Privacy policy

1) Introduction and Contact Details of the Data Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data refers to all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Valentin Schneider, Vintagefeels., Winnweg 26, 66386 St. Ingbert, Germany, Phone: 017645984529, E-Mail: vintagefeels.official@gmail.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

The webpage visited
Date and time of access
Amount of data sent in bytes
Source/referral from which you accessed the page
Browser used
Operating system used
IP address used (where applicable: in anonymised form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used for any other purpose. We do, however, reserve the right to review server log files retrospectively if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string "https://" and the padlock symbol in your browser bar.

3) Cookies

To make visiting our website more attractive and to enable the use of certain features, we use cookies — small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called "session cookies"); others remain on your device for longer and allow page settings to be saved (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings overview of your web browser.

Where personal data is also processed by individual cookies we use, the processing is carried out pursuant to Art. 6(1)(b) GDPR for the performance of a contract, pursuant to Art. 6(1)(a) GDPR in the case of consent given, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a user-friendly and effective design of the page visit.

You can configure your browser to notify you about the use of cookies and to decide individually whether to accept them, or to exclude the acceptance of cookies in certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contact

When you contact us (e.g. via contact form or e-mail), personal data is processed exclusively for the purpose of handling and responding to your enquiry and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your enquiry pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted once the relevant matter has been conclusively resolved, provided there are no statutory retention obligations to the contrary.

5) Data Processing for Order Fulfilment

5.1 To the extent necessary for contract performance for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned financial institution pursuant to Art. 6(1)(b) GDPR.

Where we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data you provided at the time of ordering in order to inform you personally as part of our statutory duty to provide information pursuant to Art. 6(1)(c) GDPR. Your contact data is used strictly for the purpose of communications regarding updates owed by us and is processed by us for this purpose only to the extent necessary for the relevant notification.

For the processing of your order, we also work with the service provider(s) listed below, who support us in whole or in part in the performance of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

5.2 To fulfil our contractual obligations to our customers, we work with external shipping partners. We pass on your name and delivery address and, where necessary for delivery, your telephone number, exclusively for the purpose of delivering goods pursuant to Art. 6(1)(b) GDPR to a shipping partner selected by us.

5.3 Gelato

For order processing we use the following service provider: Gelato Sweden AB, c/o Epicenter, Mäster Samuelsgatan 36, 111 57 Stockholm, Sweden

Name, address and, where applicable, further personal data are passed on to the service provider pursuant to Art. 6(1)(b) GDPR exclusively for the purpose of processing the online order. Your data is only transferred to the extent actually necessary for the processing of the order.

5.4 Use of Payment Service Providers

- Apple Pay

If you choose the payment method "Apple Pay" provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the "Apple Pay" function on your iOS, watchOS or macOS device by charging a payment card stored in "Apple Pay". Apple Pay uses security features built into the hardware and software of your device to protect your transactions. To authorise a payment, you are required to enter a code previously set by you and to verify using the "Face ID" or "Touch ID" function of your device.

For the purpose of payment processing, the information you provided during the order process, along with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay to execute the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. Once payment has been made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm successful payment.

Where personal data is processed in the transmissions described, processing is carried out exclusively for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.

Apple retains anonymised transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was completed successfully. Anonymisation fully excludes any personal reference. Apple uses the anonymised data to improve "Apple Pay" and other Apple products and services.

When you use Apple Pay on iPhone or Apple Watch to complete a purchase made via Safari on a Mac, the Mac and the authorisation device communicate via an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac".

Further information on data protection at Apple Pay can be found at the following address: https://support.apple.com/de-de/HT203027
- Klarna

One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you select a payment method where you pay in advance (e.g. credit card payment), your payment data provided during the order process (including name, address, bank and payment card details, currency and transaction number) as well as information about the contents of your order will be passed on to the provider pursuant to Art. 6(1)(b) GDPR. Your data is transferred in this case exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method where the provider pays in advance (e.g. purchase on account, instalment purchase or direct debit), you will also be asked during the order process to provide certain personal data (first name and surname, street, house number, postcode, town, date of birth, e-mail address, telephone number and, where applicable, details of an alternative means of payment).

In order to safeguard our legitimate interest in assessing the creditworthiness of our customers, this data will be forwarded by us pursuant to Art. 6(1)(f) GDPR to the provider for the purpose of a credit check. The provider assesses, on the basis of the personal data you have provided as well as further data (such as shopping basket, invoice amount, order history, payment experience), whether the payment method you have selected can be granted with regard to payment and/or default risks.

For the purposes of the application assessment, in addition to provider-internal criteria, identity and credit information from the following credit reference agencies may also be included pursuant to Art. 6(1)(f) GDPR:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). Where score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical method. Address data, among other things, is included in the calculation of score values.

You may object to the processing of your data at any time by sending a message to us or to the provider. However, the provider may remain entitled to process your personal data if this is necessary for the contractual processing of payments.
- PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method where you pay in advance, your payment data provided during the order process (including name, address, bank and payment card details, currency and transaction number) as well as information about the contents of your order will be passed on to the provider pursuant to Art. 6(1)(b) GDPR. Your data is transferred in this case exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method where we pay in advance, you will also be asked during the order process to provide certain personal data (first name and surname, street, house number, postcode, town, date of birth, e-mail address, telephone number and, where applicable, details of an alternative means of payment).

In order to safeguard our legitimate interest in assessing your creditworthiness in such cases, this data will be forwarded by us pursuant to Art. 6(1)(f) GDPR to the provider for the purpose of a credit check. The provider assesses, on the basis of the personal data you have provided as well as further data (such as shopping basket, invoice amount, order history, payment experience), whether the payment method you have selected can be granted with regard to payment and/or default risks.

One or more online payment methods from the following provider are available on this website: Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden

6) Data Subject Rights

6.1 Applicable data protection law grants you the following data subject rights (rights of access and intervention) against the controller with regard to the processing of your personal data, whereby reference is made to the cited legal basis for the respective conditions of exercise:

Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to notification pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent granted pursuant to Art. 7(3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

6.2 RIGHT TO OBJECT

WHERE WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS IN ACCORDANCE WITH OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME WITH FUTURE EFFECT ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. CONTINUED PROCESSING REMAINS RESERVED, HOWEVER, WHERE WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR WHERE THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

WHERE YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

7) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the applicable legal basis, the purpose of processing and — where relevant — additionally by the applicable statutory retention period (e.g. retention periods under commercial and tax law).

Where personal data is processed on the basis of express consent pursuant to Art. 6(1)(a) GDPR, the data concerned is stored until you withdraw your consent.

Where statutory retention periods apply to data processed in the context of contractual or quasi-contractual obligations on the basis of Art. 6(1)(b) GDPR, such data is routinely deleted after expiry of the retention periods, provided it is no longer required for the performance or initiation of a contract and/or there is no longer a legitimate interest on our part in continued storage.

Where personal data is processed on the basis of Art. 6(1)(f) GDPR, such data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, such data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise indicated by the other information in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.