Privacy policy

Data protection declaration

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is

Lovers Club Clothing OG

Guglgasse 8/1/32

1110 Wien

E-Mail: office@loversclubclo.com

Tel: +436607300177

 

29.02.2024

 

1) Data collection when visiting our website

If you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

• Our visited website
• Date and time at the time of access
• Amount of data sent in bytes
• Source/reference from which you reached the page
• Browser used
• Operating system used
• IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable your browser to be recognized the next time you visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.

In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be restricted.

3) Making contact

Personal data is collected when you contact us (e.g. via contact form or email). Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is Art. 6 para. 1 lit. b GDPR (necessary for the implementation of pre-contractual measures). Your data will be deleted after final processing of your request.

4) Data processing when opening a customer account and for contract processing

Contract processing

In accordance with Art. 6 para. 1 lit. b GDPR, personal data is collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. You can delete your customer account at any time by sending a message to the above address of the controller. We store and use the data provided by you to process the contract. After complete processing of the contract or deletion of your customer account, your data will be deleted with regard to retention periods under tax and commercial law (currently 7 years).

5) Use of customer data for direct advertising

 

5.1 Registration for our e-mail newsletter

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address.

By registering, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter will be used exclusively for the purpose of advertising by means of the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending us a corresponding message. Once you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately.

5.2 Sending the e-mail newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services to those already purchased from our range by e-mail. In accordance with § 174 TKG, we do not need to obtain separate consent from you for this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f GDPR and § 174 TKG. If you have initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying us.

Newsletter dispatch via Klavio:

Our email newsletters are sent via the technical service provider "Klaviyo", 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a Klaviyo server in the USA and stored there.        

Klaviyo uses this information to send the newsletter on our behalf. Klaviyo does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties. 

To protect your data in the USA, we have a data processing agreement with Klaviyo in which Klaviyo undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties.

You can view Klaviyo's data protection provisions here: https://www.klaviyo.com/privacy

6) Data processing for order processing

6.1 In order to process your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the scope of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will inform you of this explicitly below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.

6.2 We work with external shipping partners to fulfill our contractual obligations to our customers. We pass on your name and your delivery address and, if necessary for delivery, your telephone number to a shipping partner selected by us exclusively for the purpose of delivering the goods in accordance with Art. 6 para. 1 lit. b GDPR.

Use of special service providers for order processing and handling

6.3 Use of payment service providers (payment services)

Apple Pay      

If you opt for the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment will be processed via the "Apple Pay" function of your device operated with iOS, watchOS or macOS by debiting a payment card deposited with "Apple Pay". Apple Pay uses security functions that are integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must therefore enter a code that you have previously specified and verify it using the "Face ID" or "Touch ID" function on your device.

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be forwarded to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the success of the payment.

If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.       

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase that you have made via Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can be used to identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and deactivate "Allow payments on Mac".

You can find further information on data protection with Apple Pay at the following Internet address: https://support.apple.com/de-de/HT203027

EPS transfer

If you select the "EPS bank transfer" payment method, payment will be processed via the payment service provider PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria, to whom we will pass on the information you provided during the ordering process together with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with the above-mentioned payment service provider and only to the extent that it is necessary for this purpose. You can obtain further information on the relevant data protection provisions of PSA Payment Services Austria GmbH at the following Internet address: https://eservice.psa.at/de/datenschutzerklaerung.html

Google Pay   

If you choose the "Google Pay" payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment will be processed via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with an NFC function by charging a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To approve a payment via Google Pay of more than €25, your mobile device must first be unlocked using the verification measure set up in each case (e.g. facial recognition, password, fingerprint or pattern).

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay to the source website in the form of a unique transaction number, which is used to verify that a payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a unique numerical token. For all transactions via Google Pay, Google only acts as an intermediary for processing the payment process. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the payment method stored with Google Pay.        

If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos that you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.         

According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and functional maintenance of the Google Pay service.

Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.

The Google Pay terms of use can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on data protection at Google Pay can be found at the following Internet address

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

Klarna

If you select a Klarna payment service, the payment will be processed by Klarna Bank AB (publ), https://www.klarna.com/de/, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). In order to enable payment processing, your personal data (first and last name, street, house number, zip code, city, gender, e-mail address, telephone number and IP address, possibly also date of birth and your bank details) as well as data related to the order (e.g. invoice amount, article, delivery method) will be passed on to Klarna for the purpose of identity and credit checks, provided that you have expressly consented to this in accordance with Art. 6 para. 1 lit. a GDPR as part of the ordering process. You can see which credit agencies your data may be forwarded to here:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information obtained on the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship.

You can revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.

Your personal data will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna's privacy policy for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy

will be treated.

SOFORT         

If you select the "SOFORT" payment method, payment will be processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we will pass on the information you provided during the ordering process together with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with the payment service provider SOFORT and only to the extent that it is necessary for this purpose. You can obtain further information about SOFORT's data protection provisions at the following Internet address: https://www.klarna.com/sofort/datenschutz.

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Details can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

VISA

The provider of this payment service is the Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

Great Britain is considered a secure non-EU country as far as data protection legislation is concerned. This means that the data protection level in Great Britain is equivalent to the data protection level of the European Union.

VISA may transfer data to its parent company in the US. The data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

For more information, please refer to VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Mastercard

The provider of this payment service is the Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transfer data to its parent company in the US. The data transfer to the US is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

American Express

The provider of this payment service is the American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).

American Express may transfer data to its parent company in the US. The data transfer to the US is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.

For more information, please see the American Express privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Shopify Payment

The provider of this payment service in the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter “Shopify Payment”).

For more information, see Shopify Payment's privacy policy: https://www.shopify.de/legal/datenschutz.

Giropay

The provider of this payment service is the paydirekt GmbH, Stephanstraße 14 – 16, 60313 Frankfurt am Main (hereinafter referred to as “giropay”).

For details, please consult giropay’s Data Privacy Policy at: https://www.paydirekt.de/agb/index.html.

7) Hosting

Hosting by Shopify          

We use the store system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online store on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz

Any further processing on Shopify servers other than those mentioned above will only take place within the scope specified below.

8) Rights of the data subject

8.1 The applicable data protection law grants you comprehensive data subject rights vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

Right to information pursuant to Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries;

Right to rectification pursuant to Art. 16 GDPR: You have the right to obtain without undue delay the rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us;

Right to erasure in accordance with Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 para. 1 GDPR are met. However, this right does not apply in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;

Right to information in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;

Right to withdraw consent given in accordance with Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;

Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in Austria the data protection authority

8.2 Right to object

If your personal data is processed on the basis of our overriding interest, you have the right to object to this processing at any time with effect for the future. However, further processing remains reserved if there are compelling reasons for further processing.

9) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective statutory retention period (e.g. retention periods under company and tax law).

When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, this data is stored until the data subject withdraws their consent.

If there are statutory retention periods for data that is processed within the scope of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in further storage.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data is deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.