Privacy Policy
Privacy Policy
INFORMATION ON PERSONAL DATA COLLECTION AND CONTROLLER CONTACT DETAILS
1.1 Thank you for visiting our website and for your interest. This notice explains how we collect, use, and protect personal data when you access or use our website. “Personal data” means any information that can identify you.
1.2 The controller responsible for processing personal data on this website under the EU General Data Protection Regulation (GDPR) is Isabelle’s Boutique. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
1.3 For security reasons and to protect data transmitted via our website (for example, order details or inquiries), we use SSL/TLS encryption. You can verify an encrypted connection by the “https://” prefix and the padlock icon in your browser.
There is no automated decision-making or profiling that produces legal effects or significantly affects you under Article 22 GDPR.
DATA COLLECTED WHEN YOU VISIT OUR WEBSITE
If you browse our site for information only and do not register or submit data, we collect only the information your browser sends to our server (server log files). These technical data are required to display the website and include:
- Requested webpage
- Date and time of access
- Amount of data transferred
- Referrer URL
- Browser type
- Operating system
- IP address (may be anonymized)
We process these data based on our legitimate interest in ensuring the stability and functionality of the website (Art. 6(1)(f) GDPR). These data are not combined with other personal data and are not shared except where required to investigate unlawful activity.
COOKIES
We use cookies to improve site usability and to enable certain features. Cookies are small text files stored on your device. Some cookies are session-only and are deleted when you close your browser (session cookies). Others remain on your device for a set period and may be used by us or third parties to recognize your browser on future visits (persistent and third‑party cookies).
Cookies may process information such as browser type, location data, and IP address. Persistent cookies have varying lifetimes depending on the cookie. We use cookies for purposes such as keeping items in a shopping cart or remembering preferences. If cookies process personal data, this is done either to fulfill a contract (Art. 6(1)(b) GDPR) or based on our legitimate interest in a functional and user-friendly website (Art. 6(1)(f) GDPR).
We may employ advertising partners who also place cookies on your device. If so, you will be informed about those cookies and what data they collect elsewhere in this policy.
You can control cookie settings in your browser and choose whether to accept or reject cookies. Each browser provides different instructions:
- Internet Explorer: Manage Cookies
- Firefox: Allow and Block Cookies
- Chrome: Cookie Settings
- Safari: Manage Cookies
- Opera: Cookie Preferences
When you first visit our site, we will request consent for non-essential cookies via a cookie banner. You may change your preferences at any time. Please note that disabling cookies may limit site functionality.
CONTACTING US
When you contact us (for example, by contact form or email), we collect the personal data you provide. The form will indicate the specific data required. We use your information exclusively to respond to your inquiry and for related administrative purposes.
The legal basis for processing is our legitimate interest in responding to communications (Art. 6(1)(f) GDPR). If your contact is intended to conclude a contract, processing is additionally based on Art. 6(1)(b) GDPR. Data will be deleted after your inquiry is fully resolved unless legal retention obligations require otherwise.
ACCOUNT CREATION AND ORDER PROCESSING
In order to open an account or conclude contracts with us, we collect and process personal data you provide for performance of the contract (Art. 6(1)(b) GDPR). The exact data requested is shown in the respective forms.
You may delete your account at any time by notifying the controller. We retain data necessary for order fulfillment and legal retention obligations (e.g., tax and commercial law). Once obligations expire or the account is deleted, we will restrict or delete data in accordance with statutory retention periods unless you have consented to further use or we have a lawful basis for continued processing, as explained here.
MARKETING COMMUNICATIONS
Email Newsletter
If you subscribe to our email newsletter, we will send promotional emails about our offers. The only required information is your email address; other fields are optional and used to personalize content.
We use double opt-in: after signing up you will receive a confirmation email with a link you must click to confirm. This consent is given under Art. 6(1)(a) GDPR. We also log the IP address and timestamp of registration to prevent misuse.
You may unsubscribe at any time via the link in each newsletter or by contacting us. After unsubscribing, your email will be removed from the mailing list unless you have consented to further use or we retain the data for lawful reasons explained elsewhere.
Email to Customers
If you provided your email during a purchase, we may send you offers for similar products or services by email based on our legitimate interest in direct marketing (Art. 6(1)(f) GDPR). You may object at any time without cost beyond basic transmission charges; upon objection we will stop sending such marketing messages.
DATA PROCESSING FOR ORDER FULFILLMENT
When necessary to deliver orders, we forward personal data to the shipping company and, where required, to payment processors. The legal basis for these transfers is contract performance (Art. 6(1)(b) GDPR).
Payment Service Providers
- PayPal
If you choose PayPal (including credit card, direct debit, or other PayPal payment options), payment data will be transmitted to PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A.) as needed for payment processing under Art. 6(1)(b) GDPR. PayPal may perform credit checks and share data with credit agencies as permitted under Art. 6(1)(f) GDPR. For PayPal’s privacy information, see PayPal’s Privacy Policy. You can object to PayPal’s processing by contacting PayPal directly; PayPal may still process data if required for contract performance.
- SOFORT
If you use SOFORT, payment processing is handled by SOFORT GmbH (part of Klarna Group). Payment and order information necessary for processing will be transmitted to SOFORT under Art. 6(1)(b) GDPR. See SOFORT’s privacy information for details.
REVIEW REMINDERS
If you consented during or after your order, we may send a one-time email reminder to request a review of your purchase. This is processed only with your explicit consent under Art. 6(1)(a) GDPR. You may withdraw consent at any time by contacting the controller.
SOCIAL MEDIA PLUGINS
To protect your data, social media buttons on our site are implemented using simple HTML links (Shariff-like approach) rather than full embedded plugins. This prevents an automatic connection to social network servers when you visit pages with those buttons. Clicking a button opens the respective social network page in a new window where you can interact after logging in.
For details about data collection and usage by these providers (Facebook, Google/Google+, Instagram, etc.), and your rights, please consult their privacy policies:
- Facebook: https://www.facebook.com/policy.php
- Google: https://www.google.com/intl/en/policies/privacy/
- Instagram: https://help.instagram.com/155833707900388/
ONLINE MARKETING AND ADVERTISING TOOLS
DoubleClick / Google Ads
We use Google advertising tools (DoubleClick, Google Ads/AdWords) to show relevant advertising and to measure campaign performance. These tools use cookies and may collect non-identifying information such as cookie IDs, ad impressions, and conversions. Processing is based on our legitimate interest in optimizing marketing (Art. 6(1)(f) GDPR). Google may link data to your Google account if you are logged in. To opt-out of Google advertising cookies or adjust settings, visit Google Ads settings or the Digital Advertising Alliance: www.aboutads.info.
Google Conversion Tracking and Remarketing
We use Google conversion tracking and remarketing to analyze ad effectiveness and display interest-based ads. Cookies used for conversion tracking typically expire after 30 days and are not used to personally identify you. For opt-out options and more information, consult Google’s privacy resources and the browser plugin referenced in their policies.
Web Analytics (Google Analytics)
We use Google Analytics with the _anonymizeIp() extension to shorten IP addresses within the EU/EEA before transfer. Google processes analytics data on our behalf to provide reports about site usage. This is based on our legitimate interest in analyzing and improving the website (Art. 6(1)(f) GDPR). You can prevent Google Analytics tracking by installing the Google Analytics opt-out browser add-on or by setting an opt-out cookie as described in Google’s documentation.
RETARGETING, REMARKETING AND AUDIENCE CREATION
We may use technologies such as the Facebook Pixel and Google remarketing to measure ad performance and to create anonymized audience segments for targeted advertising. These tools operate only with explicit consent where required (Art. 6(1)(a) GDPR). Data may be aggregated and used by the providers for their own advertising purposes; see the providers’ privacy policies for details and opt-out options.
DATA SUBJECT RIGHTS
You have the following rights under applicable data protection law:
- Right of access (Art. 15 GDPR): Request information about personal data we process about you, processing purposes, recipients, retention periods, and other details.
- Right to rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17 GDPR): Request deletion of personal data when lawful grounds apply, subject to exceptions.
- Right to restriction of processing (Art. 18 GDPR): Request restriction of processing in certain circumstances.
- Right to be informed (Art. 19 GDPR): We must notify recipients of corrections, deletions, or restrictions where applicable.
- Right to data portability (Art. 20 GDPR): Request a copy of your data in a structured, machine-readable format or transfer to another controller where technically feasible.
- Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time for future processing without affecting prior processing lawfulness.
- Right to lodge a complaint (Art. 77 GDPR): Complain to a supervisory authority in your EU member state of residence, place of work, or where the alleged breach occurred.
Right to Object
If we process your personal data based on legitimate interests, you may object to such processing at any time for reasons related to your particular situation. If you object, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or processing is required for legal claims. Where data is processed for direct marketing, you can object at any time and we will cease processing for that purpose immediately.
DATA RETENTION
We retain personal data as long as required to fulfill contractual obligations or to comply with legal retention periods (e.g., tax and commercial law). After those periods expire, data is routinely deleted unless further storage is necessary for contract fulfillment or we have a lawful basis to retain it.
CONTACT
If you have questions about our privacy practices or wish to exercise your data protection rights, please contact us at: info@isabelles-boutique.com