Privacy Policy

1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE RESPONSIBLE ENTITY

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when using our website. Personal data includes all data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Grace & Rose. The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock icon in your browser bar.

2) DATA COLLECTION WHEN VISITING OUR WEBSITE

When using our website for informational purposes only, i.e., if you do not register or otherwise provide information to us, we only collect the data that your browser sends to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Used browser
- Operating system used
- IP address used (if applicable, anonymized) Processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no further disclosure or other use of the data. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.

3) COOKIES

To make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information individually, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

Some cookies are used to simplify the ordering process by remembering settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If cookies also process personal data implemented by us, processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR, either for the performance of the contract, or in accordance with Art. 6 Para. 1 lit. f GDPR for the protection of our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the visit to the site.

We may cooperate with advertising partners who help us make our online offers more interesting for you. In this case, cookies from partner companies may also be stored on your hard drive when you visit our website (third-party cookies). If we cooperate with the advertising partners mentioned above, you will be informed individually and separately about the use of such cookies and the scope of data collection in the following paragraphs.

Please note that you can set your browser to inform you about the setting of cookies and to decide on their acceptance individually, or to exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. Please note that if you reject cookies, the functionality of our website may be limited.

4) CONTACT

When contacting us (e.g., via contact form or email), personal data is collected. The data collected in the case of a contact form can be found in the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after the processing of your request, which means that the relevant matter has been resolved and there are no legal retention periods preventing deletion.

5) DATA PROCESSING FOR THE OPENING OF A CUSTOMER ACCOUNT AND FOR CONTRACT EXECUTION

In accordance with Art. 6 Para. 1 lit. b GDPR, personal data is further collected and processed if you provide it to us for the execution of a contract or when opening a customer account. The data collected can be found in the respective input fields. Deleting your customer account is possible at any time and can be done by sending a message to the above-mentioned controller's address. We store and use the data provided by you for the handling of the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or we reserve the right to further legally permitted data processing, about which we inform you below.

6) USE OF YOUR DATA FOR DIRECT ADVERTISING

6.1 Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory field for receiving the newsletter is your email address. Further optional data is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an email newsletter if you have expressly confirmed that you consent to receiving newsletters. We will then send you a confirmation email asking you to confirm that you wish to receive newsletters in the future by clicking on a corresponding link.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. When registering for the newsletter, we store your IP address together with the date and time of registration to prevent misuse of your email address at a later time. The data collected by us when registering for the newsletter is used exclusively for promotional purposes via the newsletter. You can unsubscribe at any time via the unsubscribe link in the newsletter or by sending a message to the controller as mentioned above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to further legally permitted data processing, about which we inform you below.

6.2 Sending the email newsletter to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services from our range by email. Separate consent from you is not required for this. Data processing in this respect is carried out solely on the basis of our legitimate interest in personalized direct marketing pursuant to Art. 6 Para. 1 lit. f GDPR. If you initially objected to the use of your email address for this purpose, no email will be sent from our side. You have the right to object at any time to the use of your email address for the above promotional purpose for the future by sending a message to the controller as mentioned above. Only transmission costs according to the basic rates will be charged for this. Upon receipt of your objection, the use of your email address for advertising purposes will be immediately stopped.

7) DATA PROCESSING FOR ORDER PROCESSING

7.1 The personal data we collect will be passed on within the scope of contract processing to the transport company responsible for delivery, to the extent necessary for the delivery of the goods. Your payment data will be passed on to the respective bank institution within the framework of payment processing, to the extent necessary for payment processing. If payment service providers are used, we explicitly inform about this. The legal basis for data transfer is in this case Art. 6 Para. 1 lit. b GDPR.

7.2 Use of payment service providers

Visa, Mastercard, American Express, Maestro, UnionPay, Apple Pay, Google Pay, PayPal:

When using these payment providers, your payment data is processed according to their respective privacy policies. Processing of your payment data is carried out in accordance with applicable law and the terms set by the respective payment provider. We have no control over the privacy policies of these payment providers. We recommend that you consult their privacy policies for more information on how they handle your personal data during the payment process.

8) CONTACT FOR REMINDER OF REVIEW

Personal Reminder for Review (not sent via a customer review system)

We use your email address for one-time reminders to leave a review of your order for the review system that we use, provided that you have given us explicit consent for this during or after your order in accordance with Art. 6 Par. 1 lit. a GDPR. You can withdraw your consent at any time by sending a message to the data controller.

9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS

9.1 Facebook Plugins with Shariff Solution

Specific additional customs duties and/or import taxes are not included in the price and are the responsibility of the customer.

Our website uses so-called social plugins ("plugins") from the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

To increase the protection of your data during your visit to our website, these buttons are not implemented as plugins, but are only embedded in the page using an HTML link. This method of integration ensures that when opening a page of our website containing such buttons, no connection is made to Facebook's servers yet. Clicking on the button opens a new browser window and loads the Facebook page where you can interact with the plugins there (possibly after entering your login information).

Facebook Inc., headquartered in the USA, is certified under the EU-US Privacy Shield, which ensures compliance with the level of data protection applicable in the EU.

For the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and settings options for protecting your privacy, please refer to Facebook's privacy policy: https://www.facebook.com/policy.php

9.2 Google+ Plugins as Shariff Solution

Our website uses so-called social plugins ("plugins") from the social network Google+, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

To increase the protection of your data during your visit to our website, these buttons are not implemented as plugins, but are only embedded in the page using an HTML link. This method of integration ensures that when opening a page of our website containing such buttons, no connection is made to Google+ servers yet. Clicking on the button opens a new browser window and loads the Google+ page where you can interact with the plugins there (possibly after entering your login information).

Google LLC, headquartered in the USA, is certified under the EU-US Privacy Shield, which ensures compliance with the level of data protection applicable in the EU.

For the purpose and scope of data collection and the further processing and use of data by Google, as well as your rights and settings options for protecting your privacy, please refer to Google's privacy policy: https://www.google.com/intl/de/policies/privacy/

9.3 Instagram Plugin as Shariff Solution

Our website uses so-called social plugins ("plugins") from the online service Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram").

To increase the protection of your data during your visit to our website, these buttons are not implemented as plugins, but are only embedded in the page using an HTML link. This method of integration ensures that when opening a page of our website containing such buttons, no connection is made to Instagram servers yet. Clicking on the button opens a new browser window and loads the Instagram page where you can interact with the plugins there (possibly after entering your login information).

Instagram LLC, headquartered in the USA, is certified under the EU-US Privacy Shield, which ensures compliance with the level of data protection applicable in the EU.

For the purpose and scope of data collection and the further processing and use of data by Instagram, as well as your rights and settings options for protecting your privacy, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/

10) ONLINE MARKETING

10.1 DoubleClick by Google

This website uses the online marketing tool DoubleClick by Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick").

DoubleClick uses cookies to show users relevant ads, improve campaign performance, or prevent users from seeing the same ads multiple times. Google records which ads are displayed in which browsers via a cookie ID, which helps prevent repeated display. Processing is based on our legitimate interest in optimal marketing of our website in accordance with Art. 6 Par. 1 lit. f GDPR.

Furthermore, DoubleClick can register conversions based on cookie IDs related to ad requests. For example, this happens when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and makes a purchase. According to Google, DoubleClick cookies do not contain personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool, and inform you accordingly based on our knowledge: By integrating DoubleClick, Google receives information that you have visited the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered with Google or not logged in, there is a possibility that the provider will identify and store your IP address.

If you wish to participate in this tracking process, you can disable conversion tracking cookies by setting your browser to block cookies from the domain www.googleadservices.com, https://www.google.nl/settings/ads, although this setting will be deleted if you delete your cookies. Alternatively, you can obtain information from the Digital Advertising Alliance at http://www.aboutads.info about setting cookies and adjust these settings. Finally, you can set your browser to inform you about the setting of cookies and decide on their acceptance individually or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.

Google LLC, headquartered in the USA, is certified under the EU-US Privacy Shield, which ensures compliance with the level of data protection applicable in the EU.

Further information on the privacy policy of DoubleClick by Google can be found at: https://www.google.de/policies/privacy/

10.2 Use of Google AdWords Conversion Tracking

This website uses the online advertising program "Google AdWords" and within Google AdWords, the conversion tracking of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google AdWords to draw attention to our attractive offers by means of advertising material (so-called Google AdWords) on external websites. We can use advertising campaign data to determine how successful individual advertising activities are. Our goal is to show you ads that are of interest to you, make our website more interesting for you, and achieve a fair calculation of advertising costs.

The conversion tracking cookie is set when a user clicks on a Google-placed AdWords ad. Cookies are small text files placed on your computer system. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies cannot therefore be tracked through the websites of AdWords customers. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not want to participate in tracking, you can prevent this by blocking the Google Conversion Tracking cookie in your internet browser settings. You will then not be included in the conversion tracking statistics. We use Google AdWords due to our legitimate interest in targeted advertising in accordance with Art. 6 Par. 1 lit. f GDPR.

Google LLC, headquartered in the USA, is certified under the EU-US Privacy Shield, which ensures compliance with the level of data protection applicable in the EU.

Further information on the privacy policy of Google can be found at: https://www.google.de/policies/privacy/

You can permanently disable cookies for advertising preferences by changing your browser software settings accordingly or by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/plugin?hl=en

Please note that certain features of this website may not be available or may be restricted if you disable the use of cookies.

11) WEB ANALYSIS SERVICES

Google (Universal) Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address truncated by "_anonymizeIp()") is usually transmitted to and stored by Google on servers in the United States. This website uses Google Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymization of your IP address by truncation and excludes any direct personal references. Within member states of the European Union or other states parties to the Agreement on the European Economic Area, Google will truncate your IP address before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. In such exceptional cases, this processing is based on Art. 6 para. 1 lit. f GDPR due to our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. You can prevent storage of cookies by appropriately setting your browser software; however, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent Google from collecting and processing data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en Instead of the browser add-on or within browsers on mobile devices, you can click this link to set an opt-out cookie to prevent Google Analytics from collecting data on this website in the future (this opt-out cookie only works in this browser and only for this domain; if you delete your cookies in this browser, you will need to click this link again): Disable Google Analytics Google LLC, based in the USA, is certified under the EU-US Privacy Shield, which ensures compliance with EU data protection standards. This website also uses Google Analytics for cross-device analysis of visitor flows conducted via a user ID. Upon your first access to a page, a unique, permanent, and anonymized ID will be assigned to you, which is set across devices. This allows interaction data from different devices and sessions to be assigned to a single user. The user ID does not contain any personal data and does not transmit such data to Google. Data collection and storage via the user ID can be objected to at any time in the future. To do this, you must deactivate Google Analytics on all systems you use, for example, by using a browser plug-in from Google (https://tools.google.com/dlpage/gaoptout?hl=en). Instead of the browser add-on or within browsers on mobile devices, you can click this link to set an opt-out cookie to prevent Google Analytics from collecting data on this website in the future (this opt-out cookie only works in this browser and only for this domain; if you delete your cookies in this browser, you will need to click this link again): Disable Google Analytics More information about Universal Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376

12) RETARGETING/ REMARKETING/ RECOMMENDATION ADVERTISING

Facebook Custom Audience via the pixel method This website uses the "Facebook pixel" from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, United States ("Facebook"). With explicit consent, this enables tracking of user behavior after they have seen or clicked on a Facebook advertisement. This process is used to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and may contribute to optimizing future ad campaigns. The data collected is anonymous to us and therefore does not provide insight into the identity of users. However, Facebook stores and processes the data, allowing for linkage to the respective user profile and enabling Facebook to use the data for its own advertising purposes, in accordance with Facebook's usage policy (https://www.facebook.com/about/privacy/). You can allow Facebook and its partners to display ads on and off Facebook. For this purpose, a cookie may also be stored on your computer. These processes take place exclusively with your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent for the use of the Facebook pixel may only be given by users over the age of 13. If you are younger, we ask you to seek consent from your legal representatives. Facebook Inc., based in the USA, is certified under the EU-US Privacy Shield, which ensures compliance with the level of privacy protection in the EU. You can disable the use of cookies on your computer by adjusting your internet browser settings so that no cookies can be placed on your computer or existing cookies are deleted. However, disabling all cookies may result in some functions on our websites not being able to be performed. You can also disable the use of cookies by third parties, such as Facebook, on the following website of the Digital Advertising Alliance: https://www.aboutads.info/choices/

Google AdWords Remarketing Our website uses the features of Google AdWords Remarketing, allowing us to advertise this website in Google search results and on external websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"). For this purpose, Google places a cookie in the browser of your end device, enabling automatically interest-based advertising based on the pages you have visited, with a pseudonymous cookie ID. Processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 para. 1 lit. f GDPR. Further processing only takes place if you have consented to Google linking your internet and app browser history to your Google account and using information from your Google account to personalize ads you see on the internet. If you visit our website while logged into Google, Google uses your data along with Google Analytics data to create and define target audiences for remarketing across devices. For this purpose, your personal data is temporarily linked with Google Analytics data to form target groups. You can permanently disable the placement of cookies for ad settings by downloading and installing the available browser plug-in via the following link: https://www.google.com/settings/ads/onweb/ You can also obtain information about setting cookies and decide on this on the website of the Digital Advertising Alliance: www.aboutads.info. Finally, you can set your browser to inform you about the placement of cookies and individually decide on their acceptance or exclude cookies in certain cases or in general. If cookies are not accepted, the functionality of our website may be restricted. Google LLC, based in the USA, is certified under the EU-US Privacy Shield, which ensures compliance with the level of privacy protection in the EU. More information and the privacy policy regarding advertisements and Google can be found here: https://www.google.com/policies/technologies/ads/

13) RIGHTS OF THE DATA SUBJECT

13.1 The applicable data protection legislation grants you as a data subject extensive rights (information and intervention rights) vis-à-vis the data controller regarding the processing of your personal data, which we inform you about below:

Right to information pursuant to Art. 15 GDPR: You have the right to obtain information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the envisaged storage period or the criteria for determining the storage period, the existence of the right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if not collected from you, the existence of automated decision-making, including profiling and meaningful information about the logic involved, the scope, and the intended effects of such processing, and your right to information on what guarantees according to Art. 46 GDPR are provided when your data are transferred to third countries;

Right to rectification pursuant to Art. 16 GDPR: You have the right to obtain without undue delay the rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us;

Right to erasure pursuant to Art. 17 GDPR: You have the right to obtain the erasure of your personal data under the conditions of Art. 17 para. 1 GDPR. However, this right does not exist, in particular, if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to obtain restriction of processing of your personal data as long as the accuracy of your data is contested, if you refuse deletion of your data due to unlawful processing and instead request restriction of processing of your data, if you need your data for the assertion, exercise or defense of legal claims after we no longer need this data for the purpose for which it was collected or if you have objected to processing for reasons arising from your particular situation until it is determined whether our legitimate grounds prevail;

Right to information pursuant to Art. 19 GDPR: If you have asserted your right to rectification, erasure or restriction of processing against the data controller, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients;

Right to data portability pursuant to Art. 20 GDPR: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller, where technically feasible;

Right to withdraw consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;

Right to object pursuant to Art. 21 GDPR: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The data controller ceases to process your personal data unless he/she demonstrates compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims;

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

14) STORAGE DURATION OF PERSONAL DATA

The storage duration of personal data is based on the respective legal retention period (e.g., commercial and fiscal retention periods). After expiration of the period, the corresponding data are routinely deleted, provided they are no longer necessary for contract performance or initiation and/or due to our legitimate interests and/or there is no further legal basis for continued storage.