Privacy Policy

1. INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE RESPONSIBLE PARTY

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data by which you can be personally identified.

1.2 The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is willowandgraceboutique.com. The responsible party for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

2. DATA COLLECTION WHEN VISITING OUR WEBSITE

When you use our website purely for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

• Our visited website

• Date and time at the time of access

• Amount of data sent in bytes

• Source/reference from which you came to the page

• Browser used

• Operating system used

• IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used in any other way. However, we reserve the right to subsequently check the server log files if there are specific indications of illegal use.

3. COOKIES

To make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they collect and process specific user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

In some cases, the cookies are used to simplify the ordering process by storing settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

We may work with partners who help us measure and improve our website and marketing. For this purpose, technologies from partner companies may also be used when you visit our website. If we work with such partners, you will be informed individually and separately about the use and the scope of the information collected within the following paragraphs.

Please note that you can set your browser to inform you about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find these for the respective browsers at the following links:

• Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

• Firefox: https://support.mozilla.org/en/kb/cookies-erlauben-und-ablehnen

• Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en

• Safari: https://support.apple.com/kb/ph21411?locale=en_US

• Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be restricted.

4. CONTACTING US

When you contact us (e.g. via contact form or email), personal data is collected. The data collected in the case of a contact form can be seen from the respective contact form. This data is stored and used solely for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, then the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your request has been fully processed, provided the circumstances indicate that the matter in question has been clarified and there are no legal retention requirements that oppose this.

5. DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING

In accordance with Art. 6 para. 1 lit. b GDPR, personal data is collected and processed if you provide it to us for the execution of a contract or when opening a customer account. The data collected can be seen from the respective input forms. Deleting your customer account is possible at any time and can be done by sending a message to the aforementioned responsible party. We store and use the data you provide to us for contract processing. After the contract has been fully processed or your customer account has been deleted, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved a legally permitted further use of your data, which we will inform you of below.

6. USE OF YOUR DATA FOR DIRECT ADVERTISING

6.1 Newsletter Subscription

If you subscribe to our email newsletter, we will send you regular information about our offers. The only mandatory information required to send the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. To send the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an email newsletter after you have expressly confirmed that you consent to receiving newsletters. We will then send you a confirmation email asking you to confirm by clicking on a corresponding link that you wish to receive the newsletter in the future.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When you register for the newsletter, we save your IP address as registered by the Internet Service Provider (ISP) as well as the date and time of registration in order to trace possible misuse of your email address at a later time. The data we collect when you register for the newsletter is used exclusively for promotional purposes through the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the responsible party mentioned at the beginning. After you unsubscribe, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we have reserved the right to use your data in a legally permitted manner, about which we inform you in this statement.

6.2 Newsletter to Existing Customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range via email. In this case, we do not need to obtain separate consent from you. The data processing is carried out solely based on our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f GDPR. If you initially objected to the use of your email address for this purpose, no email will be sent from us. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible party mentioned at the beginning. For this, you will only incur transmission costs according to the basic rates. After receiving your objection, the use of your email address for advertising purposes will be immediately discontinued.

7. DATA PROCESSING FOR ORDER PROCESSING

7.1 The personal data we collect will be shared with the transport company responsible for delivery to the extent necessary for delivering the goods. We also share your payment data with the assigned credit institution or payment processor for payment processing when required. The legal basis for sharing data in this context is Art. 6 (1) lit. b GDPR.

8. CONTACTING CUSTOMERS FOR REVIEW REMINDERS

Personal review reminders (not sent via customer review systems):
We use your email address to send you a one-time reminder to leave a review of your order via our review system, provided you have given your explicit consent during or after placing your order according to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time by sending a message to the data controller.

9. USE OF SOCIAL MEDIA: SOCIAL PLUGINS

9.1 Facebook Plugins using the Shariff Solution:
On our website, social plugins ("plugins") from Facebook are used, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). To protect your data, these buttons are not fully integrated as plugins but are merely linked using HTML. This ensures that no connection to Facebook servers is made when visiting our website. Only when you click on the button will a new browser window open and load Facebook's page, where you can interact with the plugins after entering your login details. For more details on Facebook's data collection, processing, and usage, and your rights and options to protect your privacy, please refer to Facebook's privacy policy: https://www.facebook.com/policy.php

9.2 Instagram Plugin using the Shariff Solution:
On our website, we use social plugins ("plugins") from the online service Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram"). To protect your data, these buttons are not fully integrated as plugins but are linked using HTML. This ensures that no connection to Instagram servers is made when visiting our website. Only when you click on the button will a new browser window open and load Instagram's page, where you can interact with the plugins after entering your login details.

For details regarding the purpose and scope of data collection, further processing, and the use of data by Instagram, as well as your rights and options for protecting your privacy, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/

10. TRACKING AND ATTRIBUTION WITH WETRACKED

We use wetracked.io to measure website performance and attribute purchases and other actions to marketing activities. This can include information about your interaction with our website, such as pages visited, events (e.g., add to cart, purchase), and technical information (e.g., device and browser information). This processing only takes place if you have given your explicit consent. The legal basis is Art. 6 para. 1 lit. a GDPR.

You can withdraw your consent at any time with future effect via your cookie settings. Further information about data processing by wetracked.io can be found in their privacy policy: https://www.wetracked.io/privacy-policy

11. RETARGETING / REMARKETING / RECOMMENDATION ADVERTISING

Facebook Custom Audience via the Pixel Method

This website uses the "Facebook Pixel" of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). In the case of an explicit consent, this allows for tracking user behavior after they have seen or clicked on a Facebook advertisement. This procedure serves to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and can help optimize future advertising measures.

The data collected is anonymous to us, providing no conclusions about the identity of the users. However, the data is stored and processed by Facebook, allowing a connection to the respective user profile, and Facebook can use the data for its own advertising purposes, in accordance with Facebook's data usage policy: https://www.facebook.com/about/privacy/

You can enable Facebook and its partners to display advertisements on and off Facebook. A cookie may also be stored on your computer for these purposes. These processing activities only occur if you have given explicit consent in accordance with Art. 6 (1) lit. a GDPR.

Consent to the use of the Facebook Pixel may only be given by users who are older than 13 years. If you are younger, please ask your guardians for permission.

To deactivate the use of cookies on your computer, you can set your internet browser to prevent cookies from being stored on your computer in the future or to delete cookies that have already been stored. Disabling all cookies may result in some functions on our internet pages no longer being executable. You can also disable the use of cookies by third parties like Facebook at the following website of the Digital Advertising Alliance: https://www.aboutads.info/choices/

12. RIGHTS OF THE DATA SUBJECT

12.1 The applicable data protection law grants you comprehensive rights (access and intervention rights) regarding the processing of your personal data by the controller, which we inform you about below:

• Right of Access pursuant to Art. 15 GDPR

• Right to Rectification pursuant to Art. 16 GDPR

• Right to Erasure pursuant to Art. 17 GDPR

• Right to Restriction of Processing pursuant to Art. 18 GDPR

• Right to Notification pursuant to Art. 19 GDPR

• Right to Data Portability pursuant to Art. 20 GDPR

• Right to Withdraw Consent pursuant to Art. 7 (3) GDPR

• Right to Lodge a Complaint pursuant to Art. 77 GDPR

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS WITHIN A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE PERSONAL DATA CONCERNED. FURTHER PROCESSING IS RESERVED ONLY IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA CONCERNING SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE PERSONAL DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13. DURATION OF STORAGE OF PERSONAL DATA

The duration of storage of personal data is determined by the respective statutory retention period (e.g., commercial and tax retention periods). After the retention period has expired, the corresponding data will be routinely deleted, unless they are no longer required for the fulfillment of the contract or the initiation of a contract and/or we have no legitimate interest in further storage.