DATA PROTECTION

Preamble

With the following data protection declaration we would like to inform you about the type, scope and purpose of the collection, processing and storage of your personal data when using the website "https://www.malandracachaca.com" (hereinafter also referred to as "website") offered by Malandra UG, Birkenstraße 22, 10559 Berlin (hereinafter also referred to as "Malandra", "we", "us"). The protection of your personal data during the collection, processing and storage of this data on the occasion of your visit to our website is an important concern for us.

 

 

1. Responsible for data collection

Responsible for the collection, processing and storage of your personal data under the application of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (hereinafter also "DSGVO") is: 

 

Malandra UG

Birkenstraße 22

10559 Berlin

 

E-mail: datenschutz@malandracachaca.com

 

 

2. Personal data and their processing

This privacy policy relates to the collection, processing and storage of personal data within the scope of your use of the website offered by Malandra. Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person. Depending on the extent to which you use the website offered by us, different data is collected, processed and stored.

 

2.1 Personal data provided by the user

We collect, process and store your personal data when you access our website.

 

- Log files

In order to enable you to make optimum use of our website, Malandra collects data on your use of our website, so-called "website log files" (hereinafter also referred to as "log files"). Every access to our website is therefore logged.

 

The log files created from this contain the following data:

 

- Your IP address;

- Time, type and number of requests;

- Name and URL of the file accessed;

- Website from which the access was made (referrer URL);

- Your browser type and, if applicable, other similar information.

 

The collection and processing of the information stored in the log files is used only for anonymous evaluation for statistical purposes. This data cannot be assigned to you as a specific person. This data is not merged with other data sources.

 

The legal basis for the collection and processing of your personal data is Article 6 (1) lit. f DSGVO. Please also note the information on your rights to the protection of your personal data under section V. of this privacy policy.

 

- Contact form

If you would like to contact us, you can send your request directly to us via the "Contact" button. In doing so, we collect, process and store your e-mail address, your first and last name and, if applicable, other personal data transmitted by you. We collect, process and store this data only to the extent necessary to process your request and to ensure the security of our systems.

 

The legal basis for the collection and processing of your personal data is Article 6 (1) lit. f DSGVO. Please also note the information on your rights to the protection of your personal data under section V. of this privacy policy.

 

- Contact by e-mail

If you would like to contact us, you can also send your request directly to us by e-mail using the corresponding button. Clicking on the corresponding button will open your e-mail program. We collect, process and store your e-mail address and, if applicable, other personal data transmitted by you. We collect, process and store this data only to the extent necessary to process your request and to ensure the security of our systems.

 

The legal basis for the collection and processing of your personal data is Article 6 (1) lit. f DSGVO. Please also note the information on your rights to the protection of your personal data under section V. of this privacy policy.

- E-mail Newsletter

On our website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask will be transmitted to us.
For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy. There is no transfer of data to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.


The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The collection of the user's e-mail address is used to deliver the newsletter.


The data will be deleted as soon as they are no longer necessary to achieve the purpose of their collection. Accordingly, the user's e-mail address will be stored as long as the subscription to the newsletter is active. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. This also enables revocation of consent to the storage of personal data collected during the registration process. After unsubscribing, we will delete your e-mail address, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

 

The newsletter is sent as part of a processing on our behalf by a service provider to whom we pass on your e-mail address for this purpose.


This service provider is located in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

 

What it says in our newsletter: Our newsletter is for anyone who wants to get the latest from Malandra Cachaça in their inbox. We will send you information as soon as our products are available for purchase.

 

What you need to know about shipping and statistics: 

- We send the newsletter with the provider Ascend from WIX.com, which stores your email address and also other data for sending and analyzing the newsletters. You can read Ascend's privacy policy here.

- Double-Opt-In and Opt-Out: If you have signed up for the newsletter, you will receive another mail in which you have to confirm the registration (sometimes end up in advertising folders). Please confirm this mail, otherwise we are not allowed to send you any mail (Double-Opt-In). You can unsubscribe from the newsletter at any time.

- Statistics: Ascend provides data for us that shows which links readers* click on most often or whether the mails are opened. We use this information exclusively to make the newsletter more relevant and better for you.

- Shop
Under the button "Shop" you have the possibility to order the products offered on our website. When you order the products offered on our website, we collect, process and store the following personal data:

- Your first and last name;
- Your e-mail address;
- Your address;
- If applicable, your telephone number (optional information);

- Your date of birth (to verify your age);
- Your payment data.

 

We use the data provided by you in the context of an order exclusively for the processing of the contract. The legal basis for the collection and processing of your personal data is Article 6 (1) lit. b or f DSGVO. Please also note the information on your rights to the protection of your personal data under Section V. of this privacy policy.

 

- Summary

When using the content offered under our web presence, we therefore collect and process the following personal data provided by you as a user, depending on the extent of your use:

 

Whenever you use our web presence:

 

- Log files;

 

If you contact us or place an order:

 

- Your e-mail address;

- Your first and last name.

- Your address;
- If applicable, your telephone number (optional);

- Your date of birth (to verify your age), only for orders in our online store;
- Your payment data.

 

The legal basis for the collection and processing of the data provided by you and mentioned above is Article 6(1) lit. f DSGVO. Please also note the information on your rights to the protection of your personal data under section V. of this privacy policy.

 

2.2 Processing of personal data by third parties

Malandra works with the following external service providers to offer you the content contained on our website and to process your data securely and efficiently.

 

- Web hoster

Malandra is hosted on the Wix.com platform. Wix.com provides us with the online platform through which we can sell our products and services to you. Your data may be stored through Wix.com's data store, databases, and general Wix.com applications. They store your data on secure servers behind a firewall. Privacy policy of Wix.com can be found at: https://de.wix.com/about/privacy 

 

All direct payment gateways offered by Wix.com and used by our company comply with PCI-DSS standards administered by the PCI Security Standards Council, a joint initiative of brands such as Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our online store and its service provider.

 

- Processing your order
As part of processing your order, we work with the following service providers to securely and efficiently process orders received. In order to process your order, the data collected by us will be transmitted to the transport company commissioned with the delivery of the ordered products, in this case DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany, insofar as this is necessary for the delivery of the ordered products to the address specified by you. For more information on the protection of your data by DHL Paket GmbH, please visit https://www.dhl.de/de/toolbar/footer/datenschutz.html. Exclusively for the purpose of processing your payment, we transmit your payment data at your choice either when paying by credit card to Stripe Payments Europe, Ltd, 1 Grand Canal Street Tower, Grand Canal Dock, Dublin, Ireland. Payment data is not stored by Malandra itself. The legal basis for the transfer of personal data provided by you is Article 6 (1) lit. b or f DSGVO. For more information on data protection when using the services offered by Sofort GmbH, please visit https://www.sofort.com/payment/wizard/getCmsContent/data_protection/DE/0/de. If necessary, your payment data must be transmitted to Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA for the processing of your payments by Stripe Payments Europe. Stripe is certified for the so-called "EU-US Privacy Shield", which is intended to ensure that data transfer to the USA complies with the data protection regulations of the European Union. More information about the "EU-US Privacy Shield" is available here: https://www.privacy-shield.gov/welcome. You can find more information about the corresponding certificate from Stripe here: https://stripe.com/privacy-shield-policy. You can find Stripe's privacy policy at https://stripe.com/de/privacy#translation.

 

- Further use of personal data by third parties

Personal data collected in the course of your use of our website will only be processed by Malandra and third parties listed in this privacy policy. Beyond that, Malandra does not pass on personal data to other third parties. Personal data will only be passed on to other third parties in the exceptional case that Malandra is obliged to pass on the collected data due to an official or court order.

2.3 Purpose of the collection, processing and storage of your personal data

We initially collect, process and store your personal data to the extent that this is technically necessary for the provision of our website. By collecting, processing and storing your personal data, we can ensure the security of our website, and we also ensure that our content can be offered to you efficiently and conveniently. In order to be able to adapt our web presence to the constantly changing technical environment and the constantly changing security situation, we also use your personal data to constantly improve our web presence. Finally, we collect, process and store your personal data in order to process the order placed by you and to handle the corresponding contracts.

 

2.4 Duration of storage and deletion of personal data

Your data stored in log files as well as data that you have transmitted to Malandra within the framework of the contact form or by means of your e-mail inquiry will be deleted when they are no longer required to fulfill the purpose for which they were stored. Your personal data collected and processed in the context of an order will be stored as long as necessary for the complete execution of the contract and then deleted.

 

In addition, your personal data will be deleted after you revoke any consent you may have given to store it.

 

Excluded from the deletion remain data whose correction, blocking or deletion is contrary to legal, statutory or contractual retention periods, as well as data that is required for the establishment, content or amendment of a contractual relationship with us or must be stored for billing purposes.

3. Cookies

Malandra uses so-called cookies. These are small pieces of text information that are stored on your terminal device by your browser. Thus, the collection of cookies makes it easier for you to use our services and enables us to better understand your user behavior and to offer content and services tailored to your needs. Malandra uses so-called technically necessary cookies. Some elements of Malandra require that the browser used by you can be identified even after a page change. The purpose of processing these technically necessary cookies is to simplify the use of our website for you as a user. The data stored by cookies includes, among other things, your product selection stored in the shopping cart or the temporary storage of your response to the legally required age query (under/over 18 years). The legal basis for the collection and processing of the data collected and processed by means of the cookies is Article 6 (1) lit. f DSGVO. All cookies are stored on your computer for a predetermined period of time and transmitted to Malandra by your browser. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. However, Malandra hereby draws your attention to the fact that it cannot then be ruled out that some contents of the website may not be usable or not usable in full.

 

4. Use and application of Google (Universal) Analytics (with anonymization function) for web analysis
Insofar as you have given your consent to this in accordance with Art. 6 (1) p. 1 lit. a DSGVO, this website uses Google (Universal) Analytics for the purpose of website analysis. The web analytics service is provided by Google Ireland Limited, a company incorporated and operated under the laws of Ireland, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de). Google (Universal) Analytics uses methods that enable analysis of your use of the website, such as cookies. The information automatically collected about your use of this website is usually transferred to a Google server in the USA and stored there. By activating IP anonymization on this website, the IP address is shortened before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser within the scope of Google Analytics is generally not merged with other Google data. After the end of the purpose and the end of the use of Google Analytics by us, the data collected in this context will be deleted.

Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

 

You can revoke your consent at any time with effect for the future by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. This will prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google.

 

Alternatively to the browser plugin, you can <a href=""javascript:gaOptout()"">click this link</a> to prevent the collection by Google Analytics on this website in the future. This will place an opt-out cookie on your terminal device. If you delete your cookies, you will be asked again to give your consent.

 

5. Online marketing and social media

 

5.1 Google Maps
This website uses Google Maps to visually display geographical information. Google Maps is a service of Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to protect our legitimate interests in an optimized presentation of our offer as well as an easy accessibility of our locations, which prevail in the context of a balancing of interests according to Art. 6 para. 1 p. 1 lit. f) DSGVO.


When using Google Maps, Google transmits or processes data about the use of the Maps functions by website visitors, which may include in particular the IP address and location data. We have no influence on this data processing.


Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.


To deactivate the Google Maps service and thus prevent the transfer of data to Google, you must deactivate the Java Script function in your browser. In this case, Google Maps cannot be used or can only be used to a limited extent. Further information about data processing by Google can be found in Google's privacy policy. The terms of use for Google Maps contain detailed information about the map service. Data processing is carried out on the basis of an agreement between jointly responsible parties pursuant to Art. 26 DSGVO, which you can view here.

 

5.2 Social media

- Use of social plugins from Facebook, Instagram, using the Shariff solution.

Social buttons from social networks are used on our website.

This serves to protect our legitimate interests in an optimal marketing of our offer, which prevail in the context of a balancing of interests, in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO. In order to increase the protection of your data when visiting our website, these buttons are not unrestricted plug-ins, but are only integrated into the page using an HTML link. This integration ensures that when you call up a page of our website that contains such buttons, no connection is yet established with the servers of the provider of the respective social network.

 

If you click on one of the buttons, a new window of your browser opens and calls up the page of the respective service provider, on which you can (if necessary after entering your login data) e.g. activate the Like or Share button.

 

For the purpose and scope of the data collection and the further processing and use of the data by the providers on their pages, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to the privacy notices of the providers:

https://www.facebook.com/policy.php

https://help.instagram.com/155833707900388

 

- Our online presence on Facebook, Youtube, Instagram, LinkedIn.

Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. We provide information there about our products and ongoing special promotions.


When visiting our online presences on social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used on your terminal device for this purpose. In these cookies, the visitor behavior and the interests of the users are stored. This serves according to Art. 6 para. 1 lit. f. DSGVO to protect our legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties, which prevail in the context of a balancing of interests. If you are asked by the respective social media platform operators for consent (agreement) to the data processing, e.g. by means of a checkbox, the legal basis for the data processing is Art. 6 (1) lit. a DSGVO.


Insofar as the aforementioned social media platforms have their headquarters in the USA, the following applies: For the USA, there is an adequacy decision of the European Commission. This goes back to the EU-US Privacy Shield. A current certificate for the respective company can be viewed here.


For detailed information on the processing and use of data by the providers on their sites, as well as a contact option and your rights and setting options in this regard to protect your privacy, in particular objection options (opt-out), please refer to the privacy notices of the providers linked below. If you still require assistance in this regard, you can contact us.

Facebook: https://www.facebook.com/about/privacy/

The data processing takes place on the basis of an agreement between jointly responsible parties pursuant to Art. 26 DSGVO, which you can view here.
Further information on data processing in the context of visiting a Facebook fan page (information on Insights data) can be found here.

Google/ YouTube: https://policies.google.com/privacy?hl=de

Instagram: https://help.instagram.com/519522125107875

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Option to object (opt-out):

Facebook: https://www.facebook.com/settings?tab=ads

Google/ YouTube: https://adssettings.google.com/authenticated?hl=de

Instagram: https://help.instagram.com/519522125107875

LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

 

6. Legal basis for the processing of your data

The collection, processing and storage of your personal data is carried out in accordance with the DSGVO and in accordance with the relevant provisions of Union law and national law.

 

Insofar as the collection, processing and storage is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures that are carried out at your request, Article 6 (1) lit. b DSGVO is the legal basis for the collection, processing and storage of your personal data.

 

Insofar as the collection, processing and storage of personal data is necessary to comply with a legal obligation under Union law or national law to which Malandra is subject, Article 6(1)(c) DSGVO serves as the legal basis for the collection, processing and storage of your personal data.

 

If the collection, processing and storage of your personal data is necessary to protect a legitimate interest of Malandra or a third party and your interests, fundamental rights and freedoms do not override the former interest, Article 6(1) lit. f DSGVO serves as the legal basis for the collection, processing and storage of your personal data.

 

If none of these legal provisions is relevant, the collection, processing and storage of your personal data will only take place after your separate consent. If necessary, you give this explicitly when visiting the services offered by Malandra under our website by a short separate electronic confirmation. Insofar as Malandra obtains your separate consent for the processing operations of personal data, Article 6 (1) lit. a DSGVO serves as the legal basis for the collection, processing and storage of your personal data.

 

Please also note the information on your rights to the protection of your personal data under section V. of this privacy policy.

7. Your rights for the protection of your personal data

In accordance with the GDPR and in accordance with the relevant provisions of Union law and national law, you have the following rights to the extent of the respective provision:

 

Right of access

You may request confirmation from Malandra as to whether personal data concerning you is being collected, processed and stored by Malandra. If such collection, processing and storage exists, you may request from Malandra, among other things, information about the purposes for which the personal data are collected and processed and the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, about criteria for determining the duration of storage.

 

Please address your written request for information to:

 

Malandra UG

Birkenstrasse 22

10559 Berlin

 

E-mail: datenschutz@malandracachaca.com

 

Right to rectification and completion

If the personal data collected and processed concerning you is incorrect or incomplete, you have a right against Malandra to have your personal data corrected and/or completed.

 

Right to restriction of processing

You may request the restriction of the processing of personal data concerning you.

 

Right to erasure

You may request Malandra to delete the personal data concerning you without undue delay. Malandra may be obliged to delete such data without undue delay if the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed or, if you have withdrawn your consent to which the collection, processing and storage relates. The right to erasure does not exist, inter alia, to the extent that the processing is necessary for compliance with a legal obligation that requires the collection and processing under the law of the Union or the member states to which Malandra is subject and to the extent that the collection and processing is necessary for the assertion, exercise or defense of legal claims.

 

Right to data portability

You have the right to receive the personal data concerning you that you have provided to us as data controller in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to another controller, without hindrance from the controller to whom the personal data was provided.

 

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the collection and processing of personal data concerning you which is carried out on the basis of Article 6(1) lit f. DSGVO, to object.

 

Right to revoke the declaration of consent

If you have consented to us collecting and processing your personal data, you have the right to revoke your declaration of consent under data protection law at any time.

 

Right to complain to a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the collection and processing of personal data concerning you violates the GDPR.

 

8. Other

As the services offered evolve and new technologies are implemented, Malandra reserves the right to update this Privacy Policy at any time. Malandra therefore asks you to regularly take note of the privacy policy available here.

Last update: May 2020