Privacy Policy

Privacy Policy

Personal data (usually referred to just as “data” below) will only be processed by us to the extent necessary, and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered. Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the “GDPR”), “processing” refers to any operation or set of operations such as collection, recording, organization, structuring, storage, use, disclosure by transmission, dissemination, or otherwise making available, or erasure performed on personal data, whether by automated means or not.
The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

The privacy policy is structured as follows:

1. Ascertainment and saving of data as well as type and purpose of their usage
2. Controller of your data
3. Data transfer
4. Rights of the data subject
5. Paypal as payment method
6. Cookies, Google Analytics, Social Media Plug-in and tools
7. External profiles

1. Ascertainment and saving of data as well as type and purpose of their usage

a) Type of handled data
• Inventory data (e.g. names, addresses).
• Contact data (e.g. e-mail, phone numbers).
• Utilization data (e.g. accessed website content , time of access).
• Meta-/communication data (e.g. machine information).

b) While visiting my website
By visiting my website a log file will record data to ensure a secure and stable website. Your IP address will anonymized, meaning the collected data can not be associated with you.
For technical reasons, the following data sent by your internet browser to me or to my server provider will be collected: the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on my site visited, the date and time of your visit,
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of my website. The data will be deleted, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

c) Using the shop and creating an account
For a convenient and smooth experience in our shop, we offer account creation. If you create an account, we will store your name, address and email, which will be used to populate the checkout for future orders and to send you information about your account and order. I generally store data about you for as long as I need it for the purpose for which I collect and use it, and I am not legally required to continue to keep it (for example tax and accounting purposes). We will store information of completed orders and inactive accounts for 18 months. Failed and cancelled orders will be retained for 1 month.
If you choose to use our external stores; you can find their Privacy Policy here:
Etsy: https://www.etsy.com/legal/privacy/
InPrint: https://www.inprnt.com/info/privacy/
Redbubble: https://www.redbubble.com/privacy

d) Contacting us via e-mail or contact form
Next to using e-mail for questions of any kind, we offer a contact form on my website as means to get in touch with us. In order for us to be able to reply, stating a valid e-mail is necessary. Any further information can be given voluntarily based on Art. 6 Para. 1 lit. a) GDPR. The data given by using our contact form or e-mail will be deleted automatically after the inquiry is done and there is no further legal obligation to store your data, such as an order or contract resulted therefrom.


2. Controller of your data

The party responsible for this website (the “controller”) for purposes of data protection law is:
Kristina Winter
Immenkoppel 6
22339 Hamburg

Illustrator
Small firm according to §19 UStG
Finance Office Hamburg Oberalster
Mail: contact[at]pen-winter.com | k.winter[at]pen-winter.com


3. Data transfer

Data transfer to third parties is not happening unless for the following reasons:
• You give your clear consent for us to do so, according to Art. 6 Para. 1 lit. a) GDPR,
• the transfer is necessary according to Art. 6 Para. 1 lit. f) GDPR, and there is no reason to assume you have a predominant interest of your data not being transferred,  

• the controller is legally tied to transfer data according to Art. 6 Para. 1 lit. c) GDPR, and

• if transferring is legally permissible and required to process contractual relationships according to Art. 6 Para. 1 lit. b) GDPR.


4. Rights of affected persons

Persons affected by the processing of their personal data may have rights to obtain information about the personal data that affects them, or to have such data corrected or deleted (“right to be forgotten”), or to have the processing of that data restricted or its transferability modified.

a) Right of withdrawal
You have the right to withdraw your agreement at any given time. The withdrawal does not affect the legitimacy of the process prior of the withdrawal.

b) Right to object and right to appeal
Is the processing of your personal data required to perform a task of public interest (Art. 6 Para. 1 lit. e) GDPR), or required to keep our justified interests (Art. 6 Para. 1 lit. f) GDPR), you have the right to object. Furthermore y
ou have the right to appeal to a regulatory authority if you believe that the processing of the personal data affecting you violates the GDPR.


5. Paypal as payment method

On this website, PayPal components are integrated. PayPal is an online payment service provider. PayPal accepts trustee functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject chooses “PayPal” as the payment option in the online shop during the ordering process, data of the data subject is automatically transmit to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing. The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order. The transmission of the data is aimed at payment processing and fraud prevention. 

PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or for data to be processed in the order. The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing. Please see the PayPal Privacy Policy for more details.


6. Cookies, Google Analytics, Social Media Plug-in and tools

The cookie consent of this website automatically expires after 6 months.
Our shopping cart system (WooCommerce) and checkout mechanism (PayPal) are using cookies. Some of these cookies are sessional and are required for the payment process to work and no longer have an effect once you have logged out of the site, or expire on their own after 2 days. Others remain on your internet browser once you have left the site. For information on how PayPal uses cookies and on blocking, deleting or disabling cookies, please see the Paypal’s Privacy Policy.
This website does not use Google Adsense, Analytics or Fonts. There are no social media plug-ins installed on this website.


7. External profiles and Facebook

On this website, I link to our social media profiles/pages like Facebook, Instagram, twitter Youtube, tumblr, redbubble, inprint, dasAuge and Etsy. The promotional purposes of these pages are within our legitimate interest in accordance to the GDPR. The responsibility to comply with the GDPR rests with the respective service provider. 

If you visit our external profiles, your browser automatically sets up a connection to the server of the corresponding website. If you are in the possession of a account or profile of these services, and logged in, the visit of our profile will be assigned to your account. For example, by using the “like” and “share” buttons on Facebook, that data is directly transmitted and saved on servers of Facebook. In addition, that information will be published on your Facebook profile and be visible to your Facebook friends. Likewise do twitter, tumblr and Instagram and most social media websites.

These external service providers can use the collected data for the purpose of advertisement, market research and personalised presentation of their websites. Facebook, as example, can share your activity on our page with other Facebook users and use it to offer services connected to Facebook, by creating usage, interest, and relationship profiles. If you do not wish this data to be collected and assigned to your accounts, you have to log out of these before visiting my page. Purpose, usage and extent of data processing by Instagram can be found here: help.instagram.com
Twitter: twitter.com/en/privacy
tumblr: tumblr.com/privacy

As defined by the GDPR, combined responsible parties of my facebook page (https://www.facebook.com/PenWinterArt) are:

Facebook Ireland Ltd. (in following „Facebook“)
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Irland

and the controller named in 1. of this privacy notice.

a) Information about my Facebook page
We run our page in order to gain attention for our services and products and to be able to communicate with you as a visitor of that site. As owner of that facebook page, we have no interest on gaining personal data or to handle personal data for analysing or marketing purposes.  We operate our Facebook page, including the handling of personal data of its users, within our justified interests in a contemporary and widely supported means of information and interaction opportunity with our visitors and users according to art. 6 paragraph 1 lit. f GDPR.

b) Handling of personal data by Facebook
The European Court (EuGH) ruled on the 5th of June 2018 Facebook and the creator of a facebook page to be combined controller for the handling of personal data. To our knowledge Facebook is using personal data of users for the following purposes: advertising (analysis, creating personalised advertising), creating user profiles, market research.
Facebook is using cookies in order to save and handle these data. If the user possesses a Facebook account and is logged in, these data is also collected across devices. The privacy notice of Facebook holds more information on this topic: facebook.com/about/privacy/

Your right to object (so called. Opt-Out) can be found here: facebook.com/settings?tab=ads and here youronlinechoices.com. Facebook Inc., the US American mother company of Facebook Ireland Ltd. is certified with the EU-U.S. Privacy-Shield and thus promises to act according to the European privacy policies. Further information of the state of the Privacy-Shield can be found here: privacyshield.gov. The transfer and further handling of personal data of Facebook users to third party countries, like the USA, and possible risks by this for the users can not be ruled out by me as owner of my facebook page. 

c) Statistic data
Our Facebook page gives us access to so called “insights” of different categories (‘Follower’, ‘Liked’, ‘People Reached’ and ‘Engagement’) and a choosable timespan. Those statistics are generated and offered by Facebook. As the page owner we have no impact on the creation and visualising of these. We can not turn off this function, nor stop this statistic data from being created and spread.
The insights displayed are: Page views, page likes, post engagements, reach, video views, comments, shares, actions on page, replies, clicks on shop, demographic data about people who liked my page based on age, gender, country and language provided by their user profile. Due to the permanent development of Facebook, the accessibility and processing of data is a subject of change, thus we refer to Facebooks privacy policy stated above. 

d) User rights
If you want information, or if you have questions about your rights as a user, we recommend contacting Facebook directly, as only Facebook has complete access to your user data.  If you need help to contact Facebook, or if you have general questions, feel free to email us. If you wish to end the data processing stated above, please use the function of recalling your “like” by “unliking the page” and/or “unfollow this page”. This stops the connection of your profile data to a page’s insights.

Do NOT follow this link or you will be banned from the site!