Data protection

Section 1 Personal Information We Collect

1.1. account

Purchases can only be made if you have a personal account. When you create an account or buy something from us, we collect the following personal data that you provide to us as part of the buying and selling process:

• First and last name
• Address & billing address
• Telephone number
• Your gender
• IP address
• E-mail address
• Date of birth

These data are required to carry out the delivery. If you surf in our shop, we automatically receive the IP address of your computer. Based on this information, we can optimize your online experience while protecting our online environment.

Purpose of data collection

We collect and store account-related data for the following purposes:

a. To fulfill our obligations under contracts between you and us and to provide the information, products and services that you request from us;
b. To set up and manage your account and to contact you with questions about your account and your orders;
c. For carrying out market research and market analysis;
d. To confirm your age and identity and to identify and prevent fraud.

1.2. Newsletter

With your express permission, we can send you newsletters about our business, new products and other updates. We do this on the basis of your express consent. The following information is collected in connection with the newsletter:
• First and last name
• Your gender
• E-mail address

Purpose of data collection

The collected data is used to:
Personalize our emails, including your name and gender, to provide gender-specific content;
You can revoke your consent at any time by using the link in the newsletter or the contact information in section 2.

1.3. Customer service

In order to be able to offer adequate customer service, our customer service representatives have access to account-related information. As a result, your service will be very effective and pleasant. The data provided in our contact form is used by our CRM provider SuperOffice. We will only use your data to reply to your message.

Section 2 - Consent

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange a delivery or return a purchase, we will use your consent for us to collect this information in order to make it special for you Purposes to use.

If we collect your personal data for any other reason, such as for marketing, we will either ask you directly for your express consent or give you the opportunity to say no.

2.1. How can I withdraw my consent?

If you change your mind after you have given the declaration of consent, you can revoke your consent that we may contact you for the further collection, use or disclosure of your data at any time by contacting us at the following address:

Section 3 Disclosure

We may disclose your personal information if this is required by law or if you violate our terms of use.

Section 4 How long do we keep your data?

At Gri / Craft, data minimalism is of great importance. For this reason, your data will not be stored longer than is necessary for the purposes set out in this policy. Different retention periods apply to the different types of data. However, the longest retention periods for personal data are 10 years.

4.1. Account information

Account-related data remains relevant as long as the consumer has an account. Therefore, the data remains documented as long as the account exists. If our customers delete an account, the associated data will be deleted within a reasonable period of time, requests regarding inspection or correction of stored personal data or deletion of an account can be sent to the following address:

4.2. Newsletter

The declaration of consent and the associated data remain relevant as long as our customers are registered for the newsletter. However, we do a relevance check periodically (every month). Registered customers (and their personal information) will be deleted if customers do not respond to our request. In addition, our newsletter communication includes an option right. Consumers can revoke their consent by using this function.

Section 5 - Cookies

Cookies are small chunks of information that inform your computer about previous interactions with our website. These cookies are not stored on our website, but on your hard drive. Basically, when you use our website, your computer shows us its cookies and tells our site whether you have used them before. This enables our website to work faster and to remember things that are related to your previous visits (e.g. username) in order to make visiting the site more convenient for you. At Gri / Craft we use two types of cookies: functional and analytical cookies.

5.1. Functional cookies

Functional cookies are used to improve your online experience. These cookies track, among other things, what is put in the shopping cart. The use of these cookies does not require prior authorization.

5.2. Analytical cookies

Analytical cookies are used to carry out market research and analysis. Data that are collected with these analytical cookies are anonymized and therefore unusable for others. The use of these cookies does not require prior authorization.

Section 6 - Third Party Services

Third-party services are required to carry out transactions and provide our services. In general, the third-party providers we use will only collect, use and disclose your data to the extent necessary to be able to carry out the services they provide.

Certain third party service providers, such as B. Payment portals and other processors for payment transactions, however, have their own privacy policies with regard to the information we must provide them for your purchase-related transactions.

We recommend that you read the privacy policies of these providers so that you understand how your personal data is handled by these providers.

In particular, certain providers may be located in a different legal system than you or we, for example, maintain facilities there. So if you choose to enter into a transaction that involves the services of a third party, your data may be subject to the laws of the jurisdiction (s) to which the service provider or its facilities are subject.

As soon as you leave the website of our shop or are redirected to a website or application of a third-party provider, you are no longer subject to this privacy policy or the terms of use of our website.

Web analysis service (anonymized data)

We have integrated a component of a web analysis service (with the anonymization function) on this website. Web analytics can be defined as the collection, organization and analysis of data related to the behavior of website visitors. A web analysis service collects, among other things, data about the website from which a person came (the so-called referrer), which subpages were visited or how often and for how long a subpage was viewed. Web analyzes are mainly used to optimize a website and to carry out a cost-benefit analysis of Internet advertising.

Courier service

We use a courier service to carry out the deliveries. This courier service takes care of shipping between our company and the consumer's address. In order to carry out this logistics, the company needs access to the name and address of the consumer.

Mailing service

At Gri / Craft we use an external mailing service provider to send the newsletter. This provider has access to limited account information in connection with the declaration of consent (e.g. e-mail address).

Marketing Service

Gri / Craft is supported by a company specializing in marketing and communication activities. Their access to personal information is very limited and mostly anonymized.

Payment services

At Gri / Craft, we use external payment services to fulfill transactions (e.g. credit card payments).

Section 7 - Security

To protect your personal information, we take reasonable precautions and follow industry best practices to ensure that it is not improperly lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card details, the information will be encrypted with Secure Socket Layer technology (SSL) and saved with AES-256 encryption. While no method of transmission over the Internet or 100% electronic storage is secure, we follow all PCI DSS requirements and implement additional, generally accepted industry standards. Account-related information is shielded with a hash method. This method converts information into a generated hash. This means that sensitive information is secured and even invisible to us. In addition, our databases are exceptionally well protected against unauthorized persons. For example, access to the database is only possible and permitted for approved IP addresses (e.g. in the headquarters of Gri / Craft). Attempts to access from other addresses are rejected at any time.

In addition, the data is anonymized as much as possible. Therefore, the data cannot be linked directly to a specific consumer. However, with this data we could conduct market research and analysis. In addition, third parties (e.g. mailing services) are checked before we work together, must be GDPR-compliant and are provided with a processor agreement. At Gri / Craft, employees have different access rights. The specific authorization only allows access to the information required to perform a task.

Digital security measures are subject to change and must meet high requirements in order to guarantee the security of online customers. That is why we have appointed a safety manager at Gri / Craft, whose tasks include regular reviews and (if necessary) improvement of safety measures.

Section 8 - Changes to this Privacy Policy

We reserve the right to change this privacy policy at any time, which is why you should review it regularly. Changes and clarifications will take effect immediately after they are posted on the website. If we make material changes to this Privacy Policy, we will notify you here that it has been updated so that you know what information we collect, how we use it and under what circumstances we may use and / or disclose it.