How Data Is Collected Through This Website
Who Uses This Website to Collect Data?
The website owner is responsible for handling all data collected through this website. You can find their contact details in the Legal Notice linked at the bottom of this web page.
How Do We Collect Your Data?
In some cases, data is given to us directly by you. This could include, for example, data that you submit in a contact form.
Other data is collected automatically by our IT systems when you visit our website. This is primarily technical information (such as your web browser, your operating system or the time of your visit). This data is collected automatically when you access this website.
How Do We Use Your Data?
Certain data is required to ensure that the website can function correctly. Other data is collected so that we can analyze user behavior.
What Rights Do You Have in Relation to Your Data?
You have the right to request information relating to how your stored personal data was obtained, who obtained it and for what purposes it was obtained. You can request this information at any time and you will be provided with it free of charge. You also have the right to request that this information be rectified or erased. If you have any further questions relating to our data protection practices, you are free to contact us at any time via the address provided in our Legal Notice. Additionally, you have the right to lodge a complaint with a relevant supervisory authority.
2. General Notes and Mandatory Information
Please note that, whenever data is transferred through the Internet (e.g. via email) data breaches may occur. It is not possible to offer total protection against third party access.
The data controller for this website is:
My Cottage Garden
Telephone: +49 1626 090155
A data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
Right to Withdraw Consent
A number of data processing operations may only be carried out where your explicit consent has been granted. You have the right to withdraw consent at any time. To do so, simply contact us via email. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to object in certain circumstances, including where data is collected for direct marketing purposes (Art. 21, GDPR)
"The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims." (Direct quote taken from Article 21(1) of the GDPR.)
"Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes." (Direct quote taken Article 21, paragraphs 2 and 3 of the GDPR.)
Right to Lodge a Complaint with a Supervisory Authority
In cases when the GDPR has been breached, any affected party has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.
Right to Data Portability
Where data is processed on the basis of consent, as part of a contract, or if processing is carried out by automated means, you have the right to request a copy of this data to be transmitted in a structured, commonly used and machine-readable format. You have the right to transmit this data to a third party. You have the right to have your personal data transmitted directly to another data controller, but only where this is technically feasible.
This website uses SSL/TLS encryption. This is for security purposes and also to protect sensitive information during data transmission, for example when you submit orders and inquiries directly through the website. You can tell if a website offers secure browsing by checking the address bar on your web browser. A lock symbol should be displayed and you should also see "https://" instead of "http://" at the start of the web address.
When this SSL/TLS encryption is active, it is not possible for third party users to intercept data that you transmit through the website.
If you want to place an order through our online store, we will need to process your personal data (name, address, contact and payment details). This data will be used solely for the purpose of placing your order and, if you wish, to allow you to open a customer account.
Where necessary, this data will be shared with our trusted suppliers and payment service providers (Stripe Inc. or PayPal Inc.).
Secure Payments on This Website
To complete a transaction, your payment details (e.g. bank account number for direct debit authorization) will need to be transferred so that your payment can be processed.
For whichever payment method you choose (Visa/MasterCard/Direct Debit) this transaction will take place through a secure SSL/TLS connection. You can tell if a website offers secure browsing by checking the address bar on your web browser. A lock symbol should be displayed and you should also see "https://" instead of "http://" at the start of the web address.
Using encrypted communication means that the payment details you provide us with cannot be intercepted by third party users.
Erasure, Rectification and the Right to Be Informed
In accordance with current privacy regulations, you have the right to request information regarding your personal data, including how it was collected, who collected it and how it is being used. This information can be requested at any time and must be provided free of charge. You also have the right to request that this data be rectified or deleted. If you have any further questions relating to personal data, you are free to contact us at any time via the address provided in our Legal Notice.
Right to Restrict Processing
You have the right to restrict processing of your personal data in certain circumstances. If you would like to do this, please contact us via the address provided in our Legal Notice. You have the right to restrict processing of your data in the following circumstances:
When you are contesting the accuracy of your stored personal data, we will usually need time to verify this. While this process is taking place, you have the right to restrict the processing of your data.
If your data has been unlawfully processed, instead of erasure, you could request restriction of processing.
If we no longer need your personal data, but you need to keep it in order to establish, exercise or defend a legal claim, you could request restriction of processing, instead of erasure.
In the event that you object to our processing of your data under Article 21(1) of the GDPR, we will require an assessment period to take your objection into consideration. During this time, you have the right to request that we restrict the processing of your personal data.
If you restrict the processing of your personal data, apart from storing it, we will not use your data in any way, unless we have your consent; it is for the establishment, exercise or defense of legal claims; it is for the protection of the rights of another person (natural or legal); or it is for reasons of important public interest to the European Union or a Member State.
3. How Data Is Collected Through This Website
Most of the cookies used by this website are known as "session cookies". They are automatically deleted at the end of your browsing session. Other cookies will remain stored on your device until you delete them. These cookies allow us to identify your browser the next time you visit.
You can choose to set your web browser so that you will always be informed when cookies are placed, allowing you to permit them on an individual basis. You can also choose to disable cookies in all or certain situations. It is possible to set your browser so that cookies are automatically deleted when you close your web browser. If you choose to disable cookies, this website may not function fully or as intended.
Cookies that are essential for you to browse this website and use its features (e.g. the shopping cart), can be lawfully stored according to Art. 6(1) point (f) of the GDPR. The website owner has legitimate grounds to store these cookies, in order to prevent technical failures and provide a better experience and service to you. Provided that consent has been granted (e.g. consent to store cookies) the website owner has grounds to process this data on the basis of Art. 6(1) point (a) of the GDPR. You have the right to withdraw consent at any time.
Server Log Files
This website collects and automatically stores information in the form of server log files. Your browser then automatically transfers these files to us. These include:
Browser type and browser version
Operating system used
Hostname of accessing computer
Time of server request
This data is not collated with data from other sources.
This data is collected on the basis of Art. 6(1) point (f) of the GDPR. The website owner has a legitimate interest in the smooth running and optimization of their website. The data log files are collected for this purpose.
Processing Data (Customer Data and Contract Data)
We collect, process and use personal data in so far as it is necessary to establish, develop or modify a legal relationship (inventory data). This is lawful under Art. 6(1) point (b) of the GDPR, which allows data to be processed for the performance of a contract or in order to take steps prior to entering into a contract. Personal data relating to use of this website (usage data) is only collected, processed and used in so far as is necessary to allow users to use the service or pay for it.
The customer data that we collect will be deleted after their order has been fulfilled or our business relationship has been terminated. This does not affect statutory retention periods.
Data Transfer at the End of a Contract for Services and Digital Content
We will only ever transfer your personal data to third parties if it is necessary to process a payment through an appointed financial institution as part of processing a contract.
Data will not be transferred for any other purposes, unless you have explicitly consented to it. Your data will never be passed on to third parties for marketing purposes without your explicit consent.
Processing data this way is lawful under Art. 6(1) point (b) of the GDPR, which allows data to be processed for the performance of a contract or in order to take steps prior to entering into a contract.
4. Social Media
This website uses plugins provided by the social network, Facebook, address: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. These Facebook plugins are clearly recognizable on the website because they feature the Facebook logo or the like button. You can find an overview of Facebook plugins here: https://developers.facebook.com/docs/plugins.
If you don't want Facebook to be able to link your Facebook user account to your visit to this website, then please log out of your Facebook user account.
Use of Facebook plugins is lawful under Art. 6(1) point (f) of the GDPR. The website owner has a legitimate interest in increasing their visibility on social media.
5. Analytics Tools and Marketing
This website uses a web analytics service provided by Google Analytics. This is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Storing Google Analytics cookies and using analytical tools is lawful under Art. 6(1) point (f) of the GDPR. The website owner has a legitimate interest in analyzing user behavior for the purposes of marketing and improving website content. Provided that consent has been granted (e.g. consent to store cookies) the website owner has grounds to process this data on the basis of Art. 6(1) point (a) of the GDPR. You have the right to withdraw consent at any time.
We have activated a function that anonymizes IP addresses collected through this website. This means that if you are located within a European Member State or an area covered by the European Economic Area Agreement, Google will shorten your IP address before it is transmitted to the USA. Only in exceptional circumstances will your full IP address be transferred to a Google server in the USA before being shortened there. As part of an agreement with the owner of the website, Google will use your information to analyze how you use the website, to compile reports about website activity and to provide other services to the website owner related to website and internet usage. Although your IP address is transmitted to Google through Google Analytics, it will not be collated with other Google data.
You may choose to disable cookies in your web browser. Please note that, if you do this, certain features of the website may not function fully or as intended. If you wish, you can also stop Google from collecting and processing data relating to your usage of this website (including your IP address) by downloading and installing the browser plugin available at the link below: https://tools.google.com/dlpage/gaoptout.
Object to Data Collection
You can stop Google Analytics from collecting your data by clicking on the following link. It places an opt-out cookie that will stop your data from being collected during future visits to this website. It deactivates Google Analytics.
Data Processing Terms
We have accepted Google's Data Processing Terms, which ensure that Google Analytics is used in a manner that is fully compliant with the strict provisions put into place by German data protection authorities.
After 14 months, Google will anonymize or delete any of the user-level or event-level data it may be storing that is associated with cookies, user-identifiers (e.g. User-ID) and advertising identifiers (DoubleClick cookies, Android’s Advertising ID). Please see the link below for more information: https://support.google.com/analytics/answer/7667196?hl=
This website uses Kajabi to send out newsletters. The provider is Kajabi, LLC, 15495 Sand Canyon Ave Suite #300, Irvine, CA 92618.
Kajabi is a service, which amongst other things, allows us to send out newsletters and analyze the results. Data that you provide us with in relation to our newsletter will be stored on Kajabi's server in the USA.
If you do not want Kajabi to analyze your data, you will have to unsubscribe from our newsletter. Each newsletter we send out includes a link that allows you to do this. You can also unsubscribe from our newsletter through our website.
Kajabi allows us to analyze our newsletter campaign. It means that we can see things, such as if the newsletter has been opened and which links have been clicked. This allows us to establish information, such as which links are clicked the most.
We can also identify if a set of predefined actions have been carried out once the newsletter has been opened or a link has been clicked (conversion rate). For example, we'll know if you purchase something after clicking on the newsletter.
Kajabi also allows us to divide our newsletter readers into different categories (clusters). This means that we divide up our newsletter readers according to characteristics, such as age, gender or place of residence. This allows use to adapt our newsletter to better suit our target readers.
Data generated through registration via Facebook, Instagram, Pinterest or YouTube is processed within the Kajabi eMail -System.
For more information about how Kajabi operates, please see the following link: https://kajabi.com/solutions/email-marketing/.
Klaviyo Email Marketing
We use Gorgias to process user requests. The provider is Gorgias, Inc, 768 Harrison St in San Francisco, CA 94107, USA.
We use Gorgias to process your requests quickly and efficiently.
The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in communicating with customers and interested parties as easily as possible. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Gorgias is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection requirements. We have signed a "Data Processing Agreement" with Gorgias.
This is a contract in which Gorgias undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties.
If you do not agree to us processing your enquiry via Gorgias, you can alternatively communicate with us by e-mail or telephone. You will find the data in the imprint.
It is lawful to process your data in the above-mentioned ways on the grounds that you have given consent (Art. 6(1) point of the GDPR). You can withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Personal data provided by you for the purposes of subscribing to the newsletter will be stored by us or the newsletter service provider until you make the decision to unsubscribe. Once you do this, your data will be deleted. Data we are storing for other purposes will remain unaffected.
When you ask to be removed from the newsletter mailing list, your email address will be saved to a blacklist by either us or the newsletter service provider. This is to prevent you from receiving any future emails from us. Data on the blacklist is not used for any other purpose and it will never be collated with other data. This serves both your interests and our own, because it ensures that we are able to comply with legal requirements related to the distribution of newsletters (legitimate interests of the kind referenced in Art. 6(1) point (f) of the GDPR). There is no limit on how long we may store your data on a blacklist. You can object to your data being stored in this way if you believe that your own interests outweigh our legitimate interests.
Data Processing Addendum
We have entered into an agreement with Kajabi, which means that they are obligated to protect our customer data and never pass it along to third parties. You can see a copy of the Addendum by following the link below:
7. Plugins and Tools
YouTube Advanced Data Protection
This website contains embedded YouTube videos. These are provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube's Privacy-Enhanced Mode. According to YouTube, using this mode means that YouTube will not store information about visitors to this website unless you click to play one of their videos. Privacy-Enhanced Mode does not, however, necessarily mean that data will not be passed on to YouTube partners. Regardless of whether you watch a video, YouTube establishes a link to Google's DoubleClick network.
As soon as you start playing a YouTube video on this website, a connection is created to the YouTube server. This means that YouTube will know which of our web pages you have visited. If you are logged into your YouTube account, YouTube will be able to link your personal profile with your browsing activities. You can stop this from happening by logging out of your YouTube account.
When you start playing a YouTube video, YouTube will also place various cookies on your device. YouTube can use these cookies to collect information about visitors to this website. This information is used for purposes, such as compiling video statistics, making services more user-friendly and preventing fraud. These cookies will be stored on your device until you delete them.
Other data processing operations may be triggered when you click to play a YouTube video, but we have no control over this.
We use YouTube to attractively display our online offers. This is a legitimate interest, as referenced under Art. 6(1) point (f) of the GDPR. Provided that consent has been granted (e.g. consent to store cookies) the website owner has grounds to process this data on the basis of Art. 6(1) point (a) of the GDPR. You have the right to withdraw consent at any time.