Our aim is for you to feel comfortable on our website. The protection of your privacy and your personal rights are therefore important to us. Therefore, we would like to ask you to carefully read the following summary about how our website works. You can rely on transparent and fair data processing and we strive to handle your data carefully and responsibly.
The following data protection information is intended to inform you about how we use your personal data. In doing so, we adhere to the strict provisions of the UK’s Data Protection Act 2018 (DPA) as well as the requirements of the European General Data Protection Regulation (GDPR).
Responsible Person
The person responsible within the meaning of the DPA and GDPR is:
Autumn Leaves
[Insert Address]
United Kingdom
[insert email]
(hereinafter, “we”, “us”, “our” or “ Autumn Leaves”)
Scope of the processing of personal data
As a matter of principle, we only collect and use personal data from you insofar as this is necessary to provide a functional website and our content and services, e.g. when you register on our website or log in to an existing customer account or when you order products. The collection and use of your personal data regularly only takes place with your consent. An exception applies in cases where prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
The security of your personal data is a high priority for us. We therefore protect your data stored with us by technical and organisational measures in order to effectively prevent loss or misuse by third parties. In particular, our employees who process personal data are bound to data secrecy and must comply with it. To protect your personal data, it is transmitted in encrypted form; for example, we use SSL=Secure Socket Layer for communication via your Internet browser.
You can recognise this by the lock symbol that your browser displays when an SSL connection is established. In order to ensure the permanent protection of your data, the technical security measures are regularly checked and, if necessary, adapted to the state of the art. These principles also apply to companies that process and use data on our behalf and in accordance with our instructions.
Purposes of processing and legal basis
We collect, process and use your personal data for the following purposes:
- Establishment and performance of contractual relationships;
- Sending newsletters;
- Marketing measures;
- Customer satisfaction surveys and analyses;
- Product evaluations;
- Customer service and customer support;
- To process orders for our online range of goods.
The following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:
- Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
- Contract – This is where we process your information to fulfil a contractual arrangement we have made with you.
- Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
- Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
- Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.
Duration of storage and routine deletion of personal data
We process and store your personal data only for the period of time required to fulfil the purpose of storage or if this has been provided for, in laws or regulations. After the purpose has ceased to exist or has been fulfilled, your personal data will be deleted or blocked.
In the case of blocking, deletion will take place as soon as legal, statutory or contractual retention periods do not conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.
Collection of general data and information, so-called log files
If you visit our website for information purposes only, without providing personal data via registration or in any other way, only the Internet connection data that your browser transmits to our server will be processed. Our website collects a series of general data and information with each call, which is temporarily stored in log files of a server. A log file is created in the course of an automatic protocol of the processing computer system. The following can be recorded:
- Access to the website (date, time and frequency)
- How you arrived at the website (previous page, hyperlink etc.)
- Amount of data sent
- Which browser and browser version you are using
- The operating system you are using
- Which internet service provider you use
- Your IP address, which your Internet access provider assigns to your computer when you connect to the Internet
The legal basis for this data processing is our legitimate interest, as the collection and storage of this data is necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly.
In addition, the data serve us to optimise our website and to ensure the security of our IT systems and the processing is our legitimate interest. For this reason, the data is stored for a maximum of 7 days as a technical precaution.
We also use this data for the purposes of advertising, market research and to design our services to meet your needs by creating and evaluating user profiles under pseudonyms, but only if you have not exercised your right to object to this use of your data (see information on the right to object under “Your rights”).
Data processing upon ordering
When you place an order with us we process the data required for the conclusion and execution of a contract. This includes:
- First name, last name
- Billing and Shipping address
- E-mail address
- Billing and payment data
- Telephone number, if applicable
It is also possible for you to create a user account . For this purpose, you can choose a password together with your e-mail address, both of which will enable you to log in more easily without having to enter your data again when you make a purchase at a later date. We store the data you enter to set up a customer account through which your orders are recorded, executed and processed. We will also hold your data for further orders as long as you maintain your registration. You have the right to access, correct or delete your registration data at any time.
Contacting Us
If you contact us, the data you provide will be stored so that your message can be forwarded to the correct contact person. This is done to process your request. Your data provided via the contact form or e-mail will not be used for any other purposes, in particular not for advertising.
Newsletter
On our website you have the possibility to register for our newsletter. In order to exclude errors when entering your email address, we rely on the double opt-in procedure. After you have inserted your data and clicked on the registration button, we will send you a confirmation link. Only when you click on this link will your email address be added to our mailing list. You can revoke your consent at any time with effect for the future. To do so, simply unsubscribe from the footer of the newsletter email or send a short note via e-mail.
Social Media
Our website uses plug-ins from the social networks and platforms. The plug-ins are identified by the relevant social network or platform logo. By clicking on such a plug-in, you activate it and your browser establishes a direct connection to the relevant social network or platform servers. The content of the plug-in is transmitted by the relevant social network or platform directly to your browser and integrated into the page. In this way, the relevant social network or platform receives the information that your browser has called up the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to the relevant social network or platform server in the USA and stored there. If you are logged in to the relevant social network or platform, the relevant social network or platform can directly assign your visit to our website to your profile. In the event of interaction (e.g. pressing the “Like” button), this information is also transmitted directly to the relevant social network or platform server and stored there.
Disclosure of personal data to third parties
Your personal data will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of the DPA and GDPR.
a) Disclosure within affiliated companies
We pass on your personal data for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact us with questions, complaints or returns as well as other queries, they will also receive access to your order data in order to be able to process your request.
b)Disclosure to service providers
For the operation and optimisation of our website and our services and for the processing of contracts, various service companies work for us, e.g. for central IT services or the hosting of our website, for the payment and delivery of products or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g. name, address).
Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.
In contrast to order processing, in the following cases we transmit data to third parties for their own use in order to process the contract:
- In the case of delivery of goods to our postal service provider specified when the order was placed.
- In the case of payment for goods to our payment service provider specified when the order was placed.
We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider.
c) Disclosure to other third parties
We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g. due to official or court orders, or if we are entitled to do so, e.g. because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.
Data transfer to third countries
If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of personal data in accordance with the DPA and GDPR and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g. by concluding standard contracts and additional guarantees, supplementary technical and organisational measures such as encryption or anonymisation).
Storage period of your personal data
We adhere to the principles of data minimisation and data economy. This means that we only store the data you provide to us for as long as is necessary to fulfil the aforementioned purposes or as specified by the various storage periods provided for by law. If the respective purpose ceases to apply or after the relevant periods have expired, your data will be routinely blocked or deleted in accordance with the statutory provisions.
Your rights
Of course, you have rights with regard to the collection of your data, which we are pleased to inform you of herewith. If you would like to make use of one of the following free rights, a simple message to us will suffice. For your own protection, we reserve the right, in the case of an existing enquiry, to obtain further information necessary to confirm your identity and, if identification is not possible, to refuse to process the enquiry.
a) Right to information
You have the right to request information and/or copies of the personal data stored about you.
b) Right to rectification
You have the right to request that personal data relating to you be corrected and/or completed without delay.
c) Right to object to processing
You have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing.
d) Right to erasure
You have the right to request the erasure of your personal data stored by us, unless the exercise of the right to freedom of expression and information, the processing is necessary for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
e) Right to information
Where you have exercised the right to rectification, erasure or restriction of processing, we will notify all recipients to whom personal data relating to you has been disclosed of such rectification or erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
f) Right to data portability
You have the right to have personal data that you have provided to us handed over to you or to a third party in a structured, common and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
g) Right of objection
Insofar as your personal data are processed on the basis of legitimate interests , you have the right to object to the processing at any time.
If we process your for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
h) Right to withdraw consent
You have the right to cancel your consent to the collection of data at any time with effect for the future. The data collected until the cancellation becomes legally effective will remain unaffected. Please understand that the implementation of your cancellation may take a little time for technical reasons and that you may still receive messages from us in the meantime.
i) Right to complain to a supervisory authority
If the processing of your personal data violates data protection law or if your data protection rights have otherwise been violated in any way, you may complain to the supervisory authority.
You can also exercise your rights of rectification and deletion most quickly, easily and conveniently by logging into your customer account and directly editing or deleting your data stored there.
j) Automated decision making including profiling
You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.
Hosting
We use the shop system of the service provider WooCommerce , for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on WooCommerce’s servers. As part of WooCommerce’s aforementioned services, data may also be transferred to WooCommerce as part of further processing on our behalf. In the event that data is transferred to WooCommerce Inc.
Automated decision-making and profiling
We do not use automation for decision-making and profiling.
Accuracy
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Children Data
Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
Content Delivery Network
For the purpose of a shorter loading time, we use a so-called Content Delivery Network (“CDN”) for some offers. With this service, content, e.g. large media files, are delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. Our service providers work for us within the framework of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
Changes
In order to ensure that our privacy policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy has to be adapted due to new or revised offers or services.
Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.