Section 1 Personal Information We Collect
Purchases can only be made if you have a personal account. When you create an account or buy something from us, we collect the following personal data that you provide to us as part of the buying and selling process:
• First and last name
• Address & billing address
• Telephone number
• Your gender
• IP address
• E-mail address
• Date of birth
These data are required to carry out the delivery. If you surf in our shop, we automatically receive the IP address of your computer. Based on this information, we can optimize your online experience while protecting our online environment.
Purpose of data collection
We collect and store account-related data for the following purposes:
a. To fulfill our obligations under contracts between you and us and to provide the information, products and services that you request from us;
b. To set up and manage your account and to contact you with questions about your account and your orders;
c. For carrying out market research and market analysis;
d. To confirm your age and identity and to identify and prevent fraud.
With your express permission, we can send you newsletters about our business, new products and other updates. We do this on the basis of your express consent. The following information is collected in connection with the newsletter:
• First and last name
• Your gender
• E-mail address
Purpose of data collection
The collected data is used to:
Personalize our emails, including your name and gender, to provide gender-specific content;
You can revoke your consent at any time by using the link in the newsletter or the contact information in section 2.
1.3. Customer service
In order to be able to offer adequate customer service, our customer service representatives have access to account-related information. As a result, your service will be very effective and pleasant. The data provided in our contact form is used by our CRM provider SuperOffice. We will only use your data to reply to your message.
Section 2 - Consent
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange a delivery or return a purchase, we will use your consent for us to collect this information in order to make it special for you Purposes to use.
If we collect your personal data for any other reason, such as for marketing, we will either ask you directly for your express consent or give you the opportunity to say no.
2.1. How can I withdraw my consent?
If you change your mind after you have given the declaration of consent, you can revoke your consent that we may contact you for the further collection, use or disclosure of your data at any time by contacting us at the following address: firstname.lastname@example.org
Section 3 Disclosure
Section 4 How long do we keep your data?
At Gri / Craft, data minimalism is of great importance. For this reason, your data will not be stored longer than is necessary for the purposes set out in this policy. Different retention periods apply to the different types of data. However, the longest retention periods for personal data are 10 years.
4.1. Account information
Account-related data remains relevant as long as the consumer has an account. Therefore, the data remains documented as long as the account exists. If our customers delete an account, the associated data will be deleted within a reasonable period of time, requests regarding inspection or correction of stored personal data or deletion of an account can be sent to the following address: email@example.com
The declaration of consent and the associated data remain relevant as long as our customers are registered for the newsletter. However, we do a relevance check periodically (every month). Registered customers (and their personal information) will be deleted if customers do not respond to our request. In addition, our newsletter communication includes an option right. Consumers can revoke their consent by using this function.
Section 5 - Cookies
Cookies are small chunks of information that inform your computer about previous interactions with our website. These cookies are not stored on our website, but on your hard drive. Basically, when you use our website, your computer shows us its cookies and tells our site whether you have used them before. This enables our website to work faster and to remember things that are related to your previous visits (e.g. username) in order to make visiting the site more convenient for you. At Gri / Craft we use two types of cookies: functional and analytical cookies.
5.1. Functional cookies
Functional cookies are used to improve your online experience. These cookies track, among other things, what is put in the shopping cart. The use of these cookies does not require prior authorization.
5.2. Analytical cookies
Analytical cookies are used to carry out market research and analysis. Data that are collected with these analytical cookies are anonymized and therefore unusable for others. The use of these cookies does not require prior authorization.
Section 6 - Third Party Services
Third-party services are required to carry out transactions and provide our services. In general, the third-party providers we use will only collect, use and disclose your data to the extent necessary to be able to carry out the services they provide.
Certain third party service providers, such as B. Payment portals and other processors for payment transactions, however, have their own privacy policies with regard to the information we must provide them for your purchase-related transactions.
We recommend that you read the privacy policies of these providers so that you understand how your personal data is handled by these providers.
In particular, certain providers may be located in a different legal system than you or we, for example, maintain facilities there. So if you choose to enter into a transaction that involves the services of a third party, your data may be subject to the laws of the jurisdiction (s) to which the service provider or its facilities are subject.
Web analysis service (anonymized data)
We have integrated a component of a web analysis service (with the anonymization function) on this website. Web analytics can be defined as the collection, organization and analysis of data related to the behavior of website visitors. A web analysis service collects, among other things, data about the website from which a person came (the so-called referrer), which subpages were visited or how often and for how long a subpage was viewed. Web analyzes are mainly used to optimize a website and to carry out a cost-benefit analysis of Internet advertising.
We use a courier service to carry out the deliveries. This courier service takes care of shipping between our company and the consumer's address. In order to carry out this logistics, the company needs access to the name and address of the consumer.
At Gri / Craft we use an external mailing service provider to send the newsletter. This provider has access to limited account information in connection with the declaration of consent (e.g. e-mail address).
Gri / Craft is supported by a company specializing in marketing and communication activities. Their access to personal information is very limited and mostly anonymized.
At Gri / Craft, we use external payment services to fulfill transactions (e.g. credit card payments).
Section 7 - Security
To protect your personal information, we take reasonable precautions and follow industry best practices to ensure that it is not improperly lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card details, the information will be encrypted with Secure Socket Layer technology (SSL) and saved with AES-256 encryption. While no method of transmission over the Internet or 100% electronic storage is secure, we follow all PCI DSS requirements and implement additional, generally accepted industry standards. Account-related information is shielded with a hash method. This method converts information into a generated hash. This means that sensitive information is secured and even invisible to us. In addition, our databases are exceptionally well protected against unauthorized persons. For example, access to the database is only possible and permitted for approved IP addresses (e.g. in the headquarters of Gri / Craft). Attempts to access from other addresses are rejected at any time.
In addition, the data is anonymized as much as possible. Therefore, the data cannot be linked directly to a specific consumer. However, with this data we could conduct market research and analysis. In addition, third parties (e.g. mailing services) are checked before we work together, must be GDPR-compliant and are provided with a processor agreement. At Gri / Craft, employees have different access rights. The specific authorization only allows access to the information required to perform a task.
Digital security measures are subject to change and must meet high requirements in order to guarantee the security of online customers. That is why we have appointed a safety manager at Gri / Craft, whose tasks include regular reviews and (if necessary) improvement of safety measures.