Privacy Policy

PRIVACY POLICY OF COTTON-BAY.COM

1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE DATA CONTROLLER

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data in this context are all data with which you can be personally identified.

1.2 The controller for data processing on this website in terms of the General Data Protection Regulation (GDPR) is cotton-bay.com. The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

2) DATA COLLECTION WHEN VISITING OUR WEBSITE

When you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which are technically necessary for us to display the website to you:

  • The visited website
  • Date and time at the moment of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • Used IP address (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) COOKIES

To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process individual user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

Partially, cookies are used to simplify the ordering process by storing settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If personal data are also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

We may work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we cooperate with aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case below.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) CONTACTING US

When you contact us (e.g., via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, then additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after final processing of your inquiry; this is the case if it can be inferred from the circumstances that the concerned matter is finally clarified and provided that there are no legal storage obligations to the contrary.

5) DATA PROCESSING FOR THE PURPOSE OF OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING

Pursuant to Art. 6 (1) lit. b GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deleting your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the data controller. We store and use the data provided by you for contract processing. After completion of the contract or deletion of your customer account, your data will be blocked in respect of tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

6) USE OF YOUR DATA FOR DIRECT MARKETING

6.1 Subscription to our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you our newsletter based on your consent according to Art. 6 (1) lit. a GDPR, using the data required or disclosed by you separately for this purpose. You can unsubscribe from the newsletter service at any time. For this purpose, you can either send a message to the contact option specified above or use a link provided in the newsletter. Upon unsubscription, we delete your email address from the newsletter distribution list immediately, unless you have expressly consented to the further use of your data or we reserve the right to further use your data in cases permitted by law and about which we inform you in this declaration.

6.2 Sending the Email Newsletter to Existing Customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services, such as those already purchased, from our range by email. We do not need to obtain separate consent from you for this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6 (1) lit. f GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled at any time to stop the use of your email address for the above-mentioned advertising purpose, with immediate effect. For this, you can send a message to the contact option specified above or use a link provided in the promotional email. This does not incur any costs other than the transmission costs according to the basic tariffs. Following receipt of your objection, the use of your email address for advertising purposes will immediately cease.

7) DATA PROCESSING FOR ORDER PROCESSING

7.1 To process your order, we work together with the following service provider(s), who support us wholly or partly in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution as part of the payment processing, if this is necessary for payment handling. If payment service providers are used, we explicitly inform you of this below. The legal basis for the transfer of data is Art. 6 (1) lit. b GDPR.

7.2 Use of Payment Service Providers (Payment Services)

  • PayPal

    When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - 'purchase on account' or 'payment by instalments' via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place according to Art. 6 (1) lit. b GDPR and only insofar as this is necessary for payment processing.

    For the payment methods credit card via PayPal, direct debit via 

    PayPal or - if offered - 'purchase on account' or 'payment by instalments' via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment to decide on the provision of the respective payment method. The credit information can include probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, are included in the calculation of the score values. Further information on data protection law, including the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full.

    You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

    • SOFORT

      If you select the payment method "SOFORT", the payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we pass on the information you provided during the order process together with information about your order in accordance with Art. 6 (1) lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary for this purpose. You can find more information about SOFORT's data protection policy at the following internet address: https://www.klarna.com/sofort/privacy-policy/.

    8) REMINDER FOR REVIEWS

    Your email address will be used to remind you to submit a review of your order for the review system used by us, provided you have given us your explicit consent to do so during or after your order according to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time by sending a message to the controller responsible for data processing.

    9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS

    9.1 Facebook Plugins with Shariff Solution

    Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

    To increase the protection of your data when visiting our website, these buttons are not fully integrated as plugins but only using an HTML link. This form of integration ensures that no connection is established with the servers of Facebook when a page of our website containing such buttons is accessed. When you click on the button, a new browser window opens and calls up the Facebook page, where you can interact with the plugins there (if necessary, after entering your login data).

    The purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your related rights and setting options for the protection of your privacy, can be found in Facebook's privacy policy: https://www.facebook.com/policy.php.

    9.2 Google+ Plugins as Shariff Solution

    [Similar structure for other social media plugins]

    10) ONLINE MARKETING

    10.1 Google AdWords Conversion Tracking

    This website uses the online advertising program "Google AdWords" and, as part of Google AdWords, conversion tracking by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google AdWords to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google AdWords). Through the data of the advertising campaigns, we can determine how successful the individual advertising measures are. This is done to show you advertisements that are of interest to you, to make our website more interesting for you, and to achieve a fair calculation of advertising costs.

    The conversion tracking cookie is set when a user clicks on an AdWords advertisement placed by Google. Cookies are small text files that are stored on your computer system. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

    Every Google AdWords customer receives a different cookie. Therefore, cookies cannot be tracked through AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users. If you do not wish to participate in tracking, you can block this usage by disabling the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics. The storage of "conversion cookies" and the use of this tracking tool are based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior to optimize both our web offer and our advertising.

    Google LLC, based in the United States, is certified for the US-European data protection agreement "Privacy Shield," which ensures compliance with the level of data protection applicable in the EU.

    More information about Google AdWords and Google Conversion Tracking can be found in Google's privacy policy: https://www.google.de/policies/privacy/.

    You can set your browser to inform you about the setting of cookies and decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general. Disabling cookies may limit the functionality of our website.

    11) WEB ANALYTICS SERVICES

    Google (Universal) Analytics

    This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

    This website uses Google Analytics exclusively with the extension "_anonymizeIp()". This extension ensures anonymization of the IP address by shortening it and rules out direct personal reference. Through the extension, your IP address will be previously shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

    You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

    As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in the future (this opt-out cookie works only in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): Disable Google Analytics.

    Google LLC, based in the United States, is certified for the US-European data protection agreement "Privacy Shield," which ensures compliance with the level of data protection applicable in the EU.

    More information on handling user data by Google Analytics can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

    This website also uses Google Analytics for a cross-device analysis of visitor streams, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data," "Personal data."

    12) RIGHTS OF THE DATA SUBJECT

    The applicable data protection law grants you comprehensive rights (rights of access and intervention) with respect to the processing of your personal data, about which we inform you below:

    • Right of access by the data subject pursuant to Art. 15 GDPR
    • Right to rectification pursuant to Art. 16 GDPR
    • Right to erasure ("right to be forgotten") pursuant to Art. 17 GDPR
    • Right to restriction of processing pursuant to Art. 18 GDPR
    • Right to be informed pursuant to Art. 19 GDPR
      • Right to data portability pursuant to Art. 20 GDPR
      • Right to withdraw consent given pursuant to Art. 7 (3) GDPR
      • Right to lodge a complaint pursuant to Art. 77 GDPR

      13.2 RIGHT TO OBJECT

      IF, WITHIN THE FRAMEWORK OF A BALANCE OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

      IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

      IF YOUR PERSONAL DATA IS PROCESSED BY US TO CONDUCT DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

      IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

      14) DURATION OF STORAGE OF PERSONAL DATA

      The duration of the storage of personal data is determined by the respective legal retention period (e.g., commercial and tax retention periods). After the expiry of this period, the corresponding data is routinely deleted, provided it is no longer necessary for the fulfillment of the contract or the initiation of a contract and/or there is no longer any legitimate interest on our part in the further storage.

      15) EXTERNAL LINKS

      Our website may contain links to external websites operated by third parties, over whose content we have no control. Therefore, we cannot assume any liability for this external content. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal content was not recognizable at the time of linking. However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. Upon notification of violations, we will remove such links immediately.

      This privacy policy is subject to changes and updates to reflect new legal requirements or changes in our processes of data collection and use. Users are encouraged to regularly review the policy for any updates.