Privacy policy

Data protection

Duty to inform when collecting personal data from the data subject

1. Responsible person and contact details

The person responsible for the processing is LAIK GmbH (hereinafter responsible) and processes the data provided by the data subject (hereinafter the customer) in accordance with the provisions of the European General Data Protection Regulation (hereinafter GDPR).

The contact details of the person responsible are:
Messerschmittstrasse 3
82256 Fürstenfeldbruck, Germany
Phone +49 89 451046-70
we@laik.style

2. Data protection officer

The data protection officer of the person responsible is Anita Pfattner.
The contact details of the data protection officer are:
anita.pfattner@laik.style

3. Purpose and legal basis

The processing of the customer's personal data is necessary for the fulfillment of a contract to which the customer is a party or for the implementation of pre-contractual measures that take place at the customer's request. This applies in particular to the registration for the newsletter and the saving of product configurations. The legal basis for this processing is Art. 6 Para. 1 b) GDPR.

In the event that the customer uses the contact form or otherwise contacts the person responsible, in particular by email, telephone or post, the personal data will only be used to process his request. The legal basis for this processing is the customer's consent in accordance with Art. 6 Para. 1 a) GDPR.

In the other cases in which personal data is processed, the processing takes place to safeguard the legitimate interests of the person responsible, namely to analyze the use of the website with the help of web analysis tools (see point 4.3) or to identify faults or errors on the website to limit or eliminate. The legal basis for this processing is Art. 6 Para. 1 f) GDPR. The person responsible points out the customer's right of objection. The customer receives more information under point 9 of this declaration.

4. Recipient

The personal data of the customer, which are transmitted to the person responsible, are made available to the following recipients as follows:

4.1. Fulfill the contract or carry out pre-contractual measures

In order to fulfill the contract or to carry out pre-contractual measures, the personal data of the customer, which is transmitted to the person responsible, is made available to the following recipients:
- CRM software provider
- Databases + data hosting providers
- Email service provider
- IT service providers
- Web analysis software provider
- Web hosting providers
- banks
- tax authorities
- Manufacturers + producers
- logistics service provider
- Management service providers
- Payment service providers
- Tax consultant
- Telephone provider

Without the written consent of the customer, the personal data will not be made available to other third parties, unless this is required by law.

4.2. Payment methods

As part of payment, we collect certain personal data in order to process the payment process. We offer various payment methods to make the order as convenient as possible. These include the following services:

PayPal
We have integrated components from PayPal into our website. PayPal is an independent online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If you select “PayPal” as the payment option during the ordering process, the data of the person concerned will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data required for payment processing to PayPal.
The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that are necessary for payment processing. Personal data related to the respective order is also required to process the purchase contract. The purpose of transmitting the data is to process payments and prevent fraud. We transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reporting agencies. The purpose of this transmission is to check your identity and creditworthiness. PayPal may pass on the personal data to affiliated companies and service providers or subcontractors insofar as this is necessary to fulfill the contractual obligations or the data are to be processed on behalf of. You have the option to revoke your consent to the handling of personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing. PayPal's current privacy policy can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full can be accessed.

Shopify Payments
We also offer you to make your payments by credit card. In this case, we will transfer your data to Shopify Payments, which, as a service provider, compares your payment data with the respective credit institutions (Visa, Mastercard, etc.). Your credit card is charged through Shopify Payments. When paying by credit card, the following data is processed:

- Card type (Mastercard, VISA, etc.)
- Name of Cardholder
- card number
- check digit
- Validity period

    You can find more information about Shopify's data protection at www.shopify.de/legal/datenschutz

    4.3. Use of the contact form or as part of any other contact

    If the contact form is used, the personal data of the customer that is transmitted to the person responsible will be made available to the following recipients:
    - CRM software provider
    - Web hosting providers

    If you contact us by phone, the personal data of the customer that is transmitted to the person responsible will be made available to the following recipients:
    - Telecommunication providers

    If you contact us by email, the personal data of the customer that is transmitted to the person responsible will be made available to the following recipients:
    - CRM software provider
    - Email service provider

    If contact is made by post, the personal data of the customer that is transmitted to the person responsible will be made available to the following recipients:
    - CRM software provider

    Without the written consent of the customer, the personal data will not be made available to other third parties, unless this is required by law.

    4.4. YouTube

    Our website integrates videos from the Google-operated YouTube site. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages with a YouTube video, a connection to the YouTube servers will be established. The YouTube server is informed which of our pages you have visited.
    If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
    YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Paragraph 1 lit. f GDPR. You can find more information on handling user data in YouTube's data protection declaration at https://www.google.de/intl/de/policies/privacy.

    4.5. Social media

    We use social media plug-ins from the social networks Facebook, Instagram and Pinterest on our website. A social network is a social meeting place operated on the Internet, an online community that usually enables users to communicate with one another and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or company-related information. Among other things, Facebook enables users of the social network to create private profiles, upload photos and network via friend requests. Facebook
    Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. If a user lives outside the USA or Canada, the person responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our site. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/We have integrated components of the company Facebook on our website. When you visit our website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This enables Facebook to assign your visit to our website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Facebook. You can find more information on this in Facebook's privacy policy at https://www.facebook.com/about/privacy/. It also explains which setting options Facebook offers to protect your privacy. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook. If you do not want Facebook to be able to assign your visit to our website to your Facebook user account, please log out of your Facebook user account. Instagram
    We have integrated components of the Instagram service on the website. Instagram is a service that qualifies as an audiovisual platform and enables users to share photos and videos and also to disseminate such data in other social networks. The operating company for Instagram's services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. Every time one of the individual pages of this website is accessed, which is operated by the person responsible for processing and on which an Instagram component (Insta button) has been integrated, the Internet browser on the information technology system of the user is automatically triggered by the respective Instagram component to download a representation of the corresponding component from Instagram. As part of this technical process, Instagram receives information about which specific subpage of our website you are visiting. If you are logged in to Instagram at the same time, Instagram recognizes which specific subpage you have visited each time you visit our website and for the entire duration of your stay on our website. This information is collected by the Instagram component and assigned to the respective Instagram account of the user by Instagram. If you click one of the Instagram buttons integrated on our website, the data and information transferred with it will be assigned to your personal Instagram user account and saved and processed by Instagram. Instagram always receives information via the Instagram component that you have visited our website if you are logged into Instagram at the same time as you visit our website; this takes place regardless of whether you click on the Instagram component or not. If you do not want this information to be transmitted to Instagram, you can prevent this transmission by logging out of your Instagram account before calling up our website. Further information and the applicable data protection provisions of Instagram can be found at https://help.instagram.com/155833707900388 can be accessed. Pinterest
    We have integrated components of the Pinterest service on the website. Pinterest is operated by Pinterest Inc, 808 Brennan St, San Francisco, CA 94103, USA ("Pinterest"). Further information and Pinterest's applicable data protection provisions can be found at https://policy.pinterest.com/de/privacy-policy can be accessed.

    4.6. Google Web Fonts

    In order to integrate external fonts through Google Fonts, personal data of the customer is made available to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This website uses Google Fonts to integrate external fonts. Google provides the fonts. If the customer calls up this website, the required fonts are loaded into the customer's browser cache in order to display the texts and fonts correctly on the page. For this purpose, the information that is customary when a website is called up, in particular the customer's IP address and the referrer URL, is transmitted to a Google Ireland Limited server. The customer can obtain further information at https://developers.google.com/fonts/faq and in Google's privacy policy https://policies.google.com/privacy?hl=de. Without the written consent of the customer, the personal data will not be made available to other third parties, unless this is required by law.

    5. Cookies

    The person responsible uses cookies on various pages to make visiting his website attractive and to enable the use of certain functions. Cookies are small text files that are stored on the visitor's computer. Most of the cookies used by the person responsible are deleted from the visitor's hard drive at the end of the browser session (so-called session cookies). Other cookies remain on the visitor's computer and enable the person responsible to recognize the visitor's computer the next time they visit (so-called permanent cookies). Of course, the customer can refuse cookies at any time, provided the browser used allows this.

    6. Third country transfer

    When using Shopify, YouTube, Facebook, Instagram and Pinterest, personal data is transferred to the USA. You can find the addresses of the providers under point 4. 

    An adequacy decision by the European Commission is missing. However, all providers are members of the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at the URL: https://www.privacyshield.gov

    7. Storage period

    With the complete processing of the contract, which also includes the full payment of the agreed remuneration, the customer's data, which must be kept for legal reasons, is blocked. This data is no longer available for further use. After the legal reason no longer exists, this blocked data will be deleted.

    In the event that the customer uses the contact form or otherwise contacts the person responsible, the personal data will be used for the duration of the processing of the request. The data that must be kept for legal reasons will then be blocked. This data is no longer available for further use.

    The person responsible is subject to various storage and documentation obligations, which result from the Commercial Code (HGB) and the Tax Code (AO), among others. The periods for storage and documentation specified there are two to ten years.

    Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. Of the German Civil Code (BGB) can be usually three years, but in certain cases up to thirty years. Otherwise, the personal data will be deleted unless the customer has expressly consented to further processing and use of his data.

    The personal data that is saved to identify, isolate or eliminate malfunctions or errors on the website is deleted after seven days at the latest.

    8. Data protection rights

    Every customer has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to deletion under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability according to Article 20 GDPR. The restrictions according to Sections 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).

    The customer can find the legal texts here https://dsgvo-gesetz.de/

    Corresponding concerns are to be directed to we@laik.style or to the address given under point 1.

    9. Right to object and other rights

    If the customer has given his consent to the processing of the personal data concerning him for one or more specific purposes, the customer has the option of revoking the consent with effect for the future.

    In particular, the customer has the right to object to the processing of personal data for analysis of the website or to identify, limit or eliminate disruptions or errors on the website, to object to the processing at any time free of charge with effect for the future. For this purpose, an email to we@laik.style or to the address given under point 1 is sufficient.

    Without prejudice to any other administrative or judicial remedy, every person concerned has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their place of residence, their place of work or the place of the alleged infringement, if the person concerned is of the opinion that the processing of their personal data Data violates this regulation.

    A competent authority is e.g. the Hamburg Commissioner for Data Protection and Freedom of Information, Klosterwall 6 (Block C), 20095 Hamburg, Germany. The customer can also choose a different one.

    10. Obligation to provide data

    It is essential to provide the following data (mandatory information):

    10.1. Performance of the contract

    The specification of the following data is mandatory for the conclusion of a contract (mandatory information):
    - salutation
    - First and Last Name
    - Company (if available)
    - Address (street, house number, zip code, city, country)
    - phone number
    - E-mail address

    To use the newsletter and to save product configurations, it is essential to provide the following data:
    - E-mail address

    All other information is not required for the conclusion of the contract and is therefore voluntary.

    If the mandatory information required for the conclusion of the contract is not given, no contract will be concluded. Failure to provide the voluntary information has no influence on the conclusion of the contract.

    10.2. Using the contact form or processing any other request

    In order to process a general inquiry in the context of the contact form, it is essential to provide the following data (mandatory information):
    - First name
    - Surname
    - E-mail address
    - message

    In order to process an inquiry by telephone, it is essential to provide the following data (mandatory information):
    - Surname
    - phone number

    In order to process an inquiry by email, it is essential to provide the following data (mandatory information):
    - Surname
    - E-mail address

    In order to process a postal request, it is essential to provide the following data (mandatory information):
    - Surname
    - Address

    All other information is not required to process an inquiry and is therefore voluntary.
    If the mandatory information required to process a request is not provided, the contact request will not be processed. Failure to provide the voluntary information does not affect the processing of the request.

    10.3. Website analysis

    The specification of the following data is essential to identify, isolate or eliminate malfunctions or errors on the website (mandatory information):
    - IP address
    All other information is not required to identify, isolate or eliminate malfunctions or errors on the website and is therefore voluntary.
    If the mandatory information required to identify, isolate or eliminate malfunctions or errors on the website is not provided, this website cannot be used.

    11. Automated decision making

    There is no automated decision-making process including profiling.