Privacy policy

Privacy Policy

The person responsible for data processing is:

CARLITOS handmade GmbH Deilmisserstr.4 31036 Eime Dunsen Germany

Email: info@carlitos-handmade.de Phone: +49 17620652308

We appreciate your interest in our online store. The protection of your privacy is very important to us. Below, we inform you in detail about how we handle your data.

  1. Access data and hosting

You can visit our websites without providing any personal information. Whenever a web page is called up, the web server automatically saves only a so-called server log file, which, for example, contains the name of the requested file, your IP address, the date and time of the request, the amount of data transferred, and the requesting provider (access data) and documents the request. This access data is evaluated exclusively for the purpose of ensuring the trouble-free operation of the site and improving our offer. This serves to protect our predominantly legitimate interests in a correct presentation of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO. All access data will be deleted no later than seven days after the end of your visit to the site.

Hosting

The services for hosting and displaying the website are partially provided by our service providers on our behalf as part of processing. Unless otherwise explained in this privacy policy, all access data and all data collected in the forms provided on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact options described in this privacy policy.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: Canada

Our service providers are located and/or use servers in the USA and other countries outside the EU and EEA. There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on standard data protection clauses of the European Commission.

Please write in English language.

  1. Data Processing for Contract Execution and Contacting

2.1 Data processing for contract execution

For the purpose of contract execution (including inquiries about and handling of any existing warranty and performance claims, as well as any legal update obligations) in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we collect personal data when you voluntarily provide it to us as part of your order. Mandatory fields are marked as such because we need the data in these cases for contract execution, and we cannot send the order without this information. The data collected can be seen in the respective input forms.

For more information on the processing of your data, particularly the transfer to our service providers for the purpose of order, payment, and shipping processing, please refer to the following sections of this privacy policy. After complete processing of the contract, your data will be restricted for further processing and deleted after the expiration of tax and commercial retention periods in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this statement.

2.2 Customer account

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account and storing your data for further future orders on our website. You can delete your customer account at any time, either by sending a message to the contact option described in this privacy policy or using a dedicated function in the customer account. After deleting your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this statement.

2.3 Contacting

As part of customer communication, we collect personal data for processing your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR when you voluntarily provide it to us when contacting us (e.g., via contact form or email). Mandatory fields are marked as such because we need the data in these cases for processing your contact. The data collected can be seen in the respective input forms. After complete processing of your request, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this statement.

Live Chat Tool Userlike

For the purpose of customer communication, we use the live chat tool provided by Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne, Germany ("Userlike"). This serves to protect our predominantly legitimate interests in effective and improved customer communication in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Userlike acts on our behalf.

Live Chat Tool WhatsApp

For the purpose of customer communication, we use the live chat tool provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp"). This serves to protect our predominantly legitimate interests in effective and improved customer communication in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. WhatsApp acts on our behalf. The phone numbers stored on our mobile device are automatically processed on servers of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Only phone numbers of customers who have previously contacted us via WhatsApp and have already accepted WhatsApp's terms of use and privacy policy are stored. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

  1. Data processing for the purpose of shipping

For the fulfillment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.

Data transfer to shipping service providers for the purpose of shipping notification

If you have given us your explicit consent during or after your order, we will, based on this and in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, pass on your email address and telephone number to the selected shipping service provider so that they can contact you before delivery for the purpose of delivery notification or coordination. You can revoke your consent at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this declaration.

General Logistics Systems Germany GmbH & Co. OHG GLS Germany-Straße 1 - 7 DE-36286 Neuenstein Germany

United Parcel Service Deutschland S.à r.l. & Co. OHG Görlitzer Straße 1 41460 Neuss Germany

DHL Paket GmbH Sträßchensweg 10 53113 Bonn Germany

DPD Deutschland GmbH Wailandtstraße 1 63741 Aschaffenburg Germany

Data processing for payment processing

In processing payments in our online shop, we work with these partners: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction processing

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers who work for us as part of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for the processing of the payment. This serves the fulfillment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, payment service providers collect the data necessary for processing the payment themselves, for example, on their own website or via a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies. If you have any questions about our partners for payment processing and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

4.2 Data processing for the purpose of fraud prevention and optimization of our payment processes

If necessary, we provide our service providers with additional data, which they use together with the data necessary for processing the payment as our data processors for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, processing of contested payments, support of accounting). This serves to protect our legitimate interests in our protection against fraud or efficient payment management, which prevail in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

4.3 Identity and credit check when selecting Klarna payment services

Klarna Direct Debit, Purchase on Account via Klarna If you choose the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter Klarna), we ask for your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR that we may transmit the data necessary for processing the payment and an identity and credit check to Klarna. In Germany, the credit agencies mentioned in Klarna's privacy policy can be used for identity and credit checks. Klarna uses the information received about the statistical probability of payment default for a balanced decision on the establishment, implementation, or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option mentioned in this privacy policy. This may result in us no longer being able to offer you certain payment options. You can also revoke your consent to this use of personal data at any time with Klarna.

  1. Advertising via email 5.1 Email newsletter with registration and newsletter tracking

When you sign up for our newsletter, we use the necessary data or data you have provided separately to send you our email newsletter regularly based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time, either by sending a message to the contact option described below or via a link provided in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to the further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this declaration.

Please note that when sending the newsletter, we evaluate your user behavior. We also analyze your handling of our newsletter by measuring, storing, and evaluating opening rates and click rates for the purpose of designing future newsletter campaigns ("newsletter tracking").

For this evaluation, the sent emails contain one-pixel technologies (e.g., so-called web beacons, tracking pixels), which are stored on our website. For the evaluations, we link the following "newsletter data" in particular

the page from which the page was requested (so-called referrer URL), the date and time of the call,

page6image54228096 the description of the type of web browser used, the IP address of the requesting computer, the email address, the date and time of registration and confirmation

and the one-pixel technologies with your email address or your IP address and possibly an individual ID. Links contained in the newsletter may also include this ID.

If you do not wish to have newsletter tracking, you can unsubscribe from the newsletter at any time, as described earlier.

The information will be stored as long as you have subscribed to the newsletter.

5.2 Email newsletter without registration and your right to object

If we have received your email address in connection with the sale of a product or service and you have not objected, we reserve the right to send you regular offers for similar products, like the ones already purchased, from our range by email based on § 7 para. 3 UWG. This serves to protect our legitimate interests in advertising to our customers, which prevail in the context of a balancing of interests.

You can object to this use of your email address at any time by sending a message to the contact option described in this privacy policy or via a link provided in the advertising email, without incurring any costs other than the transmission costs according to the basic rates.

After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to the further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this declaration.

5.3 Newsletter dispatch

The newsletter and the above-described newsletter tracking are possibly also sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

Our service providers are located and/or use servers in the USA and other countries outside the EU and the EEA. There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on standard data protection clauses of the European Commission.

5.4 Sending review requests via email

If you have given us your express consent during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, 

we will use your email address to request a review of your order through the rating system we use. You can revoke this consent at any time by sending a message to the contact option described in this privacy policy or via a link provided in the review request.

The review requests may also be sent by our service provider, Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (Trusted Shops).

As part of the review request process, we receive information on the respective status from Trusted Shops (e.g., whether the review request was sent and whether it has arrived). This is done in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR to fulfill our legitimate interest in receiving information about review invitations to make optimizations based on this information and to fulfill Trusted Shops' legitimate interest in offering this service.

For the dispatch of review requests and the collection and display of review or status information, we are jointly responsible with Trusted Shops.

In the context of the joint responsibility between us and Trusted Shops GmbH, please contact Trusted Shops GmbH with data protection questions and to assert your rights, preferably using their contact options found here. Further information on data protection can be found at the following link here. Regardless, you can always contact us using the contact option described in this privacy policy. If necessary, your request will be forwarded to the other responsible party for a response.

  1. Cookies and Other Technologies 6.1 General Information

To make your visit to our website attractive and to enable the use of certain functions, we use technologies, including so-called cookies, on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (persistent cookies).

We use such technologies that are necessary for the use of certain functions of our website (e.g., shopping cart function). Through these technologies, we collect and process your IP address, the time of your visit, device and browser information, as well as information about your use of our website (e.g., information about the content of your shopping cart). This is done as part of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, for the overriding legitimate interest of optimizing the presentation of our offer.

We also use technologies to fulfill our legal obligations (e.g., to be able to prove your consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy. We may also use technologies that are not individually listed in this privacy policy. For more information on these technologies, including the respective legal basis for data processing, please visit the Usercentrics platform. You can access this by clicking on the fingerprint button in the lower right or left corner of the page.

You can find the cookie settings for your browser at the following links: Microsoft EdgeTM / SafariTM / ChromeTM / FirefoxTM / OperaTM

If you have consented to the use of these technologies in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy. Alternatively, you can click on the fingerprint button in the lower right or left corner of the page. If you do not accept cookies, the functionality of our website may be restricted.

6.2 Use of Usercentrics Consent Management Platform for Managing Consents

We use the Usercentrics Consent Management Platform ("Usercentrics") on our website to inform you about the cookies and other technologies we use on our website and to obtain, manage, and document your legally required consent to the processing of your personal data by these technologies. This is necessary in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR to fulfill our legal obligation in accordance with Art. 7 para. 1 GDPR to be able to prove your consent to the processing of your personal data. Usercentrics is an offer of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, which processes your data on our behalf. When you visit our website, the Usersentrics web server stores a so-called server log file that also contains your anonymized IP address, the date and time of your visit, device and browser information, as well as information about your consent behavior. Your data will be deleted after three years, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use your data beyond this, which is legally permitted and which we inform you about in this statement.

  1. Use of Cookies and Other Technologies for Web Analysis and Advertising Purposes

If you have given your consent in accordance with Art. 6 para. 1 lit. a GDPR, we use the following cookies and other technologies from third-party providers on our website. Once the purpose has been achieved and the respective technology is no longer used by us, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your options for revocation can be found in the section "Cookies and Other Technologies". Further information, including the basis of our cooperation with each provider, can be found with each technology. If you have any questions about the providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

7.1 Use of Google Services for Web Analysis and Advertising Purposes

We use the following technologies from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected about your use of our website through Google technologies is usually transmitted to and stored on a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. If your IP address is collected through Google technologies, it will be shortened before being stored on Google's servers by activating IP anonymization. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise indicated for the individual technologies, data processing is based on an agreement between joint controllers in accordance with Art. 26 GDPR for the respective technology. Further information about data processing by Google can be found in Google's privacy policy.

Google Analytics

For the purpose of website analysis, data (IP address, time of visit, device and browser information, as well as information about your use of our website) is automatically collected and stored with Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. Your IP address will generally not be merged with other data from Google. Data processing is based on an agreement for order processing with Google.

Google Ads

For advertising purposes in Google search results as well as on third-party websites, the so-called Google remarketing cookie is set when you visit our website, which enables interest-based advertising through the collection and processing of data (IP address, time of visit, device and browser information, as well as information about your use of our website) and a pseudonymous cookie ID based on the pages you visited. Further data processing only takes place if you have activated the setting "personalized advertising" in your Google account. If you are logged into Google during your visit to our website in this case, Google will use your data together with Google Analytics data to create and define target audience lists for cross-device remarketing.

For website analysis and event tracking, we use Google Ads conversion tracking to measure your subsequent usage behavior if you have accessed our website through a Google Ads advertisement. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information, as well as information about your use of our website based on events specified by us, such as visiting a web page or signing up for a newsletter) may be collected and pseudonymous usage profiles created.

Google reCAPTCHA

For the purpose of protecting against abuse of our web forms as well as against spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information, as well as information about your use of our website) and analyzes your use of our website using JavaScript and cookies. In addition, other cookies stored by Google services in your browser are evaluated. Reading or storing personal data from the input fields of the respective form does not take place.

YouTube Video Plugin

To integrate third-party content, data (IP address, time of visit, device and browser information) is collected through the YouTube Video Plugin in the privacy-enhanced mode we use, transmitted to Google, and subsequently processed by Google only when you play a video.

7.2 Use of Facebook Services for Web Analysis and Advertising Purposes

Use of Facebook Pixel

We use the Facebook Pixel in the context of the following technologies provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook (by Meta)" or "Meta Platforms Ireland"). With the Facebook Pixel, data (IP address, time of visit, device and browser information, as well as information about your use of our website based on events specified by us, such as visiting a web page or signing up for a newsletter) is automatically collected and stored, and pseudonymous usage profiles are created. As part of the so-called extended data matching, information is also collected and hashed for comparison purposes that can be used to identify individuals (such as names, email addresses, and phone numbers), and stored. To do this, a cookie is automatically set by the Facebook Pixel when you visit our website, which enables your browser to be recognized automatically via a pseudonymous cookie ID when you visit other websites. Facebook (by Meta) will combine this information with additional data from your Facebook account to compile reports on website activities and to provide other services related to website use, in particular personalized and group-based advertising.

The information automatically collected through Facebook (by Meta) technologies regarding your use of our website is usually transmitted to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA and stored there. There is no adequacy decision of the European Commission for the USA. If data transfer to the USA falls within our responsibility, our cooperation is based on standard data protection clauses of the European Commission. Further information on data processing by Facebook can be found in Facebook's (by Meta) privacy policy.

Facebook Analytics

As part of the Facebook Business Tools, statistics on visitor activities on our website are created from the data collected on your use of our website through the Facebook Pixel. The data processing is based on an agreement on order processing by Facebook (by Meta). Your analysis serves the optimal presentation and marketing of our website.

Facebook Ads (Advertising Manager)

We advertise this website on Facebook (by Meta) and other platforms through Facebook Ads. We determine the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the precise implementation, especially for the decision on the placement of ads with individual users. Unless otherwise stated for the individual technologies, data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR. The joint responsibility is limited to the collection of data and its transmission to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not covered by this.

Based on the statistics on visitor activities on our website created through the Facebook Pixel, we operate group-based advertising on Facebook (by Meta) via Facebook Custom Audience by determining the characteristics of the respective target group. As part of the extended data comparison process used to determine the respective target group (see above), Facebook (by Meta) acts as our order processor.

Based on the pseudonymous cookie ID set by the Facebook Pixel and the data collected on your usage behavior on our website, we operate personalized advertising through Facebook Pixel Remarketing.

Through Facebook Pixel Conversions, we measure your subsequent usage behavior for web analysis and event tracking if you have accessed our website via an advertisement from Facebook Ads. The data processing is based on an agreement on order processing by Facebook (by Meta).

7.3 Information on third country transfers (transfer of data to third countries)

We use technologies from service providers on our website whose server locations may be in third countries outside the EU or EEA, including the USA. If, as in the case of the USA, there is no adequacy decision by the EU Commission, an appropriate level of data protection must be ensured through other suitable guarantees. In July 2020, the ECJ decided that the Privacy Shield agreement between the EU and the USA can no longer be used to transfer personal data to the USA. This means that the sectoral adequacy decision is lifted.

Suitable guarantees in the form of contractually agreed standard contractual clauses of the EU Commission or binding corporate rules are generally possible, but require a prior review by the contracting parties to determine whether an adequate level of protection can be ensured. Following the ECJ ruling, it may be necessary to take additional protective measures.

We have generally agreed with the third-party technologies we use that process personal data in a third country such as the USA, the standard data protection clauses issued by the EU Commission that are still in force. Where possible, we also agree additional guarantees to ensure adequate data protection in the USA or other third countries.

However, despite all contractual and technical measures, it may happen that the level of data protection in the third country does not correspond to that of the EU. For such cases, if necessary, we ask for your consent under Art. 49 para. 1 lit. a GDPR for the transfer of your personal data to a third country as part of the cookie consent. This applies in particular to the transfer of data to the USA.

In particular, there is a risk that US authorities may receive access rights to your personal data that are not sufficiently restricted from the EU perspective, without us as the data exporter or you as the data subject noticing, and you may not have legal remedies available to prevent or challenge such access.

  1. Integration of Trusted Shops Trustbadge/Other Widgets

To display Trusted Shops services (e.g., quality seal, collected reviews) and to offer Trusted Shops products to buyers after an order, Trusted Shops widgets (e.g., Trusted Shops Trustbadge) are integrated on this website.

This serves to protect our predominant legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, as part of a balancing of interests. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (Trusted Shops), with whom we are jointly responsible for data protection under Art. 26 GDPR. We will inform you below about the essential content of the contract in accordance with Art. 26 para. 2 GDPR, as part of these data protection notices.

Regarding the joint responsibility between us and Trusted Shops GmbH, please contact Trusted Shops GmbH regarding data protection questions and to assert your rights, using the contact options available here. Further information on data protection can be found at the following link. Regardless, you can also always contact us using the contact information described in this data protection declaration. If necessary, your request will be forwarded to the other responsible party to be answered.

8.1 Data Processing When Embedding Trustbadge/Other Widgets

The Trustbadge is provided by a US-based CDN provider (Content Delivery Network) as part of joint responsibility. An appropriate level of data protection is ensured through standard data protection clauses and other contractual measures. Further information can be found at...

You can find information about Trusted Shops GmbH's data protection here. When accessing the Trustbadge, the web server automatically stores a so-called server log file, which also includes your IP address, date and time of access, amount of data transmitted, and the requesting provider (access data), and documents the access. The IP address is immediately anonymized after collection, so the stored data cannot be assigned to your person. The anonymized data is used, in particular, for statistical purposes and for error analysis.

8.2 Data Processing After Order Completion

After completing an order, your email address, which has been hashed using a cryptographic one-way function, is transmitted to Trusted Shops GmbH. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. This serves to verify whether you are already registered for services with Trusted Shops GmbH, and is therefore necessary for the fulfillment of our and Trusted Shops' predominant legitimate interests in providing the buyer protection and transactional review services associated with the respective order, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. If this is the case, further processing will take place in accordance with the contractual agreement between you and Trusted Shops. If you have not yet registered for the services, you will have the opportunity to do so subsequently. Further processing after registration will also be based on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and no personal reference will be possible.

Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring smooth operation. Processing may take place in third countries (USA and Israel). An appropriate level of data protection is ensured in the case of the USA through standard data protection clauses and other contractual measures, and in the case of Israel through an adequacy decision.

  1. Social Media

9.1 Social Plugins from Facebook (by Meta), Twitter, Instagram (by Meta), Pinterest, WhatsApp

Social buttons from social networks are used on our website. These are only integrated into the page as HTML links, so that no connection is established with the servers of the respective provider when our website is accessed. When you click on one of the buttons, the website of the respective provider opens.

in a new window of your browser. There, for example, you can click the Like or Share button.

9.2 Our Online Presence on Facebook (by Meta), Twitter, Instagram (by Meta), YouTube, Pinterest

If you have given your consent to this pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presence on the social media platforms mentioned above, from which usage profiles will be created using pseudonyms. These can be used to display advertisements within and outside the platforms that presumably correspond to your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your relevant rights and settings options for the protection of your privacy, please refer to the data protection notices of the providers linked below. If you still need help in this regard, you can contact us.

Facebook (by Meta) is an offering of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is generally transferred to and stored on a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. The data processing in the context of visiting a Facebook (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (information on Insights data) can be found here.

Twitter is an offering of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"). The information automatically collected by Twitter about your use of our online presence on Twitter is generally transferred to and stored on a server of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.

Instagram (by Meta) is an offering of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is generally transferred to and stored on a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. The data processing in the context of visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (information on Insights data) can be found here.

YouTube is an offering of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our online presence on YouTube is generally transferred to and stored on a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.

Pinterest is an offering of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). The information automatically collected by Pinterest about your use of our online presence on Pinterest is generally transferred to and stored on a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.

  1. Contact Options and Your Rights

10.1 Your Rights

As a data subject, you have the following rights:

  • Pursuant to Art. 15 GDPR, the right to obtain information about your personal data processed by us to the extent specified therein;
  • Pursuant to Art. 16 GDPR, the right to demand without undue delay the rectification of incorrect or incomplete personal data stored by us;
  • Pursuant to Art. 17 GDPR, the right to demand the erasure of your personal data stored by us, unless further processing is required

to exercise the right to freedom of expression and information; to comply with a legal obligation; for reasons of public interest; or to assert, exercise, or defend legal claims.

According to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data if:

you dispute the accuracy of the data; the processing is unlawful, but you reject the deletion of the data; we no longer need the data, but you need it to assert, exercise, or defend legal claims; or you have objected to the processing in accordance with Art. 21 GDPR.

According to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common, and machine-readable format, or to request the transfer to another responsible party.

According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters for this purpose.

Right to Object

Insofar as we process personal data for the purpose of safeguarding our predominantly legitimate interests as explained above, you may object to this processing with effect for the future. If the processing is for direct marketing purposes, you may exercise this right at any time as described above. If the processing is for other purposes, you only have the right to object if there are reasons that arise from your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing is for the purpose of asserting, exercising, or defending legal claims.

However, this does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.

10.2 Contact options

If you have any questions regarding the collection, processing, or use of your personal data, or if you wish to inquire about, correct, restrict or delete data, revoke your consent, or object to a certain use of data, please contact us directly using the contact details provided in our legal notice.

Data protection officer:

Johanna von und zu Gilsa Deilmisserstr.4 31036 Eime Dunsen Germany +49 17620652308 info@carlitos-handmade.de

Data protection declaration created with the Trusted Shops legal text generator in cooperation with FÖHLISCH Rechtsanwälte.