The protection of your personal data is important to us.
In this document, we describe the types of personal data we and our associated partners collect and process when you are using our website and services and how we use and disclose that data. We will also inform you about your rights regarding your personal data.
Who we are
The responsible person according to Article 4 No. 7 GDPR is:
Marion Schmidt
Am Roemischen Hof 3
61352 Bad Homburg vor der Hoehe
Germany
E-Mail: rockyourcurls@curlable.world
Definitions
Visitor: A visitor is a person that visits and uses our site without being logged-in.
User: A user is a visitor that is logged into his account.
Legal bases
We process your personal data in accordance to the General Data Protection Regulation (GDPR). In addition to the regulations of the GDPR, national regulations of the respective user’s country of residence or domicile may apply.
We store information on your device in accordance to the German „Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien“ (TTDSG).
How we protect your data
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art of the used technologies, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk, Article 32 GDPR. The security measures we take include, in particular, the following.
Secure Sockets Layer | Transport Layer Security (SSL)
We use a technology called SSL to encrypt the data transmitted between your device and our server (transport security). SSL significantly reduces the risk of unauthorized access to your personal data while being transmitted.
Disclosure
In the course of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organizational units or persons or that data is disclosed to them. The recipients of this data may include, in particular, service providers commissioned with IT tasks. In such a case, we ensure the protection of personal data by concluding contracts or agreements with the respective third parties, which serve the adequate protection of the data. We carefully and conscientiously select third parties to whom we disclose data. Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Insofar as we process data in a third country, i.e. a country outside the European Union or the European Economic Area, or the processing is carried out by third parties outside this area, this processing is only carried out in accordance with the applicable legal provisions.
Other than with your expressed consent or when legally required, we only process data or have data processed in third countries with an adequate level of protection. This includes, in particular, countries that process on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR).
Note on the deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as the consent to its processing has been revoked or other permissions (e.g. legitimate interests, legal obligations, etc.) cease to apply. If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. Further information on the deletion of personal data is provided, where applicable, under the individual points of this data protection declaration.
How we process your data
Cookies and similar technologies
Cookies
“Cookies” are small text files that are stored on your local system if requested by our system and allowed by your browser. Cookies consist of a key-value pair and are generally used to perpetuate data over the typical request-response-cycle between your browser executing a request and our system giving a response.
Required Cookies
The following cookies are set because they are technically required to provide our services (Article 6, paragraph 1 lit. b GDPR, § 25 Abs. 2 Nr. 2 TTDSG).
Optional Cookies
The following cookies are only set with the expressed consent of the user (Article 6, paragraph 1 lit. a GDPR, § 25 Abs. 1 TTDSG).
| Name | Domain | Controller | Purpose | Duration of use |
|---|---|---|---|
| _gat_UA- | curlable.world | Google LLC | This cookie is used by Google Analytics to throttle the request rate.
Function information: For this purpose, data is collected and processed about the user’s terminal device used, the pages called up, the time spent calling up and staying on the respective pages, the user’s origin (referrer) and, as far as possible, his geographical position. Consent (Art. 6 Abs. 1 S. 1 lit. a GDPR, § 25 Abs. 1 TTDSG) |
1M |
| _ga | curlable.world | Google LLC | This cookie is used by Google Analytics for long-term recognition of a visitor to the website.
Function information: For this purpose, data is collected and processed about the user’s terminal device used, the pages called up, the time spent calling up and staying on the respective pages, the user’s origin (referrer) and, as far as possible, his geographical position. Consent (Art. 6 Abs. 1 S. 1 lit. a GDPR, § 25 Abs. 1 TTDSG) |
730D |
Processed data: Usagedata, Metadata
Affected Groups: Users
Legal basis of processing: Consent (Art. 6 Abs. 1 S. 1 lit. a GDPR, § 25 Abs. 1 TTDSG).
Objection: You can revoke consent for the future by using the consent tool on this website.
Local Storage & Session Storage
The local storage is a memory area that is accessible to the code our website runs within your browser (frontend). It allows us to write and read data to / from your device and use that data when communicating with our server (backend). The session storage allows us the same but its lifetime is limited to the sessions duration.
| Key(s) | Purpose | Duration of use | Affected groups | Legal Bases |
| pageNumber, productPage, sm_country, sm_filter, url_new, url_old | These key-value pairs are stored to keep the choices you made within our search form across multiple page views. | End of session | Visitor | Article 6, paragraph 1 lit. b GDPR |
Visiting our website
When you visit our website, we are processing personal data in order to be able to offer our website to you, the visitor / user. The data we process is absolutely necessary to provide the vital technical communication process between your side and our server.
When you visit our website, we collect data that your browser transmits to our server by default (lit c). That data is processed to provide a response to your browsers request and will be written to a logfile. This refers to visits to our web pages without you registering, logging in or using other than merely informational functions of the site.
a)
As far as it concerns the processing of the aforesaid data to provide this website to the user / visitor, we process your personal data in accordance to Art. 6 paragraph 1 lit. b GDPR.
b)
As far as it concerns the logging of the aforesaid communication data, we collect the following data (lit c) in accordance to Art. 6 paragraph. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
Logfiles will be regularly deleted.
c)
Data we process and log:
- The requested page (Uniform Resource Locator, URL)
- Date and time of the request
- The amount of data transmitted
- If set: the referrer header: that might include the page you came from when visiting our site by clicking on a link within a third-party site that links to our site.
- The browser you are using
- The operating system you are using
- The IP-address that is assigned to the client who requested the resource
- The status-code our server responded with
Using our search
When using our search, we, in addition to the data we process on every request, process the data you entered into the form to execute your search request. We do not store your search history on our systems. We do however store the settings of your last search on your system (session storage) in order to allow you to reuse the chosen settings without having to enter them every time you visit the search form again.
We are processing the aforesaid data in accordance to Art. 6 paragraph 1 lit. b GDPR.
Using our contact form
When using our contact form, we process and store the data you provide within the form in order to reply to your contact request.
We are processing the aforesaid data in accordance to Art. 6 paragraph 1 lit. b GDPR.
Data processing by third parties (order data processing)
1&1 IONOS SE
Information and description
We use server services provided by IONOS SE to host our services. This may include web hosting and hosting of mail services.
Function
Server- and network infrastructure
We use the services of a specialized and reputable company to operate and maintain our server and network infrastructure (data centers).
Processed data: userdata, metadata, contentdata, contactdata, contractdata
Affected Groups: Visitors, Users
Legal basis of processing: Legitimate interests
Legitimate Interests:
- Freedom from maintenance: Our legitimate interest in using technology that is low-maintenance or maintenance-free for us. This ensures, as it were, a constantly high safety level of the services;
- High-Availability: Our legitimate interest in using a highly available service.
E-Mail Services
We use external service providers in order to be able to send e-mails securely and with a high delivery rate. For this purpose, we pass on the e-mail address of the persons addressed to the service provider within the framework of the SMTP protocol (or comparable API) together with the content. The service provider will only use this address to carry out the process of checking and delivering the e-mail.
Affected Groups: Users, Recipients
Legal basis of processing: Legitimate interests, consent (where requested)
Legitimate Interests:
- Freedom from maintenance: Our legitimate interest in using technology that is low-maintenance or maintenance-free for us. This ensures, as it were, a constantly high safety level of the services;
- Development outsourcing: our legitimate interest in not having to develop all services ourselves and instead relying on highly complex services operated by third parties
- Security: Our legitimate interest in securing our offerings from unauthorized and damaging access;
- High-Availability: Our legitimate interest in using a highly available service.
Provider information
1&1 IONOS SE; 1&1 IONOS SE Elgendorfer Str. 57 56410 Montabaur, https://www.ionos.de/terms-gtc/terms-privacy
Google LLC
Google Analytics
(Only with consent, contract data processing, SCCs)
Function
Web analytics
In order to further improve our website, understand the interests and expectations of our users, identify problems with click paths on our website, and evaluate the performance of individual pages and our site as a whole, we use web analytics services.
For this purpose, we collect and process data about the end device used by the user, the pages called up, the time spent calling up and staying on the respective pages, the user’s origin (referrer) and, as far as possible, his geographical position.
Processed Data: Usagedata, Metadata
Affected Groups: Users
Legal basis of processing: consent
Affected domains: www.google-analytics.com (incl. Subdomains), analytics.google.com
External Platforms
Social media
In order to be able to communicate effectively with our (potential) customers and other interested persons and to offer them an obvious point of contact and information, we maintain presences in some social media.
We would like to point out that when using social media, data may be processed outside the area of the European Union, resulting in risks for the user regarding the enforcement of his rights.
Social media regularly analyze the behavior of their users for marketing purposes. In doing so, they create far-reaching profiles about the interests and usage behavior of their users in order to be able to display personalized advertising to them. By setting cookies and integrating them into third-party sites, information can also be collected that goes beyond the direct use of the social network.
In particular, information about the terminal device used, the Internet connection (IP address) and, if applicable, the location of the user may also be collected.
We would like to point out that only the providers of these networks have access to the data collected about the user; consequently, a request for information can most effectively be asserted against them.
For a detailed description of the processing of personal data and the options for opting out, please refer to the privacy statements of the respective networks.
For our Facebook profile:
Facebook privacy policy: https://www.facebook.com/about/privacy
For our Instagram profile:
Instagram privacy policy: https://help.instagram.com/519522125107875
Your rights as a data subject
The data subjects are entitled to rights, which we inform you about below:
Right to object (Article 21 GDPR):
You have the right to object to the processing of personal data concerning you which is carried out on the basis auf Article 6 paragraph 1 lit. e or. f GDPR on grounds relating to your particular personal situation, including profiling based on those provisions.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
Right to withdraw consent (Article 21 GDPR):
You have the right to withdraw consent at any time.
Right of access (Article 15 GDPR):
You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with the legal requirements.
Right to rectification (Article 16 GDPR):
In accordance with the legal requirements, you have the right to demand that the data concerning you be completed or that the incorrect data concerning you be corrected.
Right to erasure and restriction of processing (Article 17, 18 GDRP):
In accordance with the legal requirements, you have the right to request that data concerning you be erased without undue delay – or, alternatively, to request restriction of the processing of the data in accordance with the legal requirements.
Right to data portability (Article 20 GDPR):
You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transfer to another controller.
Complaint to the supervisory authority (Article. 77 GDPR):
You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, in accordance with the legal requirements, if you believe that the processing of personal data concerning you violates the GDPR.