0
X

Privacy Policy

This Privacy Policy informs you how EXPANDED.ART (“Site”) collects, uses, and discloses your personal information when you visit, make a purchase from the Site or communicate with us electronically as well as about your rights in this regard.

Responsible for data processing:

EXPANDED.ART Misa Art GmbH Alexandrinenstr. 118-121 D-10969 Berlin

Tel: +49 30 26103080 info@expanded.art

in the following “we”

You can find more details about us in our imprint.

PERSONAL DATA, PURPOSES OF THEIR PROCESSING AND LEGAL BASES

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the identity of that natural person.

The purpose of processing personal data on our website is in particular to operate a website with information about our offers and about us, processing purchases as well as to provide customer support in this regard. The legal basis for the data processing in this regard is:

- for the use of the website (Art. 6(1) sentence 1 b) General Data Protection Regulation (“GDPR”)), - for safeguarding our interest in improving the user experience, advertising and presenting our services or maintaining the security of use (Art. 6(1) sentence 1 f) GDPR), - for the use of the services offered on the website as well as for pre-contractual measures, in particular for inquiries, for example (Art. 6(1) sentence 1 b) GDPR), - for the fulfillment of a legal obligation to which we are subject (Art. 6 (1) sentence 1 c) GDPR).

Your data processed during the use of our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information on individual processing procedures is provided below:

SERVER LOG FILES

When you visit our website, the servers automatically store the information that your browser sends, so-called server log files.

The information includes the following:

- name of the retrieved website - file - date and time of the retrieval - amount of data transferred - message about successful retrieval - browser type and version - operating system of the user - referrer URL (the previously visited page) - IP address of the requesting computer and - provider

The temporary storage of the IP address by the system is necessary to enable delivery of the website to your terminal device. For this purpose, the IP address must remain stored for the duration of the session. This data is not merged with other data sources. The information is used exclusively to analyze and maintain the technical operation of the servers and the network. The legal basis for this is Art. 6(1) sentence 1 f) GDPR.

PURCHASE PROCESSING

The data you provide for purchases are processed by us for the purpose of contract execution and are necessary to this extent. Conclusion and processing of the purchases are not possible without the provision of your data. The legal basis for the processing is Art. 6(1) sentence 1 b) GDPR.

We delete the data with complete contract execution, but must observe the retention periods under tax and commercial law.

In the context of contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or for payment purposes.

The legal basis for the transfer of data is then Art. 6(1) sentence 1 b) GDPR.

CUSTOMER ACCOUNT

If you create a customer account with us, we will collect and store the data you enter during registration for pre-contractual services, for the fulfillment of the contract or for the purpose of customer care (e.g. to provide you with an overview of your previous orders with us or to be able to offer you the so-called memo function). At the same time, we then store the IP address and the date of your registration along with the time.

Insofar as you consent to this processing, Art. 6(1) sentence 1 a) GDPR is the legal basis for the processing. If the opening of the customer account also serves pre-contractual measures or the fulfillment of the contract, the legal basis for this processing is also Art. 6(1) sentence 1 b) GDPR. The consent given to us for the opening and maintenance of the customer account can be revoked at any time with effect for the future in accordance with Art. 7(3) GDPR. For this purpose, you only need to inform us of your revocation.

The data collected in this respect will be deleted as soon as the processing is no longer necessary. However, we must observe retention periods under tax and commercial law.

CONTACT VIA E-MAIL

If you send us inquiries via email, the information you provide in the email, including the data you enter there, will be processed for the purpose of processing the inquiry and, if necessary, for the case of follow-up questions. The legal basis for this is Art 6(1) sentence 1 b) GDPR.

NEWSLETTER

We inform with our newsletter in regular intervals about our activities. This newsletter can only be received if the respective person has subscribed to receive the newsletter and has a valid email address. On our Site you have the possibility to subscribe to our newsletter. For this purpose, the name and email address of the respective person who would like to subscribe to the newsletter are transmitted to us via the input mask. When subscribing to the newsletter, we also store the IP address of the computer system used by the data subject at the time of subscription, as well as the date and time of subscription. We need to collect this data in order to be able to track any misuse of the email address. This serves our legal protection. Personal data that we receive as part of the subscription to the newsletter will only be used by us for sending the newsletter or a change to the newsletter offer.

SHARING PERSONAL INFORMATION

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you:

SHOPIFY

We use Shopify to power our online store for our offers and the processing of purchases. The legal basis for the transfer of data is Art. 6(1) sentence 1 b) GDPR.

Shopify is the service of a group of companies, but as we are located in the European Economic Area (EEA), processing is performed by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. However, due to the group of companies, it cannot be ruled out that processing also takes place in Canada and the USA. In the case of data transfer to the Canadian Shopify Inc., however, an adequate level of data protection is guaranteed by adequacy decision of the European Commission.

You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.

SHOPIFY WEB ANALYTICS

Insofar as we also use the Shopify web analytics service on our website, Shopify stores cookies on your terminal device via your internet browser. Please find more information on this below under "Cookies".

CONVELIO SA

We use Convelio SAS, 68, avenue Parmentier, 75011, Paris (France) for shipping estimates.

You can read more about how Convelio uses your Personal Information in our Shipping Policy.

COOKIES

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the Site or browse from one page to another. Cookies also provide information on how people use the Site, for instance whether it’s their first time visiting or if they are a frequent visitor.

The legal basis for this processing is Art. 6(1) sentence 1 b) GDPR, insofar as these cookies data are processed for contract initiation or contract execution.

If the processing does not serve the purpose of initiating or executing a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6(1) sentence 1 f) GDPR.

For technically unnecessary cookies or marketing cookies, etc., we require your consent. If you have given us your consent to the use of cookies on the basis of a notice ("cookie banner") the legality of the use is additionally based on Art. 6(1) sentence 1 a) GDPR.

We use the following cookies to optimize your experience on our Site and to provide our services:

COOKIES NECESSARY FOR THE FUNCTIONING OF THE STORE

Name

Function

_ab

Used in connection with access to admin.

_secure_session_id

Used in connection with navigation through a storefront.

cart

Used in connection with shopping cart.

cart_sig

Used in connection with checkout.

cart_ts

Used in connection with checkout.

checkout_token

Used in connection with checkout.

secret

Used in connection with checkout.

secure_customer_sig

Used in connection with customer login.

storefront_digest

Used in connection with customer login.

_shopify_u

Used to facilitate updating customer account information.

REPORTING AND ANALYTICS

Name

Function

_tracking_consent

Tracking preferences.

_landing_page

Track landing pages

_orig_referrer

Track landing pages

_s

Shopify analytics.

_shopify_fs

Shopify analytics.

_shopify_s

Shopify analytics.

_shopify_sa_p

Shopify analytics relating to marketing & referrals.

_shopify_sa_t

Shopify analytics relating to marketing & referrals.

_shopify_y

Shopify analytics.

_y

Shopify analytics.

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistant and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our Site may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

AUTOMATIC DECISION-MAKING

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

Temporary denylist of IP addresses associated with repeated failed This denylist persists for a small number of hours.

Temporary denylist of credit cards associated with denylisted IP This denylist persists for a small number of days.

You have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

INSTAGRAM

We have integrated components of the social network Instagram on our website. Instagram is operated by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include, for example, content such as images, videos or texts and buttons where users can indicate their like, subscribe to the account of the author of the content or our posts. Instagram uses cookies to analyze user behavior. If the users are members of the Instagram platform, Instagram can assign the call of the aforementioned content and functions to the users' profiles there. Instagram's privacy policy can be found at: http://instagram.com/about/legal/privacy/

TWITTER

We have integrated components of the social network Twitter on our website. Twitter is operated by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include, for example, content such as images, videos or texts and buttons that allow users to indicate their liking, to subscribe to the account of the author of the content or to subscribe to our posts. If the users are members of the Twitter platform, Twitter can assign the call of the aforementioned content and functions to the profiles of the users there. Twitter is certified under the Privacy Shield agreement and guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active)

Information on individualization and data protection can be found here: https://twitter.com/de/privacy

FACEBOOK

We have integrated components of the social network Facebook on our website. Facebook is operated by Facebook Inc, Hacker Way, Menlo Park, CA 94025, U.S.A.. The responsible party for the processing of personal data, if the data subject does not live in the U.S. or Canada, is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. By calling up one of the subpages of our website on which we have integrated the Facebook component, the internet browser of the data subject is caused to download a representation of the corresponding Facebook components from Facebook. This informs Facebook that this subpage of our website has been accessed. An overview of all Facebook components can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE

If the data subject is logged into Facebook, Facebook recognizes that the data subject is visiting the subpage of our website. This information is collected by Facebook and assigned to the Facebook account of the data subject. Transmission of this data can be prevented, for example, by the data subject logging out of their Facebook account and deleting the cookies before accessing our website. The data protection provisions of Facebook can be found at https://www.facebook.com/about/privacy

This also results in possible settings for the protection of privacy and the suppression of data transmission to Facebook.

GOOGLE ANALYTICS

We have integrated Google Analytics on our website, an analysis service of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA. Google LLC uses cookies and analyzes from which website our website was visited, which of our subpages were visited and the length of stay. The information generated by the cookie is usually transferred to a Google LLC server in the USA and stored there. Google LLC is certified under the Privacy Shield agreement and thus guarantees compliance with European data protection law. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google LLC evaluates the use of our online offers on our behalf, and pseudonymous usage profiles can be created. Google Analytics is only used by us with activated IP anonymization. The IP address of the user is shortened by Google LLC within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and shortened there. The IP address is not merged with other data from Google. The storage of cookies can be prevented by a corresponding setting of the internet browser. Furthermore, the collection and processing of this data can be prevented by an internet browser add-on available here: http://tools.google.com/dlpage/gaoptout?hl=de

Further information and the privacy policy of Google LLC as well as setting and objection options, can be found here https://policies.google.com/privacy?hl=de&gl=de

YOUR RIGHTS

With regard to your personal data, you have in particular the following rights:

- Information, Art. 15 GDPR - Correction, Art. 16 GDPR - Deletion, Art. 17 GDPR - Restriction of processing, Art. 18 GDPR - Portability, Art. 20 GDPR

You also have the right to object to the processing of personal data, Art. 21 GDPR If you have given consent to the processing of personal data, you have the right of withdrawal, Art. 7 GDPR with effect for the future. Please address all inquiries, requests and notifications to us:

EXPANDED.ART Misa Art GmbH Alexandrinenstr. 118-121 D-10969 Berlin

Tel: +49 30 26103080 info@expanded.art

If you believe that the processing of personal data concerning you violates data protection law, you always have the right to lodge a complaint with the competent supervisory authority. According to Art. 77 GDPR, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for us is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstrasse 219, D-10969 Berlin.