accept cookies by default. However, you may configure your browser to accept only certain cookies or no cookies at all. However, we do point out that you may not be able to use all of the functions of our website if cookies are de-activated by your browser settings on our website. Your browser settings will also allow you to delete cookies already stored in your browser. It is also possible to set your browser to notify you before cookies are stored. Since various browsers may differ as to the way each of them functions, we would ask you to use the appropriate Help menu of your browser for configuration options.

If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plugins.

Sec. 6 Tracking and analysis tools

We use tracking and analysis tools to ensure continuous optimisation and tailor-made design of our website. By using tracking measures, it is also possible for us to statistically record the use of our website by visitors and further develop our website using the insights we have gained from the tracking measures. Based on these interests, our use of the tracking and analysis tools described below is justified under Art. 6 (1) (f) GDPR. If you have given us your consent to the use of cookies on the basis of a notice we have given on our website (“cookie banner”), the lawfulness of our use of your personal data will be additionally governed by Art. 6 (1) (a) GDPR. The description of the tracking and analysis tools set forth below also makes clear the respective purposes of processing and the data which is processed.

1. Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer permitting an analysis of your use of the website.

The information generated by these cookies, such as the time, place and frequency of your use of this website, is usually transmitted to and stored by Google on a server in the United States. When using Google Analytics, it cannot be ruled out that the cookies set by Google Analytics may collect other personal information in addition to your IP address. We wish to advise you that Google may transfer this information in certain circumstances to third parties, if required by law or if such third parties process this data on behalf of Google.

The information generated by cookies will be used by Google on behalf of the operator of this website to evaluate your use of the website, to compile reports on activity and to provide other services related to website and Internet usage to the website operator. By its own statement, Google does not link the IP address transmitted by your browser in connection with Google Analytics with any other data held by Google.

You can generally prevent the storage of cookies by setting your browser software accordingly. However, we wish to point out that in this case you may not be able to use all of the functions of this website to their full extent.

It cannot be ruled out that the cookies set by Google Analytics may collect other personal information in addition to your IP address. In order to prevent information about your use of the website from being collected by Google Analytics and transmitted to it, you may download and install a plugin for your browser from the following link: tools.google.com/dlpage/gaoptout. This plugin prevents information about your visit to the website from being transmitted to Google Analytics. This plugin does not prevent any other type of analysis.

We wish to point out that you cannot use the browser plugin described above if you visit our website via the browser of a mobile device (smartphone or tablet). When using a mobile device, you can provide Google Analytics from collecting your user information by clicking on the following link: Deactivate Google Analytics.

By clicking on this link, a so-called opt-out cookie is set in your browser. This prevents information about your visit to the website from being transmitted to Google Analytics. Please note that the opt-out cookie is only valid for this browser and this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted. To continue preventing Google Analytics tracking, you must click on the link again. The use of this opt-out cookie is also possible as an alternative to the above-referenced plugin when using the browser on your computer.

To ensure the best possible protection of your personal data, Google Analytics has been expanded to include the code “anonymizeIp” on this website. This code causes the last 8 bits of the IP address to be deleted and your IP address to be recorded anonymously (so-called IP masking). Your IP address will be truncated by Google as a basic rule before any transfer within Member States of the European Union or other parties to the Agreement on the European Economic Area, and thus anonymised. Only in exceptional cases will your full IP address be sent to a Google server in the United States and truncated there.

2. Hotjar

Hotjar, a web analysis service of Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, is used on our website. Hotjar stores the name of your Internet service provider, the website from which you come to Hotjar, the areas of the website you visit, the duration of your visit and information about the device (type of device, operating system, screen resolution, language, country you are located in and the type of browser) you use during your visit. Hotjar collects and stores your IP address only in truncated form. The IP address is collected and stored anonymously by suppressing the last eight characters so that your full IP address never reaches its server and Hotjar never has access to it.

Hotjar processes this usage data to facilitate your access to its services and to detect and prevent any misuse. Hotjar also processes anonymised usage data for statistical purposes and in order to improve its website.

Hotjar uses cookies to process data, such as standard Internet protocol data and details regarding behaviour patterns of users visiting the website. This is done to provide you with a better web experience and facilitate your use of certain features. Cookies are small files that are stored by websites on computers or other devices for purposes of recording and improving the functionality of the website. Hotjar stores this data in a pseudonymised user profile. This data is not processed for purposes of identifying individual users or to link it to other data of a user.

Cookies are stored on your device and you have unrestricted control over their use. You may disable cookies or restrict transmission of data by means of cookies by changing the settings of your web browser. Cookies which have already been stored may be deleted at any time. After deactivating cookies, you may not be able to use the functions of the website to their full extent.

Sec. 7 Plugins

1. Vimeo

Our website uses plugins from Vimeo.com, which is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. If you access the pages of our website by using a plugin of this kind, this will connect to Vimeo’s servers and the plugin will be displayed on the website via a message to your browser. This will transmit information to the Vimeo server regarding which of our website pages you have visited. If you are logged-in as a member of Vimeo, Vimeo will match this information with your personal user accounts on these platforms. By your use of these plugins, such as the click/start button on a video or by forwarding a comment, this information will be matched with your Vimeo user account, which you can only prevent by logging out before using the plugin.

Information on the collection and use of data by the platforms or plugins referred to above may be found in Vimeo’s privacy policy: vimeo.com/privacy.

2. Youtube

For integrating videos, we also use the provider YouTube. YouTube is operated by YouTube LLC, which is headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

On several of our website pages, we use plugins from YouTube. If you access pages from our website which have that plugin (for example our Media Library), this will create a connection to YouTube’s servers and the plugin will be displayed. This also communicates to the YouTube server which of our website pages you have visited. If you are logged in as a member of YouTube, YouTube will match this information with your personal account. When using the plugin such as by clicking the start button on a video, this information will likewise be matched with your user account. You can prevent this linkage by logging out of your YouTube user account and other user accounts of YouTube LLC and Google Inc. before using our website and deleting the relevant cookies from those companies.

For more information regarding data processing and privacy from YouTube (Google), please visit www.google.de/intl/de/policies/privacy/.

3. Instagram

This website also includes plugins from the social network Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram”). You can recognize the Instagram plugin by the “Instagram button” on our website. If you click the "Instagram button" while you are logged into your Instagram account, you can link the content of our pages to your Instagram profile. This enables Instagram to assign your visit to our website to your user account. We would like to point out that we have no knowledge of the content of the data transmitted or its use by Instagram. Further information can be found in Instagram's privacy policy: http://instagram.com/about/legal/privacy/.

4. Pinterest 

This website also includes plugins from the social network Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). You can recognize the Pinterest plugin by the “Pin it button” on our website. If you click the Pinterest "Pin it button" while you are logged into your Pinterest account, you can link the content of our pages to your Pinterest profile. This enables Pinterest to assign your visit to our website to your user account. We would like to point out that we have no knowledge of the content of the transmitted data or their use by Pinterest. Further information can be found in Pinterest's privacy policy: http://about.pinterest.com/de/privacy.

Sec. 8 Hyperlinks

Our website contains so-called hyperlinks to websites of other providers. When these hyperlinks are activated, you are redirected from our website directly to the website of those other providers. You will recognise this inter alia from the change in the URL. We cannot accept responsibility for the confidentiality of your information on such third-party websites, as we have no control over their compliance with the provisions of data protection law. Please inform yourself directly on those websites regarding the handling of your personal data by those companies.

Sec. 9  Rights of data subjects

The GDPR provides that you, as the data subject, derive the following rights from the processing of your personal data:

• Pursuant to Art. 15 GDPR, you may request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or are being disclosed, the planned retention period, the right of correction, deletion, limiting of processing or objection, the right to register complaints, the origin of your data if not collected by us, information regarding transfers to third countries or international organisations and the existence of automated decision-making, including profiling, and, where appropriate, meaningful information about the details of the foregoing.
• Pursuant to Art. 16 GDPR, you can request immediate correction of incorrect or incomplete personal data stored by us.
• Pursuant to Art. 17 GDPR, you may request erasure of your personal data stored with us provided that the processing is not for purposes of exercising the right to freedom of expression and information, to satisfy a legal obligation, for reasons of public interest or for asserting, exercising or defending against legal claims.
• Pursuant to Art. 18 GDPR, you can ask us to restrict the processing of your personal data, where you dispute the accuracy of the data, where the processing is unlawful, where we no longer require the data and you decline to have it erased because you need the data to assert, exercise or defend legal claims. You are also entitled to exercise rights under Art. 18 GDPR if you have registered an objection to processing under Art. 21 GDPR.
• Pursuant to Art. 20 GDPR, you may request that we provide you with your personal data in a structured, common and machine-readable format, or may request the transfer thereof to another controller.
• Pursuant to Art. 7 (3) GDPR, you can revoke your consent which you have given to us previously at any time. As a result, we are then not allowed to continue processing that data based on that consent in future.
• Pursuant to Art. 77 GDPR, you have the right to register a complaint with the supervisory authority. As a rule, you may contact the supervisory authority at your usual place of residence, your workplace or our company headquarters. In Austria, the supervisory authority is the Data Protection Authority, Datenschutzbehörde, Wickenburggasse 8, 1080 Wien, Telefon: +43 1 52 152-0, E-Mail: dsb@dsb.gv.at, Web: www.dsb.gv.at.

Sec. 10 Right of objection

In connection with the processing of your personal data based on legitimate interests under Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In cases involving direct mail, you have a general right of objection which we will implement without any need for you to specify a particular situation.

Sec. 11 Data security and security measures

We undertake to protect your privacy and to keep your personal data confidential. To prevent any manipulation, loss or misuse of your data stored by us, we undertake extensive technical and organisational security measures, which are periodically reviewed and adapted to technological process. This includes, inter alia, the use of recognised encryption methods (TLS 1.2). However, please note that due to the structure of the Internet, it is possible that the rules of data protection and the safety measures referred to above may not be adhered to by other persons or institutions beyond the scope of our responsibility. In particular, unencrypted disclosed data (when data is disclosed by e-mail) may be read by third parties. We have no technical control over this. It is the responsibility of the user to protect the data they provide by encrypting it or otherwise protecting it from misuse.