As of 25 May 2018, data processing in Europe is subject to the uniform provisions of the EU General Data Protection Regulation (GDPR).
The following privacy policy provides you with information about the processing of personal data by Malaika Online Store GmbH, Dubrowstr. 29, 14129 Berlin, Germany (Malaika, 'we' and/or 'us') within the context of use of our website at www.malaikalinens.com and www.malaika-store.com ('website/page(s)') and our applications in compliance with the GDPR and the German Data Protection Act (BDSG).
Please carefully read our privacy policy. If you have any questions or comments about our privacy policy, please contact us at customer-service@malaika-store.com
Contents
1 Controller name and contact information
2 The purpose of data processing, legal bases and legitimate interests pursued by the controller or a third party as well as categories of recipients and origin of data
2.1 Using our website/applications
2.1.1 Log files
2.1.2 Cookies, tracking, social media plugins
2.2 Objective, implementation and/or termination of contract
2.2.1 Data processing on conclusion of contract
2.2.2 Use of data for fraud prevention purposes
2.2.3 Transmitting data to transport service providers
2.2 Data processing for advertising purposes
2.3.1 Advertising mailings (including online advertising)
2.3.2 Newsletter and analysis of your user behaviour
2.3.3 Product recommendations via e-mail
2.3.4 Contests
2.4 Online presence and website optimisation
2.4.1 Cookies - general information
2.4.2 Google Analytics
2.4.3 Google AdWords
2.4.4 Google Conversion Tracking
2.4.5 Microsoft
2.4.6 Facebook
2.4.7 Other service providers
2.4.8 Targeting
2.4.9 Advertising partners/third-party cookies
2.4.10 Objecting/opting out
2.5 Customer account/user account
2.6 Contacting us
2.7 Customer ratings/comments
2.8 Applications
2.9 Origin of data
3 Recipients within and outside the European Union
4 Your rights
4.1 Overview
4.2 Right to object
4.3 Right to withdraw consent
5 Automated individual decision-making, including profiling (Article 22 GDPR)
6 No obligation to provide your data
1 Controller name and contact information
This privacy policy applies to data processing through
Malaika Online Store GmbH
Dubrowstr. 29
14129 Berlin
Germany
Telephone: +49 - 30 - 80499042
E-Mail address: customer-service@malaikalinens.com
Malaika is represented by its managing director Stefanie Hollerbach-Amereller
2 The purpose of data processing, legal bases and legitimate interests pursued by the controller or a third party as well as categories of recipients and origin of data
2.1 Using our website/applications
2.1.1 Log files
When visiting websites/opening applications the respective internet browser on your device sends information to the server hosting our website and temporarily saved to log files. The datasets saved in the process contain the following data which is stored until automatically erased: Date and time accessed, name of the page visited, IP address of the requesting device, referrer URL (URL of the page which redirected you to our page), the data volume transferred, loading time, as well as product and version information of the browser being used, your operating system, and the name of your access provider.
The legal basis for processing the IP address is Article 6(1)(f) GDPR. Our legitimate interest is
ensuring a good connection,
ensuring convenient use of our website/application,
analysing system security and stability.
The information does not enable, nor do we attempt to identify you directly. You may object to processing of your personal data in our legitimate interests at any time as explained under Item 4.3.
Data is stored and automatically erased after achieving the specified purposes. The defined periods for erasure are based on the criterion of necessity.
2.1.2 Cookies, tracking, social media plugins
Our website uses so-called cookies, tracking tools, targeting methods and social media plugins. The precise methods and how your data is used for this purpose is detailed under Item 2.4 below.
2.2 Objective, implementation and/or termination of contract
2.2.1 Data processing on conclusion of contract
When registering on our website and/or concluding an additional contract with us, we process the data required for conclusion, performance or termination of the contract with you. This includes:
first name, last name
billing and delivery address
e-mail address
billing and payment data
telephone number
bank data and,
if applicable, date of birth.
The legal basis for this is Article 6(1)(b) GDPR, i.e. the data is provided by you based on the respective contractual relationship (e.g. maintaining your customer/user account, fulfilling a sales contract) between you and us. When placing a purchase order through our website according to statutory provisions of the German Civil Code (BGB) obliging us to send you an electronic order confirmation we are further obliged to process your e-mail address (Article 6(1)(c) GDPR).
Provided this data will not be used by us for advertising purposes (see 2.3. below), the data collected for performance of contract is stored for the term of the contract and until expiry of statutory or possible contractual warranty and guarantee rights. Upon expiry of this period the information arising from the contractual relationship required under commercial and tax law is stored for the periods specified by law. During this period the data will solely be processed again in the event of a tax audit.
Fulfilling a sales contract through our website/applications further requires data processing as follows:
We transmit your payment data to payment service providers assigned by us to process the payment(s). We share your delivery address information with logistics companies and shipping partners assigned by us. To ensure despatch meets your wishes we share your e-mail address and, if necessary, the telephone number with the logistics company and/or shipping partner assigned by us carrying out delivery. These may contact you prior to delivery to coordinate delivery with you. The respective data is transmitted solely for the specified purposes and erased following delivery.
2.2.2 Use of data for fraud prevention purposes
The data provided by you in connection with a purchase order may be used to verify if the order process is abnormal (e.g. simultaneous order for variety of products to the same address using different customer account). This review on principle constitutes our legitimate interest. The legal basis for processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the ability to prevent fraud attempts at our expense, thus preventing economic disadvantages for us.
2.2.3 Transmitting data to transport service providers
We work with logistics providers logistics providers/transport companies and/or shipping partners for delivery of the goods ordered: The following data may be shared with these for the purpose of delivering the goods ordered or to notify you: First name, last name, postal address, e-mail address, telephone number (e.g. for delivery notice).
The legal basis for processing is Article 6(1)(b) GDPR.
2.3 Data processing for advertising purposes
2.3.1 Advertising mailings (including online advertising)
We generally have a legitimate interest in using your data for marketing purposes. We process the following data for our own marketing purposes and for third-party marketing purposes: First name, last name, postal address, if necessary the year of birth.
We are further entitled to store additional personal data, collected in compliance with the law, along with said data for our own marketing purposes and for third-party marketing purposes. The goal is to provide you with advertising solely based on your actual or perceived needs and not to inconvenience you with useless advertising.
The additional data stored is not transmitted to third parties. Malaika further pseudonymises/anonymises your personal data collected for the purpose of using the pseudonymised/anonymised data for our own marketing purposes and third-party marketing purposes (advertisers).
The pseudonymised/anonymised data may also be used to show online advertisements tailored to your needs, in which case the advertising may be controlled by third-party service providers and/or agencies. The legal basis for using personal data for marketing purposes is Article 6(1)(f) GDPR. Our legitimate interest is enabling us to provide you with advertising tailored to you and thus presenting our company specific to your personal preferences.
Notice of your right to object
You may at any time object to your personal data being used for the above marketing purposes free of charge with future affect by contacting customer-service@malaika-store.com.
Upon objecting, your data will be blocked from further data processing for advertising. Please note, in some cases we may temporarily still send you advertisings after receiving your objection. This is for technical reasons due to the lead time required during selection and does not mean your objection has not been implemented.
2.3.2 Newsletter and analysis of your user behaviour
Our website/applications feature an option to subscribe to our newsletter. We use the so-called double opt-in method (DOI method) to verify no mistakes occurred when entering the e-mail address: After entering your e-mail address in the registration field and consenting to receive our newsletters we will send a confirmation link to the address provided. Your e-mail will not be added to our newsletter distribution list until the confirmation link has been clicked. The legal basis for this data processing is Article 6(1)(f) GDPR in each case.
Our newsletters include an image one pixel in size (pixel counter) which the server fetches when opening the newsletter. Fetching this collects technical information such as information about your browser or system as well as your IP address and the time accessed. This information is used to make technical improvements to our services. The statistical inquiries include determining whether the newsletter is opened, when they are opened and which links are clicked. This serves the purpose of determining the reading behaviours of our users and tailoring our contents to this, or to deliver different contents based on the interests of our users.
The legal basis for this data processing is Article 6(1)(f) GDPR.
If you do not wish we process usage data related to our newsletters received by you as described above, you can prevent us from receiving the respective information, thus exercising your right to object - notwithstanding items 4.2 and 4.3 - as follows:
Information about newsletter delivery:
Unsubscribing the newsletter (see note below)
Information about opening the newsletter:
Blocking images in your e-mail client. The help function of your e-mail client can typically provide detailed information related to this topic.
Information about clicks from the newsletter:
Avoid clicking images and links in a newsletter.
Your surfing behaviour on our website after clicking an offer in a newsletter:
- Configure your browser to block cookies. For detailed information please refer to Item 2.4.1. Please note, blocking cookies may prevent you from being able to make full use of the functions on our website.
- You can alternatively object to tracking your surfing behaviour here (external link) and here (external link) (also see Item 2.4.7).
Device used including e-mail client and operating system:
Block images in your e-mail client and avoid clicking on images and links in a newsletter. Please note, even after taking these measures we still receive information about your operating system when visiting our website.
Right to object
You may withdraw your consent at any time with future effect by writing to customer-service@malaika-store.com or click the unsubscribe link at the end of every newsletter.
2.3.3 Product recommendations via e-mail
As an existing customer of our web shop we routinely send you recommended products by e-mail. You will receive these product recommendations regardless if you have subscribed to a newsletter. We therefore use the e-mail address provided by you when placing an order to advertise our products and/or services similar to those you have previously purchased from us. The legal basis for this data processing is Article 6(1)(f) GDPR.
Right to object
You may object to our product recommendations at any time with future effect by writing to customer-service@malaikalinens.com.
2.3.4 Contests
If you enter a contest held by Malaika, we will use the data provided when entering for the purpose of implementing the participation contract, particularly to notify winners and, where applicable, to advertise our offers and/or offers of our contest partners. For detailed information please refer to the eligibility requirements for the respective contest. The legal bases for this data processing are Article 6(1)(a) GDPR, Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.
2.4 Online presence and website optimisation
2.4.1 Cookies - general information
Some of our pages use cookies to make our website more attractive and allow the use of certain functions as well as to collect statistical data about the use of our website. Cookies are small text files automatically generated by your browser and saved to your device (laptop, tablet, smartphone, etc.) when visiting our site. Cookies are not harmful to your device and do not contain viruses, trojans or other malware. Information related to the specific device used is saved to the cookie. However, this does not mean it provides us with direct knowledge concerning your identity.
Most cookies used by us are deleted at the end of the browser session (so-called session cookies). These allow us to provide you with e.g. displaying the basket on different pages, providing you with information about how many items are currently in your basket and your current order total. Other cookies remain on your computer and allow us to recognise your computer the next time you visit our website (so-called permanent or persistent cookies). These cookies are specifically used to make our offering user-friendly, more effective and more secure. These files allow us to for example display information on the page specifically tailored to your interests.
You can certainly configure your browser to block our cookies from being saved to your device. The help function in the menu bar in most browsers explains how to prevent your browser from accepting new cookies, to have your browser notify you of new cookies, or how to delete existing cookies and block all future cookies.
Use the following steps to do so:
2.4.1.1 In Internet Explorer
In the "Extras" menu select "Internet Options".
Click on the "Privacy" tab.
You can now change the security settings for the Internet zone. Here you can configure if and which cookies to accept or block.
Click "OK" to confirm your settings.
2.4.1.2 In Firefox:
In the "Extras" menu, select Options.
Click "Privacy & Security".
In the drop-down menu select "custom".
You can now configure whether to accept cookies, how long the cookie will be stored and add exceptions for websites for which you always or never want to allow cookies.
Click "OK" to confirm your settings.
2.4.1.3 In Google Chrome:
Click on the Chrome menu in the browser toolbar.
Now click "Settings".
Click "Advanced".
Under "Privacy and security" click "Content settings".
Click "Cookies" for the following settings:
Clearing cookies
Blocking all cookies
Always clearing website data when exiting the browser
Allowing cookies from specific websites or domains
However, please note that in this case you may not be able to make full use of all functions on this website.
If these cookies and/or the information they contain pertain to personal data, the legal basis for data processing is Article 6(1)(f) GDPR. Our interest to optimise our website is the legitimate interest as defined by the above provision.
2.4.2 Google Analytics
We use Google Analytics, a web analysis provide by Google LLC ('Google'), to tailor the design to needs and continuously optimise our website on the basis of Article 6(1)(f) GDPR. Google Analytics uses so-called "cookies', text files which are stored on your computer, enabling analysis of your use of the website. In this context we create pseudonymised usage profiles and use cookies. The information generated by the cookie about your use of the website such as
browser type/version,
operating system used,
referrer URL (previously visited site),
host name of the requesting computer (IP address),
time of the server request
Google uses this information on behalf of the website operator to analyse your use of the website, to compile reports on website activities and to provide the website operator with other services related to the use of the website and the internet. The IP address transmitted by your browser in line with Google Analytics is not merged with other Google data. You can configure your browser settings to prevent the cookies from being stored; however, please note that doing so may prevent you from being able to make full use of all functions on this website. You can further prevent Google from collecting the data related to your use of the website generated by the cookie (including your IP address) and Google processing this data by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
2.4.3 Google AdWords
Our website uses Google AdWords. Google AdWords is an online advertising program provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ('Google').
In the process we for one use the remarketing function of the Google AdWords service. The remarketing function allows us to show interest-based advertising to users of our website when visiting websites within the Google Display Network (on Google itself, so-called 'Google ads' or on other websites). The user's interaction with our website is analysed for this purpose, e.g. the offers the user was interested in, to also enable us to show users targeted advertisements on other websites after leaving out website. Google saves a number to the browser of users visiting specific Google services or websites within the Google Display Network for this purpose. This number referred to as 'Cookie' tracks this user's visits. This number is solely used as a unique identifier for a web browser on a specific computer, not to identify a person - personal data is not stored. The legal basis for this data processing is Article 6(1)(f) GDPR.
You can block cookies from Google by clicking on the following link to download and install the plug-in: www.google.com/settings/ads/plugin.
For more information about Google Remarketing and the Google privacy policy please visit: www.google.com/privacy/ads/ .
2.4.4 Google Conversion Tracking
In line with using the Google AdWords service we further use so-called Conversion Tracking. Clicking on an advertisement placed by Google will store a Conversion Tracking cookie to your computer/device. These cookies expire after 30 days, contain no personal data and therefore do not enable personal identification. The information collected by the conversion cookie is used to compile conversion statistics for AdWords customers who decided to use Conversion Tracking.
The legal basis for this data processing is Article 6(1)(f) GDPR.
You can configure your browser settings to prevent the cookies from being stored; however, please note that doing so may prevent you from being able to make full use of all functions on this website. You can further block interest-based advertisements on Google and interest-based Google advertisements online (within the Google Display Network) in your browser by visiting http://www.google.co.uk/settings/ads and clicking 'Off' or visiting http://www.aboutads.info/choices/ to disable these. For more information about your configuration options in this respect and the Google privacy policy please visit https://policies.google.com/privacy?hl=gb&gl=uk.
2.4.5 Microsoft
Our online offers further use Conversion Tracking by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads saves a cookie to your computer for this purpose if you clicked a Microsoft Bing advertisement and were redirected to our website. This allows Microsoft Bing and us to determine somebody clicked an advertisement, was redirected to our website and reached a predefined target page (conversion page). This only provides us with the total number of users who clicked on a Bing advertisement and were then redirected to the conversion page. It provides no personal information related to the user's identity. If you do not wish to participate in tracking, you can also reject the cookie required for this purpose - for example using the browser setting which blocks all cookies. For more information about privacy and the cookies used by Microsoft Bing please visit the Microsoft website: https://privacy.microsoft.com/en-gb/privacystatement
The legal basis for this data processing is Article 6(1)(f) GDPR.
2.4.6 Facebook
A pixel for Facebook Ireland Ltd. is embedded in our website (so-called Website Custom Audience Pixel). This pixel collects pseudonymised information about your use of this website (e.g. information about items viewed). The collected information can be used to show custom advertisements e.g. in your Facebook account. You can click here to object to this information being collected.
The legal basis for this data processing is Article 6(1)(f) GDPR.
2.4.7 Other service providers
To tailor the design to needs and continuously optimise our website we further use services which collect pseudonymised/anonymised data through cookies which allow your internet browser to be recognised. Usage profiles are not merged with data concerning the owner of the pseudonym. Any IP addresses processed are masked immediately after they are received. You can object to this data being collected and stored by the service provider at any time using the following link:
https://www.econda.de/en/data-storage-opt-out/
2.4.8 Targeting
We use the following so-called targeting measures based on Article 6(1)(f) GDPR. We use these targeting measures to ensure you will only see advertisements based on your actual or presumed interests on your device and will not be inconvenienced with advertising not relevant to you.
2.4.8.1 On-site targeting
Our website uses cookies to collect and analyse information for the purposes of optimising the advertisements shown. This information includes e.g. information about which products you viewed on our websites/applications. All collection and analysis is pseudonymised and does not enable identifying you. This information is specifically not merged with your personal data. The information allows us to show you offers on our site based on your specific interests according to your previous user behaviour.
2.4.8.2 Re-Targeting
We further use re-targeting technologies of external service providers. Re-targeting allows us to make your online offer more interesting for you. For example, we can specifically target our online advertisements on our partner websites to users who previously showed an interest in our shop and products. Studies show that internet users are more interested in custom, interest-based advertisements than advertisements of no personal relevance.
A cookie is added for this purpose which collects data related to interests under pseudonyms. Based on this information our partner websites will show you interest-based advertisements related to our offers. Direct personal data is not collected, nor are usage profiles merged with your personal data.
You can disable data collection for custom advertising purposes. This will add a cookie which permanently prevents data collection until the cookie is specifically deleted in your browser or using "Delete all cookies". You can object again at any time.
2.4.9 Advertising partners/third-party cookies
We work with advertising partners to make online offers on our site even more interesting for you. Cookies from our advertising partners (so-called third-party cookies) are therefore also added when visiting our site. The cookies from our advertising partner also collect pseudonymised information about your user behaviour and your interests when visiting our website. They also collect some information related to your visit to other sites before visiting our website. This information is used to show you interest-based advertisements from our advertising partners. No personal data will be saved, nor will usage profiles be merged with your personal data.
You can change your cookie settings in your browser to prevent interest-based advertisements from our advertising partners.
2.4.10 Objecting/opting out
In addition to the disabling options described above, you can also block the specified technologies in general by changing the cookie settings in your browser. You can further disable preference-based advertising with this preference manager.
2.5 Customer account/user account
For maximum convenience you can permanently store your personal data in a password-protected customer account/user account.
Creating a customer account is generally voluntary. When creating a customer account the data collected in this respect is processed based on Article 6(1)(b) GDPR. After creating a customer account you do not need to re-enter your data. You can further view and change the personal data saved to your customer account at any time.
Creating a customer account is only required for performance of contract when placing an order through our website/application.
In addition to the data required when placing an order, you will need to choose a password when creating a customer account. This will be required along with your e-mail address to access your customer account. Please keep your personal login data confidential and do not allow unauthorised third parties to access it. Please note, you will automatically remain logged in after leaving our website unless you log out of your account.
You may delete your customer account at any time. However, please note if you have previously purchased from us, this will not delete the data shown in the customer account. Your data is deleted after expiry of the retention periods under commercial and tax law to which we are subject. The legal basis for this further data processing is Article 6(1)(c) GDPR and Article 6(1)(f) GDPR, with our legitimate interest being retaining the data for any applicable legitimate reasons for storage.
2.6 Contacting us
We offer different options to contact us. Via e-mail, telephone, using the contact form, or by post. When contacting us we use any personal data freely provided by you in this respect for the sole purpose of contacting you and processing your inquiry.
The legal basis for this data processing is Article 6(1)(a), Article 6(1)(b), Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. When processing data based on Article 6(1)(f) our required legitimate interest for responding to your inquiry is to allow us to present our company in a positive light and ensure a high level of satisfaction among customer/prospective customers.
2.7 Customer ratings/comments
When users leave a comment or otherwise post on our website/in our application their data is stored based on our legitimate interests as defined by Article 6(1)(f) GDPR. This is for our protection in the event somebody adds comments or posts with illegal contents (insults, prohibited political propaganda, etc.), which also constitutes our legitimate interest in this data processing. You may generally publish contents with us using a pseudonym and/or your first name and an abbreviation for your last name.
2.8 Origin of data
We generally only collect your personal data from you. In exceptions where this is not the case we will specifically notify you. However, we may also receive data from others, namely the person entering it in the respective areas of our website (e.g. creating an account, using the contact form).
When transmitting personal data concerning a third party to us through our website you are obliged to comply with all of the requirements under data protection law, particularly under Article 5 to 9 as and 12 GDPR. Otherwise we do not have your consent to collection with respect to the data provided and reserve the right to take legal action against you.
3 Recipients within and outside the European Union
In some circumstances your personal data may also be shared with specific recipients. In the process your data, without prejudice to other information related to recipients in this privacy policy, may be transmitted to the following bodies:
Public authorities to which data must be transmitted by virtue of statutory provisions (e.g. fiscal and supervisory authorities)
Internal departments involved in carrying out tasks (e.g. Sales, IT, IT Security)
Vendors (e.g. IT service providers)
With the exception of the following processing we do not share your data with recipients domiciled outside the European Union or the European Economic Area. The specified processing includes data transmission to the server of the provider of tracking or targeting technologies assigned by us. These servers are located in the USA. Data is transmitted based on the so-called EU standard contract clauses of the EU commission and the principles of the so-called Privacy Shield.
4 Your rights
4.1 Overview
You may exercise your rights against us under this Item 4 directly with us or with our data protection officer. Please refer to Item 1 and Item 2 for the respective contact information.
In addition to the right to withdraw your consents you have granted us you are entitled to the following additional rights if the following respective legal requirements apply:
the right to obtain information about the personal data concerning you stored by us (Article 15 GDPR), and can specifically obtain information about the purposes of the processing, the categories of personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, where the personal data are not collected from the data subject, any available information as to their source;
the right to rectification of inaccurate personal data (Article 16 GDPR),
the right to erasure of personal data concerning you we have stored (Article 17 GDPR), unless required for compliance with statutory or contractual retention periods or other legal obligations or rights to further storage by us,
the right to restriction of processing of your data (Article 18 GDPR), provided the accuracy of the personal data is contested by you, the processing is unlawful and you oppose the erasure of the personal data; we no longer need the data but they are required by you for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Article 21(1) GDPR,
the right to data portability under Article 20 GDPR, i.e. the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, or to request transmission of those data to another controller
the right to lodge a complaint with a supervisory authority. You can typically lodge contact the supervisory authority of your habitual residence, place of work or of our place of business.
4.2 Right to object
You have the right to object to data processing on grounds relating to your particular situation subject to the requirements of Article 21(1) GDPR.
The above general right to object applies to all data processing purposes specified in this privacy policy on the basis of Article 6(1)(f) GDPR. Unlike the special right to object related to data processing for advertising purposes, according to the GDPR we are only obliged to implement such general objection if you provide us with overriding reasons (e.g. possible risk for life or health).
4.3 Right to withdraw consent
Provided we are processing data based on your consent, you have the right to withdraw consent at any time. Withdrawing your consent does not invalidate data processing based on consent prior to withdrawal.
5 Automated individual decision-making, including profiling (Article 22 GDPR)
Your personal data processed will not be used for automated decision-making which produces legal effects concerning you or similarly significantly affects you.
However, your personal data processed will be used to provide you with personal recommendations on our website using pseudonymised usage profiles. With your consent this personalisation may also be used in our newsletters.
6 No obligation to provide your data
You are under no obligation to provide us with your data. However, we may require your data for performance of contract, e.g. if you wish to purchase one or multiple products from our website. Without the required personal data outlined in this privacy policy which you will be prompted to provide we may be unable to enter into contract with you for perform a previously concluded contract.
Moreover, should you use e.g. technical measures to prevent us from receiving data required to use our website (see in particular Item 2.4), you may not be able to use our website or use it to the full extent.
We are unfortunately also unable to provide you the respective service without the required data (e.g. related to contact or when participating in a contest).