Privacy policy

Privacy Policy for Scented Winter (scentedwinter.de, scentedwinter.com)

Introduction

The protection of your personal data is important to us, Mojico UG (limited liability) (hereinafter "we" or "us"). This privacy policy explains how we collect, use, share, and protect your personal data when you visit and use our shop (scentedwinter.de, scentedwinter.com).

1. Controller

The controller for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) is:
Mojico UG (limited liability)
Firstalmstraße 9
81539 Munich
Germany
Email: info@mojico.eu
Phone: +49 8912133334

2. Collection and Use of Personal Data

2.1 Website Visit

When you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which are technically necessary for us to display the website to you:

  • The website visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way.

2.2 Orders

We collect, store, and process your personal data (e.g., name, address, phone number, email address) only to the extent necessary for processing your order, delivering the goods, and processing the payments.

2.3 Payment Service Providers

To process orders, we share your data with payment service providers. The following data may be shared: name, address, email address, phone number, payment information, and order data. The payment service providers we use are:

2.4 Contact Form and live chat

Data transmitted via the contact form, including your contact details, will be stored to process your request or to be available for follow-up questions. This data will not be shared without your consent.

The processing of the data entered into the contact form is based exclusively on your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time. An informal email making this request is sufficient. The legality of the data processing operations carried out before the revocation remains unaffected by the revocation.

Data transmitted via the contact form will remain with us until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains. Mandatory statutory provisions – especially retention periods – remain unaffected.

Use of Shopify Inbox

We use Shopify Inbox to facilitate communication with our customers. Shopify Inbox stores and processes personal data that you provide to us during the communication process. This data is used solely for the purpose of responding to your inquiries. For more information on data processing by Shopify, please refer to the Shopify Privacy Policy.

2.5 Cookies

Our shop uses cookies. Cookies are small text files that are stored on your device and contain certain information. You can restrict or disable the use of cookies in your browser. However, this may limit the functionality of our shop. The use of cookies is explained in a cookie banner that obtains your consent to the use of cookies where legally required.

2.6 Web Analytics Tools

We use web analytics tools to analyze and improve the use of our shop. These tools also use cookies to collect and evaluate data about your use of our shop. The data collected includes click rates, incomplete purchases, browser used, operating system version, and your IP address.

2.6.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses cookies to enable an analysis of your use of our shop. The information generated by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics uses IP anonymization, where your IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

To fully comply with the statutory data protection requirements, we have entered into a data processing agreement with Google.

You can prevent the setting of cookies by your web browser. Some features of our website may be limited as a result. You can also prevent the collection of data generated by cookies about your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Our website uses the “demographic features” function of Google Analytics. This allows reports to be generated that contain statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising by Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can disable this function at any time via the ad settings in your Google account or by generally prohibiting the collection of your data by Google Analytics as described in the section “Objection to data collection.”

For more information about Google Analytics' privacy practices, please visit: https://policies.google.com/privacy.

2.6.2 Meta (Facebook/Instagram)

We use analysis tools from Meta (Facebook Pixel and Instagram) to analyze and improve the use of our shop.

When the Meta Pixel is used on a website, the following data may be collected and transmitted to Meta:

  1. Page Views: Information about which pages were visited.
  2. Product Views: Data about which products were viewed.
  3. Content Interactions: Clicks on links, buttons, or other interactive elements.
  4. Purchases: Information on completed purchases, including product details and purchase amounts.
  5. Cart Actions: Data on items added to or removed from the shopping cart.
  6. Checkout Information: Data related to the checkout process, such as whether it was started or abandoned.
  7. Search Queries: Search terms entered by users.
  8. User-Specific Data: Customer click ID and customer agent ID, which can be used to identify individual users.
  9. Device Information: Information about the device, operating system, and browser being used.
  10. IP Address: The user's IP address, which can be used for geographic location purposes.
  11. Cookies: Information collected through cookies to track user activities.

These tools use cookies to collect and evaluate data about your use of our shop. You can object to the collection of this data: https://www.facebook.com/settings?tab=ads.

For more information about Meta's privacy practices, please visit: https://www.facebook.com/policy.php.

2.7 Google AdWords and Google Conversion Tracking

Our website uses Google AdWords. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

AdWords is an online advertising program. As part of the online advertising program, we work with conversion tracking. After clicking on a Google ad, a conversion tracking cookie is set. Cookies are small text files that your web browser stores on your device. Google AdWords cookies expire after 30 days and are not used for personal identification of users. Google and we can recognize from the cookie that you clicked on an ad and were redirected to our website.

Each Google AdWords customer receives a different cookie. The cookies are not traceable through the websites of AdWords customers. Conversion cookies are used to generate conversion statistics for AdWords customers who use conversion tracking. AdWords customers find out how many users clicked on their ad and were redirected to pages with a conversion tracking tag. However, AdWords customers do not receive information that personally identifies users. If you do not want to participate in tracking, you can object to its use. In this case, the conversion cookie must be deactivated in the user settings of the browser. This way, you will not be included in the conversion tracking statistics.

The storage of “conversion cookies” is based on Art. 6(1)(f) GDPR. We as website operators have a legitimate interest in analyzing user behavior to optimize both our website and our advertising.

For details on Google AdWords and Google Conversion Tracking, please refer to Google's privacy policy: https://www.google.de/policies/privacy/.

With a modern web browser, you can monitor, restrict, or prevent the setting of cookies. Disabling cookies may result in limited functionality of our website.

2.8 Social Media Plugins

Our shop uses social media plugins from Facebook, Instagram, TikTok, Twitter, Reddit, and Google. These plugins allow you to share and comment on content from our shop on the respective platforms. When you activate a plugin, your browser can establish a direct connection to the servers of the respective provider and transmit data about your use of our shop to these providers.

2.9 Plugins

To ensure the functionality of our website, we may use various Shopify plugins. These plugins may also collect and process personal data. The use of these plugins is in the context of fulfilling our contractual obligations and improving the user-friendliness of our shop.

2.10 IP Address

When you visit our website, your IP address is collected and processed. The IP address is needed to enable communication between your device and our server and for security reasons.

2.11 TSL/ SSL Encryption

Our website is protected by an TSL/ SSL certificate, which ensures secure and encrypted transmission of your data.

2.12 Use of Google reCAPTCHA

To protect your orders via the internet form, we use the reCAPTCHA service of Google Inc. (Google). The query serves to distinguish whether the input is made by a human or abusively by automated, machine processing. The query includes the transmission of the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and used there. Further information on Google's privacy policy can be found at: https://policies.google.com/privacy.

2.13 Auto-Address Completion

Our shop uses Google's auto-address completion feature to make filling out forms easier for you. Your entered data (e.g., address information) will be transmitted to and processed by Google to provide appropriate suggestions. This data processing is carried out in accordance with Google's privacy policy. Further information on Google's privacy policy can be found at: https://policies.google.com/privacy.

2.14 User Account and Registration

If you create a user account in our shop and log in, you will be redirected to a Shopify page where you need to provide your email address. A verification code will be sent to your email address. After entering this code, you will be logged in. No password is required. We collect and store your email address and any other necessary data for registration. Your user account allows you to log in to our shop, place orders, and track your orders.

In your user account, you can also store addresses, phone numbers, order details, and payment information (such as credit card information). This data allows you to process future orders more quickly and easily. The data of your user account is stored on Shopify servers.

Legal basis: The processing of your data is based on Article 6(1)(b) GDPR for the performance of a contract or pre-contractual measures.

Retention period: Your data is stored as long as your user account is active. You can delete your account at any time by sending us an informal email to info@mojico.eu, using the contact form, or requesting deletion under GDPR. This will also delete your data unless there are statutory retention requirements.

Your rights: You have the right to access, correct, delete, and restrict the processing of your data as well as the right to object to the processing. You can revoke your consent at any time with effect for the future.


2.15 Use of TikTok Analytics and Pexels

Our shop uses TikTok Analytics to analyze and improve the usage of our online services. TikTok Analytics collects data on visitor interactions with our website, such as page views, click behavior, and time spent. This data is evaluated in an anonymized form and is used solely for statistical purposes to tailor our content to visitor interests. Additionally, we use the image and video database Pexels for providing visual content. No personal data is transmitted to Pexels. For more information on data privacy at TikTok Analytics and Pexels, please refer to the respective platforms.

2.16 DSers

We use DSers to manage and process our orders. DSers is a service provider that enables efficient management of orders. The following data may be processed: name, address, email address, order data, and payment information. The use of DSers is within the scope of fulfilling our contractual obligations and improving the user-friendliness of our shop.

Further information on DSers' privacy policy can be found at:  https://www.dsers.com/privacy.

2.17 Newsletter

To send our newsletter, we need your email address. Verification of the specified email address is necessary, and receipt of the newsletter must be consented to. Additional data is not collected or is voluntary. The use of the data is solely for sending the newsletter. The data will be used exclusively for sending the newsletter and for notifications regarding incomplete purchases.

The data provided during the newsletter registration will be processed exclusively based on your consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time. An informal message by email or using the “unsubscribe” link in the newsletter is sufficient for the revocation. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data entered for the purpose of subscribing to the newsletter will be deleted upon your cancellation. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.

We can send you newsletters if you have given your consent. For this, we use the Shopify Email service. The data is stored on Shopify's servers. In the context of the newsletter registration, we collect your email address and any other information you voluntarily provide. You can revoke your consent to the storage of the data and its use for sending the newsletter at any time. Each newsletter contains an appropriate unsubscribe link. Alternatively, you can send us your revocation by email to info@mojico.eu.

2.18 Optional Advertising Consent

If you check the corresponding box, you give us the following consent:

I consent to Mojico UG (limited liability) regularly sending me information about promotions, products, and general information about the Scented Winter online shop of Mojico UG (limited liability) by email.

We store your data for the purpose of sending the newsletter based on your consent and delete the data when you unsubscribe.

2.19 Email Communication and Automated Emails

We process your personal data to send you important information regarding your orders and account usage. This includes order confirmations, shipping information, invoices, and notifications about your order status.

Please note that email communication is not always secure. While we take measures to protect your data, emails can be accessed by unauthorized third parties during transmission. We recommend that you do not send sensitive information via email.

Automated Emails: We may send automated emails to remind you of incomplete orders or to provide you with information related to contract processing, such as order confirmations and shipping information. These emails may also be sent by third-party providers such as the supplier or the shipping company.

Legal Basis: The processing of your data is based on Article 6(1)(b) GDPR for the performance of a contract or pre-contractual measures, as well as on Article 6(1)(f) GDPR to protect our legitimate interests.

Your Rights: You have the right to access, rectify, delete, and restrict the processing of your data, as well as the right to object to the processing. You can revoke your consent at any time with effect for the future.

2.20 Use of Judge.me

We use the review platform Judge.me, provided by Judge.me Ltd, c/o Buckworths, 1-3 Worship Street, London EC2A 2AB, United Kingdom. This tool allows us to collect, display, and manage customer reviews to improve the quality of our products and services.

Processed Data:

  • Customer name
  • Email address (for review verification)
  • Order details (for associating reviews)
  • Review content (e.g., star rating, comments)
  • IP address (to prevent abuse)

Purpose of Data Processing:

The data is processed to display authentic reviews on our website and improve customer satisfaction. Reviews help other users make informed purchasing decisions.

Legal Basis:

The processing of data is based on Article 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the transparent presentation of customer opinions and the optimization of our offerings.

Storage Duration:

Data is stored only as long as necessary for the aforementioned purposes, unless legal retention periods apply.

Right to Withdraw:

You can object to the processing of your data at any time. To do so, please email us at info@mojico.eu. Additionally, you can contact Judge.me directly to request the deletion of your data.

For more information, please refer to Judge.me’s privacy policy at: https://judge.me/privacy.


2.21 Facebook and Instagram Plugins

We use plugins from the social networks Facebook and Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These plugins may collect the following data: page and product views, items added to and removed from the shopping cart, search terms, customer click ID, customer agent ID, payment information, checkout initialization, and purchase data. This information is used to analyze and improve the use of our shop and to deliver personalized advertising on Facebook and Instagram. For more information on Meta's privacy policies, please visit: https://www.facebook.com/policy.php.

2.22 Use of hCaptcha

To protect our website and prevent spam and abuse, we use the hCaptcha service (provider: Intuition Machines, Inc.). hCaptcha helps us determine whether data input on our websites is conducted by a human or automated programs. For this purpose, hCaptcha analyzes various information, such as IP address, the visitor’s time spent on the website, and mouse movements. This data is used exclusively for securing our website and is not utilized for advertising purposes. For more information on data privacy with hCaptcha, please visit: https://www.hcaptcha.com/privacy.

3. Data Sharing with Third Parties

3.1 External Service Providers

To process your orders, we work with external service providers who process your personal data on our behalf. These service providers are contractually obligated to treat your data confidentially and to use it only within the scope of the services provided.

3.2 International Data Transfers

We may transfer your personal data to recipients in countries outside the European Economic Area (EEA), including China. These transfers are only made to the extent necessary to fulfill your order and provide our services. We ensure that appropriate safeguards are in place to protect your data, such as the European Commission's standard contractual clauses.

4. Legal Bases of Data Processing

The processing and sharing of your personal data are based on Article 6(1)(b) GDPR, as it is necessary for the performance of a contract to which you are a party. In certain cases, processing is also based on your consent in accordance with Article 6(1)(a) GDPR.

5. Retention Period

Your personal data is only stored for as long as necessary to fulfill the purposes for which it was collected or as required by law.

6. Your Rights

You have the right to obtain information about the personal data we process, as well as the right to request the correction or deletion of your data. You can request the restriction of the processing of your data and object to the processing. You also have the right to revoke your consent at any time with effect for the future. The revocation does not affect the legality of the processing carried out based on the consent until the revocation. Furthermore, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for data protection issues is the data protection officer of the federal state in which our company is based. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

7. Data Security

We take all necessary technical and organizational measures to protect your personal data from loss, unauthorized access, manipulation, and destruction.

8. Hosting of the Shop

Our store is hosted by Shopify Inc., whose servers may be located in the EU or various countries, including the USA and Canada. Shopify ensures an adequate level of data protection through the European Commission's standard contractual clauses. More information can be found in Shopify's privacy policy: https://www.shopify.com/legal/privacy.

Additionally, we use the Data Processing Agreement (DPA) with Shopify to ensure that your data is handled in accordance with GDPR requirements: https://www.shopify.com/legal/dpa.

9. Domain Provider and Email Services

Our domain is provided by GoDaddy: https://www.godaddy.com/legal/agreements/privacy-policy.

We use Gmail, Outlook, and iCloud Mail for email services. The emails are operated over the mojico.eu domain and are managed by IONOS. We have a Data Processing Agreement (DPA) with IONOS: https://www.ionos.com/terms-gtc/terms-privacy/.

10. Changes to this Privacy Policy

We reserve the right to change this privacy policy at any time. The current version is always available on our website.

Contact

For inquiries or to exercise your rights, please use our contact form or contact us at:

Mojico UG (limited liability)
Firstalmstraße 9
81539 Munich
Germany
Email: info@mojico.eu
Phone: +49 8912133334

Date: 11.06.2024

This privacy policy was created taking into account the current requirements of the GDPR and provides comprehensive information on the collection, processing, and sharing of personal data as well as the rights of data subjects.