Privacy policy
Data Protection Declaration
1. Introduction and Contact Information
Thank you for visiting our website. This document explains how we handle your personal data when you use our site. "Personal data" refers to any information that can identify you as an individual.
The entity responsible for the data processing on this site, as defined by the General Data Protection Regulation (GDPR), is Jasik/Villamil Baumann GbR. You can contact us at our office at Gustav-Adolf-Strasse 162, 13086 Berlin, Germany, by phone at +49 172 9667076, or via email at info@dosamiguitas.com. As the data controller, we determine the purposes and methods for processing personal data, either alone or with others.
2. Data Processing During Website Visits
When you visit our site for informational purposes only, without registering or providing any other information, we only collect data that your browser automatically sends to our server. This data, known as "server log files," is a technical necessity for displaying the website to you. This includes:
- The web page you are visiting
- The date and time of your visit
- The amount of data sent
- The source from which you navigated to our page
- The browser and operating system you are using
- Your IP address (which may be anonymized)
This data is processed based on Article 6(1)(f) GDPR, which permits us to do so for our legitimate interest in maintaining the website’s stability and functionality. This information is not shared or used in any other way. However, we reserve the right to review log files if there are specific indications of illegal use.
For your security and to protect confidential information, such as your orders or inquiries, our website uses SSL or TLS encryption. You can identify a secure connection by the "https://" in your browser’s address bar and the presence of a lock symbol.
3. Website Hosting and Content Delivery
Our website is hosted by Shopify International Limited located in Dublin, Ireland. This service handles all data collected on our servers. We have a data processing agreement with Shopify to ensure your data is protected and not disclosed to unauthorized third parties. Data may also be transferred to Shopify Inc. in Ottawa, Canada, where the European Commission has deemed the level of data protection to be adequate.
4. Information on Cookies
We use cookies—small text files stored on your device—to enhance your website experience and enable specific features. Some cookies are temporary and are deleted when you close your browser ("session cookies"), while others, known as "persistent cookies," remain on your device to save your settings for future visits. You can check your browser's cookie settings to see how long these cookies are stored.
If personal data is processed by our cookies, it is done under one of these legal bases:
- Article 6(1)(b) GDPR for fulfilling a contract.
- Article 6(1)(a) GDPR if you have provided your explicit consent.
- Article 6(1)(f) GDPR for our legitimate interest in providing a functional and user-friendly website.
You can configure your browser to alert you when a cookie is placed, giving you the choice to accept or reject it. Please note that refusing cookies may limit some of our website's functionalities.
5. Handling of Contact Information
When you contact us, for instance, through a contact form or via email, we collect personal data. The specific data collected by a contact form is detailed on the form itself. This information is stored and used exclusively to respond to your request, establish contact, and for technical administration.
The legal basis for this processing is our legitimate interest in responding to your inquiry under Article 6(1)(f) GDPR. If your communication is related to a potential contract, the additional legal basis is Article 6(1)(b) GDPR. Your data will be deleted once your inquiry is fully resolved, unless we are legally required to retain it.
6. Use of Customer Data for Marketing
6.1. Email Newsletters
If you sign up for our email newsletter, we will send you regular information about our products. The only required information is your email address. Any other data is voluntary and helps us personalize our communication. We use a double opt-in process, meaning we will only send you the newsletter after you have confirmed your subscription by clicking a link in a confirmation email.
By activating the confirmation link, you consent to the use of your personal data under Article 6(1)(a) GDPR. To prevent misuse, we record your IP address and the date and time of your registration. The data is used solely for the purpose of sending the newsletter. You can unsubscribe at any time using the link in the newsletter or by contacting the data controller. Your email address will then be immediately deleted from our mailing list unless you have provided other consent or we have a legal right to further use your data.
6.2. Klaviyo Email Service
We use Klaviyo, a service provided by Klaviyo (225 Franklin St, Boston, MA 02110, USA), to send our email newsletters. We share your registration data with this provider, based on our legitimate interest in effective and user-friendly newsletter marketing under Article 6(1)(f) GDPR.
With your explicit consent under Article 6(1)(a) GDPR, Klaviyo also performs statistical analysis of our newsletter campaigns using web beacons or tracking pixels. This measures open rates and user interactions. Device information, such as IP address and browser type, is collected and analyzed but is not merged with other data records. You can revoke this consent at any time. We have a data processing agreement with Klaviyo to protect your data and prevent unauthorized transfer.
6.3. Product Availability Notifications
If an item is out of stock, our online shop may offer a one-time email notification when it becomes available. To receive this alert, we only need your email address. We use a double opt-in procedure for this, requiring you to confirm your request by clicking a link in a confirmation email.
By confirming, you consent to the use of your data under Article 6(1)(a) GDPR. We store your IP address, date, and time of registration to trace any potential misuse of your email address. This data is used solely to inform you when the product is available. You can cancel this service at any time by contacting the data controller. Your email address will then be immediately deleted from the notification list, unless we have a legal right to further use your data.
6.4. Shopping Cart Reminders
If you abandon a purchase before completion, you have the option to receive an email reminding you of the items in your cart. We require only your email address for this service. We use a double opt-in process, ensuring you only receive this reminder after confirming your consent via a verification link.
By confirming, you consent to the use of your personal data for this purpose under Article 6(1)(a) GDPR. We store your IP address, date, and time of registration to prevent any misuse. This data is used exclusively for sending the shopping cart reminder. You can unsubscribe at any time by contacting the data controller. Your email will be immediately removed from this mailing list unless we have a legal right to further use your data.
7. Data Processing for Order Fulfillment
7.1. Order-Related Data Sharing
To process your order, we share your personal data with our shipping and payment partners as necessary, based on Article 6(1)(b) GDPR. If your order includes digital products that require updates, we will use your contact information (name, address, email) to inform you about these updates, as required by our legal duty under Article 6(1)(c) GDPR. This data will be used strictly for this purpose.
We also collaborate with external service providers to help us fulfill our contracts. We transfer certain personal data to these providers as outlined below.
7.2. Shipping Partner Data
To fulfill our shipping obligations, we provide your name and delivery address to our selected shipping partners, in accordance with Article 6(1)(b) GDPR.
7.3. Transfer to Shipping Service Providers
We may use the following shipping providers: Deutsche Post, DHL, DHL Express, DPD, FedEx, GLS, Hermes, and UPS.
We share your email address and/or phone number with the chosen provider to coordinate delivery or provide delivery notifications only if you have given your explicit consent during the ordering process under Article 6(1)(a) GDPR. Otherwise, we only provide the recipient’s name and delivery address for the purpose of shipping, in accordance with Article 6(1)(b) GDPR, without the ability to schedule or announce deliveries in advance. You can withdraw your consent at any time by contacting us or the provider.
7.4. Payment Service Providers
We offer online payment methods from PayPal, Shopify Payments, and Stripe.
If you choose a prepaid payment method, we transfer your payment data (including name, address, and card details) and information about your order to the provider under Article 6(1)(b) GDPR, solely for payment processing.
For payment methods that offer advance payments (e.g., credit purchases), you may be asked to provide additional personal data (e.g., date of birth, phone number). We share this data with the provider for a credit check, which is our legitimate interest under Article 6(1)(f) GDPR to assess your creditworthiness. This check may include score values derived from a scientifically recognized statistical process. You have the right to object to this processing, but the provider may still be legally entitled to process your data to fulfill the payment contract.
8. Website Features and Services
8.1. Shopsync for Shopify
This website uses the Shopsync app to synchronize data between our Shopify account and our Mailchimp newsletter service.
-
When a newsletter recipient unsubscribes from Mailchimp, Shopsync automatically updates their status in Shopify. This is based on our legitimate interest under Article 6(1)(f) GDPR to efficiently manage our contact lists.
-
When a customer makes a purchase on Shopify, their name, address, email, and transaction details are automatically transferred to our Mailchimp list. This is done only with your express consent under Article 6(1)(a) GDPR.
Data transferred via Shopsync is not stored on its servers. All synchronized information is transmitted using SSL technology and remains encrypted. The synchronization process involves a secure connection to Amazon Web Services servers in the USA.
8.2. Job Applications
We post current job openings on our website. You can apply by sending us an email with the necessary personal details to assess your suitability for the role. This includes general information (name, address, contact details) and evidence of your qualifications. You may also be asked for health-related information, which we will process with special care in accordance with labor and social laws.
The legal basis for processing your application data, including communication with you, is Article 6(1)(b) GDPR in conjunction with Article 26(1) of the German Federal Data Protection Act, as the application process is considered a step towards a potential employment contract. If you provide special categories of data (e.g., health information), processing is based on Article 9(2)(b) GDPR to allow us to exercise our rights and fulfill our obligations under employment law.
If your application is unsuccessful, or if you withdraw it, your data will be deleted within six months after a notification is sent. This period allows us to respond to any follow-up questions and comply with our legal obligations regarding equal treatment of applicants. If your application is successful, your data will be processed under Article 6(1)(b) GDPR and Article 26(2) of the Federal Data Protection Act to establish the employment relationship.
9. External Tools and Services
DATEV
For our accounting, we use the cloud-based software from DATEV eG in Nuremberg, Germany. This service processes our invoices and banking transactions to automate financial accounting. When personal data is processed in this context, it is done under Article 6(1)(f) GDPR, based on our legitimate interest in the efficient organization and documentation of our business transactions.
10. Your Rights as a Data Subject
Under applicable data protection law, you have comprehensive rights regarding the processing of your personal data:
- Right of access under Article 15 GDPR1
- Right to rectification under Article 16 GDPR2
- Right to erasure ("right to be forgotten") under Article 17 GDPR3
- Right to restriction of processing under Article 18 GDPR4
- Right to5 be informed under Article 19 GDPR
- Right to data portability under Article 20 GDPR
- Right to withdraw consent under Article 7(3) GDPR
- Right to lodge a complaint under Article 77 GDPR
RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR SPECIFIC SITUATION. IF YOU EXERCISE THIS RIGHT, WE WILL CEASE PROCESSING THE AFFECTED DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS FOR THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME. IF YOU OBJECT, WE WILL STOP PROCESSING YOUR DATA FOR DIRECT ADVERTISING.
11. Data Retention Periods
The length of time we store personal data depends on the legal basis, the purpose of the processing, and any applicable legal retention periods (e.g., commercial and tax laws).
- If data is processed based on your express consent under Article 6(1)(a) GDPR, it is stored until you withdraw your consent.
- For data processed under Article 6(1)(b) GDPR for legal or similar obligations, it is routinely deleted after the retention period expires if it is no longer necessary for contract fulfillment or if we no longer have a justified interest in storing it.
- For data processed based on Article 6(1)(f) GDPR, it is stored until you exercise your right to object under Article 21(1) GDPR, unless we have compelling legitimate grounds that override your interests.
- For data processed for direct marketing based on Article 6(1)(f) GDPR, it is stored until you exercise your right to object under Article 21(2) GDPR.
Unless stated otherwise, personal data is deleted when it is no longer necessary for the purposes for which it was collected or processed.