Privacy Policy

Welcome to Budget Breeze! Our aim is for you to feel comfortable on our website. The protection of your privacy and your personal data are very important to us. As such, we would like to ask you to carefully read this Privacy Policy before submitting Personal Data to us.

 

You can rely on transparent and fair data processing, and we strive to handle your data carefully and responsibly in accordance with applicable data protection law as well as the requirements of the General Data Protection Regulation (GDPR).

 

Our Principles:

Budget Breeze respects your right to privacy and is committed to the following key principles:

 

  • We protect your privacy and aim to provide you with a service that is tailored to your needs.
  • Personal data is collected for specific purposes based on your consent or a legitimate interest when you contact us.
  • You have the right to information and access to your personal data at any time and may request its correction or deletion.
  • We do not sell your personal data to third parties. However, if necessary and if explicitly mentioned we may share your data with our partners and other service providers when carrying out our services.
  • We take all reasonable measures to ensure the security and protection of your data from misuse.

 

This Privacy Policy explains how and for what purposes we use information collected about you through our website at www.dotdshop.com.

 

Scope of the processing of personal data

As a matter of principle, we only collect and use personal data from you insofar as this is necessary to provide a functional website and our content and services, e.g., when you register on our website or log in to an existing customer account or when you order products. The collection and use of your personal data regularly only takes place with your consent. An exception applies in cases where prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.

 

Personal data are processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its contents and the services offered there.

 

Security

The security of your personal data is a high priority for us. We therefore protect your data stored with us by technical and organizational measures in order to effectively prevent loss or misuse by third parties. In particular, our employees who process personal data are bound to data secrecy and must comply with it. To protect your personal data, it is transmitted in encrypted form; for example, we use SSL=Secure Socket Layer for communication via your Internet browser. You can recognise this by the lock symbol that your browser displays when an SSL connection is established. In order to ensure the permanent protection of your data, the technical security measures are regularly checked and, if necessary, adapted to the state of the art. These principles also apply to companies that process and use data on our behalf and in accordance with our instructions.

 

Purposes of processing and legal basis

We collect, process and use your personal data for the following purposes:

 

  • Establishment and performance of contractual relationships;
  • Marketing measures;
  • Customer satisfaction surveys and analyses;
  • Product evaluations;
  • Customer service and customer support;
  • To process orders for our online range of goods.

 

The processing of your personal data may be based on the following legal grounds:

 

  • 6 (1) lit. a GDPR serves as our legal basis for processing operations where we obtain your consent for a specific processing purpose;
  • 6 (1) lit. b GDPR, insofar as the processing of personal data is necessary for the performance of a contract, e.g., if you purchase a product. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in the case of enquiries about our products or services;
  • 6 (1) lit. c GDPR, insofar as we are subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations; and
  • 6 (1) lit. f GDPR applies on the basis of our legitimate interests, e.g., when using service providers as part of order processing, such as shipping service providers or when carrying out statistical surveys and analyses and logging registration procedures. Our interest is directed towards the use of a user-friendly, appealing, and secure presentation as well as optimization of our website, which serves our business interests as well as meeting your expectations.

Your data subject rights

  1. a) Information

Upon request, we will provide you at any time and free of charge with information about all personal data that we have stored about you.

 

  1. b) Correction, deletion, restriction of processing (blocking), objection

If you no longer agree with the storage of your personal data or if this data has become incorrect, we will arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible according to the applicable law) on the basis of a corresponding instruction. The same applies if we are only to process data in a restrictive manner in the future. You have the right to object in particular in cases where your data is required for the performance of a task that is in the public interest or in our legitimate interest, as well as profiling based on this. You also have such a right of objection in the event of data processing for the purpose of direct advertising.

 

  1. c) Right to revoke consent with effect for the future

You may revoke your consent at any time with effect for the future. Your revocation will not affect the lawfulness of the processing up to the time of revocation.

 

  1. d) Data portability

If data is processed on the basis of a contract, pre-contractual negotiations, consent or with the help of automated procedures, you have the right to data portability. Upon request, we will provide you with your data in a common, structured and machine-readable format so that you can transfer the data to another data controller if you wish.

 

  1. f) Exercise of your data subject rights and right of appeal

To assert these rights, please contact us. The same applies if you have questions about data processing in our company.

 

Duration of storage and routine deletion of personal data

We process and store your personal data only for the period of time required to fulfil the purpose of storage or if this has been provided for, in laws or regulations. After the purpose has ceased to exist or has been fulfilled, your personal data will be deleted or blocked.

 

In the case of blocking, deletion will take place as soon as legal, statutory, or contractual retention periods do not conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.

 

Data processing

The individual data concerned, processing purposes, legal bases, recipients and, where applicable, transfers to third countries are listed below:

 

  1. a) Hosting

To provide our website, we use the services of Shopify International Limited. Shopify processes the below-mentioned data and all data to be processed in connection with the operation of this website (log file when visiting the website) on our behalf.  As part of Shopify's services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf.  The legal basis for the data processing is our legitimate interest in providing our website in accordance with Art. 6 Para. 1 f) GDPR.

 

  1. b) Log file during website visit

We and Hosting Ireland, log your website visit. In doing so, we process:

 

  • Name(s) of our accessed website(s),
  • date and time of the access,
  • the amount of data transferred,
  • the browser type and version,
  • the operating system you use,
  • the referrer URL (the previously visited website),
  • your IP address,
  • the requesting provider.

 

The legal basis for data processing is our legitimate interest in the ongoing provision and security of our website in accordance with Art. 6 Para. 1 f) GDPR. The log file is deleted after seven days, unless it is needed to prove or clarify specific legal violations that have become known within the retention period.

 

  1. c) Cookies

When you visit our website, we may store information on your computer or device in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard disk. Only the internet protocol address is stored, no personal data.

 

This information, which is stored in the cookies, allows us to automatically recognise you the next time you visit our website, making it easier for you to use. The legal basis for the use of cookies is your consent in accordance with Art. 6 para. 1 a) GDPR as well as our legitimate interest in accordance with Art. 6 para. 1 f) GDPR. If you want to learn more about the cookies we use please read our Cookie Policy and if you want to learn more about Cookies in general please visit All About Cookies.

 

  1. d) Contacting us

If you contact us using our contact form, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details -if provided by you- and your message.

 

The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations in accordance with Art. 6 Para. 1 b) GDPR. and/or our legitimate interest in processing your enquiry in accordance with Art. 6 Para. 1 f) GDPR.

 

  1. e) Registration

On our website, we offer you the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. Registration is necessary in order to set up your customer account, which you can use to place orders and services. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of pre-contractual measures and is based on the provision of a contractual matter in accordance with Art. 6 Para. 1 b) GDPR. You can delete your customer account at any time on our website.

 

  1. f) Storage of data in the user account

For the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen, depending on the individual case. You can store this data in your user account. In addition, we use your data to maintain our customer database so that only accurate data is stored there. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it.

 

Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfil our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary for the conclusion of the contract with you in accordance with Art. 6 Para. 1 b) GDPR and is therefore based on the provision of a contractual matter.

 

  1. g) Guest order

You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order.

 

We collect, process and use the information you provide in the context of a guest order for the purpose of executing the contract in accordance with the provision of a contractual matter in accordance with Art. 6 Para. 1 b) GDPR. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes.

 

  1. h) Order confirmation/dispatch confirmation

In order to process the contract and provide you with our services, for example the web shop or to send you a package for which a fee is charged, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary for the conclusion of the contract with you and is based on the provision of a contractual matter in accordance with Art. 6 Para. 1 b) GDPR.

 

  1. i) Dispatch due to the sale of goods

If you purchase goods or services on our website, we may send you information on our own similar goods to your specified e-mail address even without your consent. The legal basis for this data processing is our legitimate interest in accordance with Art. 6 Para. 1 f) GDPR., because advertising related products and services by way of direct advertising represents a legitimate interest for us as the provider of this website. You may object to the processing of your personal data for the purpose of direct advertising at any time. We will then refrain from further processing for such purposes. You can send us your objection as described below. In addition, you can object to the sending of such newsletters at any time in the future without giving reasons by unsubscribing via the unsubscribe link at the end of each newsletter or by contacting us in any other way.

 

  1. j) Other

Based on a legal obligation in accordance with Art. 6 Para. 1 c) GDPR. and our legitimate interest in accordance with Art. 6 Para. 1 f) GDPR., we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behavior on our website, e.g., to maintain data security in the event of attacks on our IT systems. This also takes place insofar as we are legally obliged to do so, for example due to official or court orders, and for the exercise of our rights and claims as well as for legal defense.

 

  1. k) Credit/Debit Cards Payments

If you choose to use the Credit/Debit Cards payment method, payment will be processed through the payment system of Shopify Payments, as part of Shopify's services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. Shopify Payments allows payment via all major credit card formats and, depending on the region, additional payment methods. The individual payment methods offered through Shopify Payments will be disclosed to you on our website.

 

When payments are made via Shopify Payments, your payment data (e.g., payment amount, information on the payment method used, details of the payee) as well as your confirmation that the payment data is correct will be collected and processed by Shopify for the purpose of making the payment in accordance with Art. 6 (1) lit. b of the GDPR and transmitted to the credit institution commissioned with the payment. This processing only takes place insofar as it is actually necessary for the execution of the payment. Shopify then authenticates the payment via the authentication procedure stored for you at your credit institution.

 

  1. l) PayPal

If you choose to use PayPal payment will be processed through the payment system of PayPal. If you have selected PayPal Express as your method of payment, it is necessary for PayPal to transmit the following personal data to PayPal (Europe) S.á.r.l. & Cie, S.C.A. in order to process your payment:

 

  • Total amount of the order
  • Reference on the PayPal account.
  • your e-mail address of the PayPal account.
  • Encrypted PayPal account number
  • E-mail address
  • First and last name
  • Delivery address

 

  1. m) Apple Pay

Apple Pay uses security functions integrated into the hardware and software of your device to protect your transactions. For the release of a payment, the entry of a code previously defined by you as well as the verification by means of the "Face ID" or "Touch ID" function of your terminal device is therefore required. For the purpose of payment processing, the information you provide during the booking process, together with information about your booking, is passed on to Apple in encrypted form. If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) b) GDPR.

 

  1. n) Google Pay

If you select Google Pay for payment processing, we will transmit the payment details a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via Google Pay, without us having any further possibility to influence it and the legal basis is Art. 6 (1) b) GDPR for payment processing.

 

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.

 

Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.

 

You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

 

Legal defense and enforcement of our rights

The legal basis for the processing of your personal data in the context of legal defense and enforcement of our rights is our legitimate interest.

 

The purpose of processing your personal data in the context of legal defense and enforcement of our rights is the defense against unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

 

The processing of your personal data in the context of legal defense and enforcement is mandatory for legal defense and enforcement of our rights. Consequently, there is no possibility for you to object.

 

Disclosure of personal data to third parties

Your personal data will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of data protection law.

 

For the operation and optimization of our website and our services and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the payment and delivery of products or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).

 

Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.

 

In contrast to order processing, in the following cases we transmit data to third parties for their own use in order to process the contract.

 

We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider.

 

We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.

 

Data transfer to third countries

If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of personal data and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g., by concluding standard contracts and additional guarantees, supplementary technical and organizational measures such as encryption or anonymization).

 

Data processing for the purpose of fraud prevention and optimization of our payment processes

Where applicable, we provide our service providers with further data, which they use together with the data necessary for the processing of the payment as our processors for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, processing of contested payments, accounting support). This serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests.

 

Analysis of our website

We use programs on our website to measure the reach of our website and to analyze user behavior. For this purpose, we use cookies and comparable technologies.

 

Shopify Statistics

We use the Shopify Statistics feature on our website. This allows us to measure the reach of our website and provides us with statistical analysis of visitor behavior on our website. The data is processed on servers of Shopify, which we have commissioned with the processing.

 

The legal basis for the data processing in connection with the Shopify statistics function is our legitimate interest in the analysis of user behavior on our website and the possible design according to requirements. You can object to this processing at any time in the cookie settings.

 

Automated decision-making

We do not use automated decision-making or profiling.

 

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

 

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

 

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us.