Terms of Service & Privacy Policy

1. Introduction

The protection of your personal data is our highest priority. This privacy policy explains the type, scope and purpose of the processing of personal data (hereinafter referred to as 'data') in connection with the online offer. This includes the corresponding website, functions and content as well as the external online presences, such as social media profiles (hereinafter collectively referred to as 'online offer'). Your personal data will be treated confidentially and will strictly comply with the legal data protection regulations and the provisions of this privacy policy.

General Information

This privacy policy provides you with a comprehensive overview of what happens with your personal data when you visit this website. Personal data is any information that can be used to identify you personally. Detailed information about data protection can be found in this complete privacy policy.

Responsible Party

The processing of your data on this website is carried out by the website operator. You can find the contact details of the responsible party in the section 'Responsible Party' in this privacy policy.

Collection of Your Data

Personal data is collected in part when you actively provide it, for example, by filling out a contact form. Other data is collected automatically or upon your consent when visiting the website through the IT systems of the responsible party. This mainly includes technical data (e.g., internet browser, operating system or time of page access). This data collection occurs automatically as soon as you visit the website.

Use of Your Data

A portion of the data is collected to ensure the error-free provision of the website. Other data may be used for analyzing your user behavior in order to optimize the offer and adapt it to your needs.

Data Transmission to Third Parties

In the course of the responsible party's business activities, it may be necessary to transmit personal data to third parties. This transmission occurs exclusively under certain conditions: when the transfer is necessary for the fulfillment of a contract, when a legal obligation exists, for example, to tax authorities, when a legitimate interest according to Article 6 paragraph 1 lit. f GDPR exists, or when another legal basis permits the data transmission.

When using external service providers for data processing, the transmission of personal data occurs exclusively based on a valid contract for data processing according to Article 28 GDPR. If a joint processing of the data with other parties takes place, a contract on joint processing according to Article 26 GDPR will be concluded.

Withdrawal of Consent for Data Processing

Certain data processing activities can only be carried out with your explicit consent. This consent can be withdrawn at any time. The legality of data processing that has been carried out up to the point of withdrawal remains unaffected by the withdrawal.

Right of Objection to Specific Data Processing and Marketing Measures (Article 21 GDPR)

If your personal data is processed on the basis of Article 6 paragraph 1 lit. E or F GDPR, you have the right to object to this processing at any time, provided you have grounds that arise from your particular situation. This also applies to profiling based on these provisions. The specific legal basis for the data processing can be found in this privacy policy.

In the event of an objection, the controller will no longer process your personal data, unless compelling legitimate grounds for the processing can be demonstrated that override your interests, rights and freedoms or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21 paragraph 1 GDPR).

If your personal data is used for direct marketing purposes, you have the right to object to this processing at any time. This also applies to profiling where it is associated with direct marketing. After your objection, the controller will no longer use your personal data for these marketing purposes (objection under Article 21 paragraph 2 GDPR).

Rights According to the General Data Protection Regulation

You have the right to file a complaint with a competent supervisory authority in case of violations of the GDPR. This right can be exercised particularly in the Member State where you normally reside, work, or where the alleged violation occurred. Other administrative or judicial remedies remain unaffected.

Personal data processed automatically based on consent or for the performance of a contract can be requested in a structured, common and machine-readable format. On request, these data can also be transmitted directly to another controller, provided this is technically possible.

Each affected person has the right to obtain free information about their stored personal data, their origin, recipients and the purpose of the data processing. In addition, there is a right to rectification or deletion of this data, provided statutory provisions allow it. For further questions or concerns regarding personal data, contact can always be made with the controller.

There is the right to request the restriction of processing of personal data if the accuracy of the data is disputed and a verification is pending. In addition, restriction of data processing can be requested instead of deletion in case of unlawful processing. Furthermore, restriction can be requested if the data is no longer needed but required for asserting, exercising or defending legal claims.

If personal data is restricted in processing, these may only be processed with the consent of the affected person or for asserting, exercising or defending legal claims, for protecting the rights of other natural or legal persons or for reasons of important public interest of the EU or a Member State.

2. Controller

Controller for the data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Rim Pascha

Address: Im Kohlbruch 16, 66539 Neunkirchen

Website: www.rimbijoux.com

Email: rim@husni-pascha.de

Phone: 0151 40103460

3. Sub-processor

The cooperation is carried out with various sub-processors who process data on behalf of the controller. These service providers are contractually obligated to handle the data confidentially and to use it exclusively within the scope of the respective service provision. In addition, there are cases where the responsibility for data processing is shared with other entities. In such cases, the responsibilities are regulated transparently and documented to ensure compliance with the data protection requirements.

4. Definitions

Personal data: This includes all information relating to an identified or identifiable natural person. A person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more specific characteristics.

Processing: This term covers any action or series of actions carried out in connection with personal data, regardless of whether they are performed with or without the aid of automated processes.

Controller: This is the natural or legal person, authority, institution or other body that decides alone or jointly with others on the purposes and means of processing personal data.

Sub-processor: A natural or legal person, authority, institution or other body that processes personal data on behalf of the controller.

Consent: Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data relating to them.

Website: The website refers to the entire online offering made available by the controller under a specific URL.

End device: An end device is an electronic device capable of accessing the internet and loading web pages. This includes, among others, computers, laptops, tablets and smartphones.

5. Legal Bases for Data Processing

The processing of your personal data is carried out on the basis of the General Data Protection Regulation (GDPR) as well as other relevant legal provisions. Depending on the purpose of the data processing, different legal bases apply.

If you have consented to the processing of your personal data, such processing is carried out on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. Your consent can be withdrawn at any time.

The processing of your data may be necessary for the performance of a contract or for the implementation of pre-contractual measures, and in such cases is carried out on the basis of Art. 6 para. 1 lit. b GDPR. In addition, processing may be required to comply with legal obligations, which is then carried out pursuant to Art. 6 para. 1 lit. c GDPR.

In certain cases, processing is carried out to protect the legitimate interests of the controller or a third party, provided that your interests or fundamental rights and freedoms do not override them. This processing is based on Art. 6 para. 1 lit. f GDPR.

6. Data Transfers to Unsafe Third Countries and Non-DPF-Certified US Companies

If tools from companies based in countries that do not provide an adequate level of data protection are used on this website, or if US-based tools are used whose providers are not certified under the EU-US Data Privacy Framework (DPF), your personal data may be transferred to and processed in those countries.

Please note that in countries without an adequate level of data protection, a standard of data protection equivalent to that of the EU cannot be guaranteed. Data transfers to the USA are therefore only permitted if the recipient either holds a certification under the 'EU-US Data Privacy Framework' (DPF) or has appropriate additional safeguards in place.

7. Retention Period

Unless a more specific retention period has been specified in this privacy policy, personal data will remain with the controller until the purpose for which it was collected no longer applies. If a legitimate request for deletion is made or consent to data processing is withdrawn, the data concerned will be deleted, unless there are other legally permissible grounds for retention (e.g. statutory retention periods under tax or commercial law).

The controller stores personal data only for as long as necessary to fulfil the respective purposes for which the data was collected. If the processing of personal data is based on consent, the data will be retained until the data subject withdraws that consent. Such withdrawal is possible at any time with effect for the future.

8. Security Measures and Data Minimisation

Comprehensive technical and organisational measures are implemented to effectively protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access.

Care is taken to collect and process only the data strictly necessary for the respective purpose. This data minimisation strategy helps to significantly reduce the risk of misuse and unauthorised access. Security measures are continuously updated in line with the state of the art.

9. SSL/TLS Encryption

To protect the security of your data during transmission, encryption methods corresponding to the current state of the art (e.g. SSL or TLS) are used via HTTPS. SSL (Secure Socket Layer) and TLS (Transport Layer Security) are protocols for encrypting data transmissions over the internet.

This ensures that data exchanged between your browser and the server is protected against unauthorised access. You can recognise an encrypted connection by the fact that the address bar of your browser changes from 'http://' to 'https://' and by the padlock symbol in your browser bar.

10. Encrypted Payment Transactions via the Website

If, following the conclusion of a paid contract, there is an obligation to transmit payment data to the controller (e.g. account number for direct debit), such data will be transmitted in encrypted form.

The encrypted transmission can be recognised by the fact that the address bar of the browser changes from 'http://' to 'https://' and the padlock symbol is displayed in the browser bar. The use of SSL or TLS ensures that payment data is handled securely and confidentially.

11. Storage of User Information in Log Files

Each time the website is accessed, general information is automatically collected that your browser transmits to the server. This information is stored in so-called log files and typically includes: IP address of the requesting computer, date and time of access, name and URL of the retrieved file, website from which access was made (referrer URL), browser used and user agent string, operating system, name of your access provider, and HTTP status code.

The storage of this data is carried out for security reasons, to ensure a smooth connection to the website, to enable comfortable use of the website, to evaluate system security and stability, and for further administrative purposes.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. In no case will the collected data be used for the purpose of drawing conclusions about your identity.

12. Cookies

This website uses cookies. These are small files that your browser automatically creates and stores on your end device (laptop, tablet, smartphone, etc.) when you visit the site. Cookies do not cause any damage to your end device and do not contain viruses, trojans or other malware.

Cookies are used, on the one hand, to make the use of the website more convenient for you. For this purpose, the controller uses so-called session cookies to recognise that you have already visited individual pages of the website. These are automatically deleted when you leave the site.

In addition, the controller uses temporary cookies stored on your end device for a defined period of time, as well as cookies for the statistical recording of website usage. These cookies allow the controller to automatically recognise on a return visit that you have been to the site before.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer. Please note that fully disabling cookies may mean that you are unable to use all features of the website.

13. Use of the Contact Form

For any questions, you can contact the controller using the form provided on this website. To identify who the enquiry is from and to be able to respond to it, the following information is required: first name, last name and address, email address.

The processing of data for the purpose of contacting the controller is carried out pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of voluntarily given consent. The personal data collected for the use of the contact form is regularly deleted once the enquiry has been dealt with.

14. Enquiries by Email or Telephone

It is possible to contact the controller by email or telephone. The personal data transmitted in this way (e.g. name, email address, telephone number and the enquiry itself) will be processed and stored by the controller solely for the purpose of handling the enquiry and any follow-up questions.

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR, as the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures. If the processing is not related to a contract, it is carried out on the basis of Art. 6 para. 1 lit. f GDPR.

15. Enquiries via WhatsApp

It is possible to contact the controller via WhatsApp. Please note that WhatsApp stores transmitted data on servers in the USA. Therefore, no sensitive information should be transmitted via this channel.

The personal data transmitted by you (e.g. name, telephone number and the enquiry itself) will be processed and stored by the controller solely for the purpose of handling your enquiry and any follow-up questions.

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR, as the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures. Additional information on the processing of your personal data by WhatsApp can be found in their privacy policy at: https://www.whatsapp.com/legal/.

16. Prohibition of Sending Unsolicited Commercial Emails

The use of contact details published in the legal notice for the purpose of sending unsolicited advertising and informational materials is hereby prohibited. The operator of this website expressly reserves the right to take legal action in the event of violations, particularly in cases of unsolicited sending of advertising information such as spam emails.

Newsletters may be sent to existing customers without their explicit consent under certain conditions. This is permissible pursuant to Art. 6 para. 1 lit. f GDPR if the following conditions are met: the customer has provided their email address in connection with the purchase of a product or service, the newsletter contains advertising only for similar products or services of the controller, the customer has been informed of their right to object, and the customer has not objected to the use of their email address.

Customers may of course object to the use of their email address for this purpose at any time. A simple informal notification by email to the controller or by using the 'unsubscribe' link in the respective newsletter is sufficient.

17. Shipping and Delivery of Goods

Where goods are shipped to customers, the controller collects and processes additional personal data necessary for the processing of the shipment. This includes in particular the name, delivery address and, where applicable, special delivery instructions.

The processing of this data is carried out on the basis of Art. 6 para. 1 lit. b GDPR. As part of the shipping process, your data will be passed on to commissioned shipping service providers to the extent necessary for delivery. These service providers are contractually obligated to treat your data confidentially and to use it only within the scope of the service provided.

After completion of the shipment and fulfilment of the contractual relationship, your shipping data will be stored in accordance with the statutory retention periods and then deleted, provided no further legal obligations to retain the data exist.

18. Third-Party Payment Services

This website uses third-party payment services to provide you with a secure and convenient payment option. When you make a purchase through the website, your payment data (e.g. name, payment amount, bank account details, credit card number) is processed directly by the respective payment service provider for the purpose of payment processing.

Apple Pay: Payment service of Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, T23 YK84, Ireland. Privacy policy: https://www.apple.com/legal/privacy/en-ww/

Klarna: Payment service of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. Privacy policy: https://www.klarna.com/en/privacy/

PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal is certified under the EU-US Data Privacy Framework (DPF). Privacy policy: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

Stripe: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. Privacy policy: https://stripe.com/en/privacy