Privacy Policy | The Happiness Fairy

1) Introduction and contact details of the controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data refers to all data that can be used to identify you personally.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Sabine Heide Schumacher, Adele Rethymno, Tachy. Thyrida 636, GR-74100 Rethymno Crete, Greece, Phone.: 0030-694-2595207, Email: info@thehappinessfairy.com. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data collection when visiting our website

When you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

• Our visited website

• Date and time of access

• Amount of data sent in bytes

• Source/reference from which you accessed the site

• Browser used

• Operating system used

• IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for any other purpose. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

3) Hosting & Content Delivery Network

3.1 Wix

We use the system of the following provider to host our website and display the page content: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel

Data is also transferred to: Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA

All data collected on our website is processed on the provider's servers.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to the provider's location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

3.2 AWS CloudFront

We use a content delivery network from the following provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA

This service enables us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 (1) lit. f GDPR. We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the US, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

3.3 Fastly

We use a content delivery network from the following provider: Fastly Inc., 475 Brannan St. #300, San Francisco, CA 94107, USA

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), while others remain on your device for a longer period of time and enable the storage of page settings (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of your web browser's cookie settings.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either for the performance of the contract, in accordance with Art. 6 (1) lit. a GDPR in the case of consent being given, or in accordance with Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting us

When you contact us (e.g. via the contact form or email), personal data is processed exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

6) Use of customer data for direct marketing

Subscription to our email newsletter

If you subscribe to our email newsletter, we will send you regular information about our offers. The only mandatory information required to send you the newsletter is your email address. The provision of further data is voluntary and is used to address you personally. We use the double opt-in procedure for sending the newsletter, which ensures that you will only receive the newsletter once you have expressly confirmed your consent to receiving the newsletter by clicking on a verification link sent to the email address you provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR. In doing so, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us when you register for the newsletter will be used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller mentioned above. After you unsubscribe, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this statement.

7) Data processing for order processing

7.1 Insofar as necessary for the performance of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the contracted transport company and the contracted credit institution in accordance with Art. 6 (1) lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data you provided when placing your order in order to inform you personally within the scope of our legal information obligations in accordance with Art. 6 (1) lit. c GDPR. Your contact details will be used strictly for the purpose of communicating updates owed by us and will only be processed by us to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

7.2 Transfer of personal data to shipping service providers

- Deutsche Post

We use the following provider as our transport service provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany

We will pass on your email address and/or telephone number to the provider in accordance with Art. 6 (1) (a) GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider in advance or to notify the provider of the delivery.

Consent can be revoked at any time with effect for the future by contacting the above-mentioned controller or the provider.

- DHL

We use the following provider as our transport service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

We will pass on your email address and/or telephone number to the provider in accordance with Art. 6 (1) (a) GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR. The data will only be passed on if this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider in advance or to notify the provider of the delivery.

Consent can be revoked at any time with future effect by contacting the above-mentioned controller or the provider.

- DPD

We use the following provider as our transport service provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany

We will pass on your email address and/or telephone number to the provider in accordance with Art. 6 (1) (a) GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR. The data will only be passed on if this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider in advance or to notify the provider of the delivery.

Consent can be revoked at any time with effect for the future by contacting the controller or provider specified above.

7.3 Use of payment service providers (payment services)

- PayPal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider that requires advance payment, your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will only be passed on for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method where we make advance payments, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data on an alternative means of payment) during the ordering process.

In such cases, in order to protect our legitimate interest in determining your solvency, we will forward this data to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f GDPR. The provider uses the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment history) to check whether the payment option you have selected can be granted with regard to payment and/or default risks.

The credit check may contain probability values (so-called score values). Insofar as score values are included in the credit check result, they are based on a scientifically recognized mathematical-statistical method. Address data, among other things, but not exclusively, are included in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

8) Web analysis services

Wix Analytics

This website uses the web analysis service of the following provider: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel

With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading end device and browser information), the service collects and stores pseudonymized visitor data, including information about the end device used, such as the IP address and browser information, in order to evaluate it for statistical analyses of usage behavior on our website and to create pseudonymized usage profiles. Among other things, this enables the evaluation of movement patterns (so-called heat maps), which show the duration of page visits and interactions with page content (e.g., text entries, scrolling, clicks, and mouse-overs). Pseudonymization fundamentally excludes direct personal references. There is no merging with other clear data collected about you.

All processing described above, in particular the reading or storage of information on the end device used, will only be carried out if you have given us your express consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to the provider's location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

9) Site functionalities

Google reCAPTCHA

On this website, we use the CAPTCHA service of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transferred to: Google LLC, USA. The provider uses “Google Fonts,” i.e., fonts downloaded from the Internet by Google, for the visual design of the Captcha window. No information other than that mentioned above, which is already transferred to Google via the ReCaptcha functionality, is processed.

The service checks whether an entry is made by a natural person or abusively by machine and automated processing, and blocks spam, DDoS attacks, and similar automated malicious access. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type used, as well as the date and duration of the visit, and transmits this information to the provider's server for evaluation. Cookies, i.e., small text files stored in the browser of the device, may be used for this purpose.

If the processing described above is based on cookies, these are only set if you have given us your express consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.

If the processing described above is carried out without the use of cookies, the legal basis is our legitimate interest in determining individual responsibility on the Internet and preventing misuse and spam in accordance with Art. 6 (1) lit. f GDPR.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further information on Google's data protection regulations can be found here: https://business.safety.google/intl/de/privacy/

10) Tools and other information

Cookie consent tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users when they visit the site in the form of an interactive user interface, on which consent for certain cookies and/or cookie-based applications can be given by ticking a box. When using the tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent by ticking the box. This ensures that such cookies are only set on the user's respective end device if consent has been granted.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is not processed in this process.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and, consequently, in the legally compliant design of our website.

Another legal basis for processing is Art. 6 para. 1 lit. c GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

Where necessary, we have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the settings options of the cookie consent tool can be found directly in the corresponding user interface on our website.

11) Rights of the data subject

11.1 The applicable data protection law grants you the following rights as a data subject (rights of access and intervention) with regard to the controller in relation to the processing of your personal data, whereby reference is made to the legal basis cited for the respective conditions for exercising these rights:

• Right of access pursuant to Art. 15 GDPR;

• Right to rectification pursuant to Art. 16 GDPR;

• Right to erasure pursuant to Art. 17 GDPR;

• Right to restriction of processing pursuant to Art. 18 GDPR;

• Right to notification pursuant to Art. 19 GDPR;

• Right to data portability pursuant to Art. 20 GDPR;

• Right to withdraw consent pursuant to Art. 7 (3) GDPR;

• Right to lodge a complaint pursuant to Art. 77 GDPR.

11.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNING YOU FOR DIRECT MARKETING PURPOSES.

12) Duration of storage of personal data

The duration of storage of personal data is determined on the basis of the respective legal basis, the purpose of processing and, where relevant, the respective statutory retention period (e.g. commercial and tax law retention periods).

When processing personal data on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the performance or initiation of a contract and/or we no longer have a legitimate interest in its continued storage.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise specified in the other information in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.