Privacy Policy - KINTEI Sense

PRIVACY POLICY

This Privacy Policy applies to the website www.kintei-sense.com

Responsible person:

Caroline Hayashi

Dachauer Strasse 173

80636 München, Germany

info@kintei-sense.com

Processing of Personal Data

We process your personal data in the context of this website, among other things, as follows (for further data processing activities in connection with this website, please refer to the following sections of this Privacy Policy):

Log Files When Visiting the Website

When using our website, our hosting provider automatically records so-called “log file” data for each access to the server, such as the name of the accessed website, the previously visited page (referrer URL), product and version information of the browser and operating system used, the requesting internet service provider, date and time of access, search engines used, country of access, amount of data transferred, names of downloaded files, and the IP address.

The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest in storing log file data lies in ensuring system security, including the detection and investigation of misuse. IP addresses are deleted after no more than seven days, unless they are required for a longer period due to a security-related incident, for example for clarification or evidentiary purposes.

Contact Requests:

In the case of contact requests, we process your personal data, such as your name, address, email address, telephone number, and similar information, which we require in order to respond to your enquiry.

The legal basis for the processing of your personal data in the context of contact enquiries is Article 6(1)(b) of the General Data Protection Regulation (GDPR).

In the context of contact enquiries, we store your personal data for as long as is necessary to process your request, plus an appropriate retention period to address any follow-up questions.

The provision of this personal data is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. However, if you do not provide this data, we may not be able to respond to your enquiry or, in the case of limited contact details, may not be able to respond via all requested communication channels.

Registration / Orders:

When you register or place an order, we process your personal data, such as your name, address, email address, telephone number, date of birth, self-chosen username, payment data, and similar information, which we require for the performance of the contractual relationship with you or for carrying out pre-contractual measures taken at your request.

We store the personal data collected in the course of registration or orders for as long as is necessary for the performance of the contractual relationship (including, where applicable, the provision of the customer account) and/or for the execution of pre-contractual measures initiated at your request and/or in relation to warranty, guarantee or similar obligations and/or in compliance with statutory retention periods.

The legal bases for the processing of your personal data collected in the context of registration or orders are Article 6(1)(b) and Article 6(1)(c) of the General Data Protection Regulation (GDPR).

The provision of this personal data is neither required by law nor by contract. However, it is necessary for the conclusion of the contract, i.e. for completing the registration or order process, insofar as the relevant information must be provided as mandatory (rather than optional) within our registration/order process.

Newsletter:

If you subscribe to our newsletter, we process the data collected in this context, such as your email address, salutation, etc., for the purpose of sending the newsletter.

Where data processing for the purposes described above is carried out on the basis of your consent, the legal basis is Article 6(1)(a) GDPR (consent). Otherwise, data processing is based on Article 6(1)(f) GDPR (legitimate interests), whereby our legitimate interests lie in the purposes set out above.

We store the personal data required for sending the newsletter for as long as it is necessary for this purpose or until you withdraw your consent to receive the newsletter. Any lawful continued storage for other purposes (e.g. customer communication) shall remain unaffected.

2. Use of Cookies

In this section, we inform you about the use of cookies on our website.

a) Description and Functionality

Cookies are small text files that are stored on the user’s device and enable analysis of the user’s use of the website.

b) Own Cookies

We use cookies to make the use of the website easier and more convenient for visitors, or to enable certain functions in the first place.

The legal basis for the processing of your personal data in connection with the use of cookies is Article 6(1)(f) GDPR (legitimate interests). Our legitimate interest arises from the purposes set out above.

In the context of the use of cookies, we store your personal data for as long as is necessary to make the use of our website easier and more convenient.

c) Third-Party Cookies

Third-party cookies may also be used on the website to collect or receive information from our website and other places on the internet, and to use this information, for example, to provide web tracking services, review services, or audience-targeted advertising.

In the context of the use of cookies, your personal data will be stored for as long as is necessary to achieve the purposes described above.

d) Withdrawal / Objection / Settings

You may withdraw any consent given for the use of cookies at any time or object to the processing of data through cookies by deleting cookies in your browser settings.

You can also configure your browser so that cookies are only stored if you explicitly consent to them.

Another option to withdraw consent, object to the use of cookies, and/or manage your cookies can be found here:

https://www.kintei-sense.com/datenschutzerklaerung#consent-change

With regard to advertising cookies, you can block and/or manage many of them via the following services:

www.aboutads.info/choices/

www.youronlinechoices.com/uk/your-ad-choices/

www.networkadvertising.org/managing/opt_out.asp

However, if you refuse cookies, you may not be able to use certain website functions, services, applications, or tools.

3. Google Ads Conversion Tracking

On our website, we use Google Ads Conversion Tracking provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Ads Conversion Tracking, an analytics service provided by Google Inc., uses cookies stored on your device to analyse the use of the website you accessed via a click on a Google advertisement. For this purpose, a so-called conversion tracking tag or code snippet is integrated into our website or app. As soon as a user clicks on such an advertisement, a temporary cookie is stored on their device. If the user subsequently performs a customer action of interest to us (for example purchases, registrations, or filling in a contact form), Google and we as the website operator can recognise this. Google Ads Conversion Tracking is used to analyse which keywords, advertisements, ad groups, and campaigns are most successful for us. This enables us to make informed decisions regarding our online advertising and to optimise campaigns in line with our business objectives. Google Ads Conversion Tracking therefore helps us with the analysis, optimisation, and economic operation of our online advertising.

Further information on how Google Conversion Tracking works and Google’s privacy policy can be found here:

https://support.google.com/adwords/answer/1722022?hl=de

Google transmits the information generated by the cookies to servers in the United States. Google relies on EU Standard Contractual Clauses for this data transfer.

Withdrawal / Objection / Settings:

- Please refer to point (d) of the ‘Cookies’ section of this Privacy Policy

4. IONOS WebAnalytics

This website uses the analytics services of IONOS WebAnalytics (hereinafter referred to as ‘IONOS’). The service provider is 1&1 IONOS SE, Elgendorfer Straße 57, D-56410 Montabaur, Germany. As part of the analyses carried out by IONOS, data such as visitor numbers and behaviour (e.g. the number of page views, duration of website visits, and bounce rates), traffic sources (i.e. the website from which a visitor arrived), visitor locations, and technical information (such as browser and operating system versions) may be analysed. For this purpose, IONOS stores, in particular, the following data:

referrer (previously visited website)
requested website or file
browser type and browser version
operating system used
device type used
time of access
anonymised IP address (used solely to determine the location of access)

According to IONOS, data collection is carried out in a fully anonymised manner, so that it cannot be traced back to individual persons. IONOS WebAnalytics does not store any cookies.

The storage and analysis of data are carried out on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in the statistical analysis of user behaviour in order to optimise both its website and its advertising. Where consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Further information on the collection and processing of data by IONOS WebAnalytics can be found in IONOS’s Privacy Policy at the following link:

https://www.ionos.de/terms-gtc/datenschutzerklaerung/

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) with the provider for the use of the above-mentioned service. This is a contract required under data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

5. Social Media Features and Embedded Social Media Content

Our website uses social media features, such as buttons that allow users to share content from our website on social networks, as well as embedded content from social media platforms.

In this context, information such as your IP address, details about your browser and operating system, referring websites, the time of your visit, and your use of our website may be transmitted.

Such data may be collected through plugins, pixel tags (invisible graphics), or cookies.

The data may be used to create user profiles for marketing purposes.

The legal bases for processing are Article 6(1)(a) GDPR (consent), Article 6(1)(b) GDPR (performance of a contract or pre-contractual requests), and/or Article 6(1)(f) GDPR (legitimate interests), whereby the legitimate interests may consist in providing the relevant functionalities or content to the user.

Further information can be found in the privacy policies of the respective social media platforms.

The following social media features are integrated into our website:

Instagram – operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin D02, Ireland (hereinafter “Meta”). The data collected may be transferred to the provider’s servers in the United States. Meta relies on the EU Standard Contractual Clauses for such data transfers. Further information can be found in Meta’s Privacy Policy: https://de-de.facebook.com/policy.php
Pinterest – operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. The data collected may be transferred to the provider’s servers outside the European Economic Area (EEA). Pinterest relies, among other mechanisms, on the EU Standard Contractual Clauses for such data transfers. Further information can be found in Pinterest’s Privacy Policy: https://policy.pinterest.com/de/privacy-policy
YouTube – operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data collected may be transferred to Google’s servers in the United States. Google relies on the EU Standard Contractual Clauses for such data transfers. Further information can be found in Google’s Privacy Policy: https://policies.google.com/privacy

6. Presence on Instagram and Facebook

We maintain a presence on Instagram and Facebook.

The Instagram and Facebook services are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin D02, Ireland (hereinafter “Meta”).

Controller(s)

We are the controller within the meaning of Article 4(7) of the General Data Protection Regulation (GDPR) insofar as we process personal data you transmit to us via Instagram or Facebook exclusively on our own responsibility.

To the extent that personal data transmitted to us by you via Instagram and Facebook is processed either jointly with us or exclusively by Instagram and Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, is also a controller within the meaning of the GDPR, in addition to us.

You may contact the data protection officer of Instagram or Facebook via the contact form (https://www.facebook.com/help/contact/540977946302970) provided by Facebook.

As the controller of the Instagram and Facebook pages, we have entered into agreements with Facebook which, among other things, govern the terms of use of the Instagram and Facebook pages. The applicable terms are the Instagram and Facebook Terms of Use (https://www.facebook.com/legal/terms), as well as the other terms and policies referenced therein.

Use of Cookies by Facebook

When you visit our Instagram and Facebook pages, Facebook, as the controller, collects personal data from users, among other things through the use of cookies.

Information on which cookies Facebook uses, what information Facebook receives through cookies, how this information is used, how long it is stored by Facebook, and with which third-party partners it is shared can be found in Instagram’s (https://help.instagram.com/155833707900388) and Facebook’s (https://www.facebook.com/privacy/policy) privacy notices.

There you will also find information on how to contact Facebook as well as settings options for advertisements. In addition, you can configure your browser settings according to your preferences and, for example, refuse the acceptance of cookies. However, please note that in this case not all functions of Instagram or Facebook may be available to you.

You can delete Facebook cookies, among other options, here: Your Online Choices (Preference Management): http://www.youronlinechoices.com/de/praferenzmanagement/.

Likes, Posts and Messages

To the extent that you visit our Instagram and Facebook pages as a registered user, we process the following data:

your Instagram or Facebook username and your profile picture,
your interaction with our posts (“likes”, “shares”, etc.), and
your comments, posts, messages, and other content that you provide on our page.

To the extent that you contact us via our Instagram or Facebook page or by email, we store the data you provide with your message (e.g. email address, name) in order to respond to your enquiries. We delete the data arising in this context once storage is no longer required.

The legal basis for processing is Article 6(1)(b) and (f) GDPR (balancing of interests, processing at the request of the data subject). We process your data in order to provide you and other users of our page with interesting information and to inform you regularly about our services.

We do not, however, have full access to the data collected by Facebook or to your profile data, and we can only view the public information of your profile. You determine which data these are in detail via your Instagram or Facebook settings. For example, you may choose to hide “likes” in your profile or stop following our Instagram and Facebook pages. In this case, your profile will no longer appear in the list of followers of our Instagram and Facebook pages.

We do not have any influence over the collection of your data or its further processing by Instagram and Facebook. Likewise, we are unable to determine where, for how long, and to what extent the respective data is stored by Facebook. This also applies to any deletion obligations applicable to Facebook, the analyses and combinations or linking performed by Facebook with the data, and to whom the data is disclosed. You can find information on which additional personal data Facebook processes when you use our Instagram and Facebook pages in Instagram’s (https://help.instagram.com/155833707900388) and Facebook’s (https://www.facebook.com/privacy/policy) privacy policies.

Statistical Usage Data

In order to better achieve the purposes pursued with our Instagram and Facebook pages, Facebook also provides us with demographic and geographic analyses based on the information collected. We may use this information to place targeted interest-based advertisements without directly knowing the identity of the visitor. If visitors use Instagram or Facebook on multiple devices, data collection and analysis may also be carried out across devices, provided that users are registered and logged into their respective profiles. Facebook provides us with the following information regarding the use of our Instagram and Facebook pages:

Followers: number of people following our Instagram and Facebook pages – including increases and development over a defined period of time.
Reach: number of people who see a specific post. Number of interactions with a post. This allows us, for example, to determine which content performs better within the community than others.
Ad performance: how many people were reached by a post or a paid advertisement and interacted with it.
Demographics: average age of visitors, gender, place of residence, language.
Activity: times at which the majority of users in the community are online.
Actions on the page: clicks on directions, emails, website links, and profile visits.
Page views: number of times the page was viewed and on which device.

These visitor statistics are provided to us by Facebook via the Instagram and Facebook “Insights” tool exclusively in anonymised form. We are not able to assign Insights data to individual persons. We also do not have access to the underlying data.

We process this data exclusively for the technical administration and provision of our Instagram and Facebook pages, as well as to obtain statistical information on their use as page operators. The legal basis for processing this data is Article 6(1)(f) GDPR. Our interest in this context is the administration and improvement of the page.

For the processing of Insights data, we and Facebook are considered “joint controllers”. This means that Facebook and we process these data for the shared purpose of understanding the usage behaviour of visitors to our Instagram and Facebook pages. As the operator of the platform, Facebook collects the detailed usage data from you; we only receive aggregated Insights data from Facebook. Therefore, Facebook alone makes the decisions regarding the processing of usage data in connection with Page Insights. In the case of such joint controllership, the EU General Data Protection Regulation requires us to conclude an agreement with Facebook. You can access this agreement here: https://www.facebook.com/legal/terms/page_controller_addendum. It contains further details and explanations regarding joint controllership with Facebook in the context of Insights.

The agreement essentially provides that requests for information and the exercise of data subject rights in relation to Insights data must be addressed directly to Facebook as the controller.

In addition, users of Instagram and Facebook can influence the extent to which their user behaviour is recorded when visiting our Instagram and Facebook pages via the advertising preferences settings (https://www.facebook.com/ads/preferences). Further options are available in the settings of Instagram (https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/) and Facebook (https://www.facebook.com/settings?tab=privacy) or via the objection form (https://www.facebook.com/help/contact/367438723733209).

Data Transfers to the USA and Other Third Countries

To provide our Instagram and Facebook pages on the Instagram and Facebook platform, your personal data is processed by Facebook Ireland Limited and transferred to Facebook, Inc. in the United States (as well as other third countries, as described at https://de-de.facebook.com/policy.php).
Facebook uses Standard Contractual Clauses (https://www.facebook.com/help/566994660333381?ref=dp) approved by the European Commission and, for data transfers from the EEA to the USA and other countries, may also rely on adequacy decisions (https://l.facebook.com/l.php?u=https%3A%2F%2Fec.europa.eu%2Finfo%2Flaw%2Flaw-topic%2Fdata-protection%2Fdata-transfers-outside-eu%2Fadequacy-protection-personal-data-non-eu-countries_en&h=AT3vKIAcwVJ-RZiPSzyMmECT743mubXegKKM-LtPz96RlGO4kEzpzNbqs5wf4TuzWDhX6HeUBtCe8cus9KwNTt2Q-Hz6JuMVnCOZstoINBINhXdcD42SRT7pl7NmeFbt0ihnb7NWeyKR60jakpF8_w) issued by the European Commission for certain countries.

7. Presence on Other Social Networks

We maintain presences on additional social networks in order to present our goods and/or services and/or to communicate with customers and interested parties.

User data from social networks, in particular data relating to user behaviour, is generally also processed to create user profiles for the purpose of personalised advertising. This may be done, for example, via cookies, fingerprinting, or similar technologies, as well as through tracking of logged-in users.

The legal basis for our processing of personal data on social networks is Article 6(1)(f) GDPR (“legitimate interests”).

Further information, including on the processing of personal data by the operators of the social networks and your right to object, can be found in the privacy policies of the respective social networks linked below.

Our presence on social networks:

Pinterest; operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; privacy policy: Pinterest Privacy Policy: https://policy.pinterest.com/de/privacy-policy
YouTube, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; your personal data may be transferred to servers in the United States. Google relies on EU Standard Contractual Clauses for such data transfers. Further information can be found in Google’s Privacy Policy: Google Privacy Policy: https://policies.google.com/privacy
LinkedIn, operated by LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”); LinkedIn transfers personal data to the United States and relies, among other mechanisms, on the EU Standard Contractual Clauses for such transfers. Privacy policy: LinkedIn Privacy Policy: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

8. Sendinblue

For our email dispatch, we use the service Sendinblue provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin.

With Sendinblue, we are able to tailor our email campaigns to the browsing behaviour of our website visitors (e.g. based on which content a user has clicked on), for example by sending personalised and individualised messages accordingly.

Further information can be found in Sendinblue’s privacy policy:

https://de.sendinblue.com/legal/privacypolicy/

9. Real Cookie Banner

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and the related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at: https://devowl.io/de/rcb/datenverarbeitung

The legal bases for the processing of personal data in this context are Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

10. Wordfence Security

Our website uses the “Wordfence Security” plugin (Wordfence), provided by Defiant Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA (Defiant), to protect against viruses, malware, and cyber attacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with access attempts made on our website and block them if necessary. Wordfence uses cookies for this purpose. The information stored by these cookies (including IP address, accessed URLs, and header information) is transmitted to servers in the United States. Further information on the cookies used by Wordfence and on the collection and use of data by Wordfence can be found here: Wordfence Privacy Policy: https://www.wordfence.com/privacy-policy/

The legal basis for the processing of this data is Article 6(1)(f) GDPR (“legitimate interests”). We have concluded a data processing agreement with Defiant. This ensures that Defiant processes personal data only in accordance with our instructions and in compliance with the GDPR.

Data transfers to the United States are based on the EU Commission’s Standard Contractual Clauses. Details can be found here:

https://www.wordfence.com/help/general-data-protection-regulation/.

11. Data Subject Rights

Pursuant to Article 15 of the General Data Protection Regulation, you have the right to request information about the processing of your personal data (“right of access by the data subject”).

Pursuant to Article 16 of the General Data Protection Regulation, you have the right to request the rectification and deletion of inaccurate personal data concerning you (“right to rectification”).

Pursuant to Article 17 of the General Data Protection Regulation, you may request the deletion of personal data concerning you, provided that one of the grounds listed therein applies (“right to be forgotten”).

Likewise, pursuant to Article 18 of the General Data Protection Regulation, you have the right to request the restriction of processing of your personal data if one of the conditions set out therein applies (“right to restriction of processing”).

Pursuant to Article 20 of the General Data Protection Regulation, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format and to transmit those data to another controller (“right to data portability”).

Withdrawal of consent: see the “Right of Withdrawal” section in this Privacy Policy.

Right to object: see the “Right to object” section in this Privacy Policy.

You have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority is the Bavarian Data Protection Commissioner (BayLfD), Prof. Dr. Thomas Petri, postal address: P.O. Box 22 12 19, 80502 Munich, Germany; office address: Wagmüllerstraße 18, 80538 Munich, Germany.

12. Right of Withdrawal

You may withdraw any consent you have given for the processing of your personal data at any time, for example by email to our email address stated at the beginning of this page. The lawfulness of processing carried out on the basis of consent before its withdrawal remains unaffected.

13. Right to Object

Where our data processing is based on Article 6(1)(f) GDPR (“legitimate interests”), you have the right to object to the processing of your personal data in accordance with Article 21 GDPR.

14. Disclosure of Your Data

Insofar as not already stated elsewhere in this Privacy Policy, we disclose your personal data to the following additional recipients or categories of recipients:

CMS: WooCommerce Ireland Ltd. - Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland

Shipping service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.

Payment service Provider: Stripe Payments Europe, Limited - C/O A and L Goodbody, IFSC North Wall Quay

Insofar as not already stated elsewhere in this Privacy Policy, we intend to transfer your personal data to the following third country or international organisation.

We operate our online shop using software provided by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter “IONOS”), on its servers. In particular, we use the following IONOS products:
- IONOS Service Status
- Content Delivery Network CDN
- Sitelock
- Email
- Webanalytics

According to its privacy policy, IONOS processes data worldwide, including in the United States. The IONOS privacy policy, which contains more detailed information, in particular regarding data transfers abroad, can be accessed here: https://www.ionos.de/terms-gtc/terms-privacy#c5950

Cloudflare Inc., San Francisco, USA; content delivery network (CDN for content delivery). When using this CDN, content data is stored in Cloudflare data centres to improve website loading times. In doing so, data such as IP addresses, traffic routing data, system configuration information, and other information about traffic to and from websites, devices, applications, and/or networks is transmitted to Cloudflare servers.
Legal basis: Article 6(1)(b) GDPR (“performance of a contract”). The servers may be located in the United States. Cloudflare relies on the EU Standard Contractual Clauses for such data transfers to the USA.
Further information can be found in Cloudflare’s privacy policy: https://www.cloudflare.com/de-de/privacypolicy/

Ceramics and crafts from Japan

KINTEI Sense

LEGAL INFORMATION

services

stay connected