Data protection declaration

The person responsible for data processing is:
MANDALA, Nathalie Prieger
Wittelsbacherstr. 3
82319 Starnberg

Email: Shop@mandala-fashion.com

Telephone: + 49 81 51 97 19 504

We look forward to your interest in our online shop. Protecting your privacy is very important to us. Below we will inform you in detail about dealing with your data.

1. Access data and hosting

You can visit our websites without giving information about yourself. If you call a website, the web server only automatically stores a so-called server log file, which, for example, contains the name of the requested file, your IP address, date and time of access, transmitted amount of data and the requesting provider (access data) and documents the access. These access data are only evaluated for the purpose of ensuring a trouble -free operation of the page and the improvement of our offer. This serves to protect our legitimate interests on a correct presentation of our offer in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR. All access data will be deleted at least fourteen days after the end of your page visit.

2. Data processing for contract processing and to contact us

2.1 Data processing for contract processing

For the purpose of contract processing (including inquiries about and processing of existing warranty and performance disabilities claims as well as any legal update obligations) in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR, we collect personal data if you are within the framework of your Say the order voluntarily. Mandatory fields are identified as such, since in these cases we absolutely need the data for contract processing and we cannot send the order without it. Which data is collected can be seen from the respective input forms.

Further information on the processing of your data, in particular on the transfer of our service providers for the purpose of ordering, payment and shipping, can be found in the following sections of this data protection declaration. After completing the contract, your data will be restricted for further processing and will be deleted after the expiry of the tax and commercial and commercial law retention periods in accordance with Art. 6 Para. 1 S. 1 lit. c GDPR, unless you expressly use your data in accordance with ART .

2.2 Customer account

Insofar as you have granted your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR by choosing a customer account, we use your data for the purpose of the customer account opening and to store your data for further future orders our website. The deletion of your customer account is possible at any time and can be made either by means of a message to the contact option described in this data protection declaration or via a function provided in the customer account. After deleting your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve a usage usage that is permitted and via which we inform you in this explanation.

2.3 Contact

As part of customer communication, we collect personal data to process your inquiries in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR if you have contacted us (e.g. via contact form, live chat tool or email ) voluntarily communicate. Mandatory fields are identified as such, since in these cases we absolutely need the data to process your contact. Which data is collected can be seen from the respective input forms. After completing your request, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we are reserved for an additional data usage that is legally permitted and about which we inform you in this explanation.

3. Data processing for the purpose of shipping

For the fulfillment of the contract in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is required for the delivery of ordered goods. If you have any questions about our service providers and the basis of our cooperation with you, please contact the contact option described in this data protection declaration.

 Data transfer to shipping service providers for the purpose of the shipping announcement

If you have given us your express consent during or after your order, we will pass on your email address and telephone number to the selected shipping service provider based on Art. 6 Para. 1 S. 1 lit. a GDPR so that this Delivery for the purpose of the delivery announcement or vote can contact you.
The consent can be revoked at any time by a message to the contact option described in this data protection declaration or directly to the shipping service provider at the contact address listed below. After revocation, we delete your data provided for this, unless you have expressly consented to further use of your data or we are reserved for a usage of data that is legally permitted and about which we inform you in this declaration. If you have any questions about our service providers and the basis of our cooperation with you, please contact the contact option described in this data protection declaration.

United Parcel Service Germany S.à r.l. & Co. OHG
Görlitzer Strasse 1
41460 Neuss
Germany

DHL Paket GmbH
Straßenweg 10
53113 Bonn
Germany

4. Data processing for payment processing

When processing payments in our online shop, we work with these partners: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction processing

Depending on the selected payment method, we pass on the data necessary for the processing of the payment transaction to our technical service providers, which are active for us as part of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary to handle the payment. This serves to fulfill the contract in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR. In some cases, the payment service providers collect the data required for the processing of the payment, e.g. on their own website or via a technical integration in the ordering process. In this respect, the data protection declaration of the respective payment service provider applies.
If you have any questions about our partners for payment processing and the basis of our cooperation with you, please contact the contact options described in this data protection declaration.

4.2 Data processing for the purpose of fraud prevention and the optimization of our payment processes

If necessary, we will provide our service providers further data that you use together with the data necessary for the processing of the payment as our processors for the purpose of fraud prevention and the optimization of our payment processes (e.g. invoicing, handling contested payments, support for accounting). In accordance with Art. 6 Para. 1 S. 1 Lit. f GDPR, this serves to protect our legitimate interests on our protection against fraud or in efficient payment management.

4.3 Identity and credit check when selecting Klarna payment services

Klarna direct debit, purchase on account via Klarna, Klarna in installment purchase
If you decide on the payment services of the Klarna Bank (public), Sveafen 46, 111 34 Stockholm, Sweden (hereinafter in Klarna), we ask you to consent to Art. 6 Para. 1 S. 1 lit. a GDPR, that we can transmit the data necessary for the processing of payment and an identity and credit check. In Germany, for identity and credit check that in the Data protection declaration to be used by Klarna. Klarna uses the information obtained about the statistical probability of a default of payment for a weighing decision on the reason, implementation or termination of the contractual relationship. You can cancel your consent at any time by a message to the contact options mentioned in this data protection declaration. This can result in that we can no longer offer you certain payment options. You can also revoke your consent to this use of personal data at any time to Klarna.

4.4 Identity and credit check when choosing purchase on account via PayPal and Ratepay

If you are available for the payment method (offered via Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (hereinafter Ratepay) and PayPal (Europe) S.à r.l. et cie, s.c.a., 22-24 Boulevard Royal, 2449 Luxembourg (In the following PayPal)), we ask you to make your consent under Art. 6 Para. 1 S. 1 lit. a GDPR that we may transmit the data necessary for the processing of payment and an identity and credit check. In Germany, for identity and credit check that in the RatePay data protection declaration named economic ideas. RatePay uses the information obtained about the statistical probability of a default of payment for a weighing decision on the reason, implementation or termination of the contractual relationship. You can cancel your consent at any time by a message to the contact options mentioned in this data protection declaration. This can result in that we can no longer offer you certain payment options. You can find additional information on data protection at PayPal here.

5. Advertising by email

5.1 E-mail newsletter with registration, newsletter tracking with separate consent

If you register for our newsletter, we use the data required or separated from you to send you our e-mail newsletter regularly on the basis of your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR. You can deregister from the newsletter at any time and can be made either by a message to the contact option described below or via a link provided in the newsletter. After deregistering, we delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to use the data that goes beyond is legally allowed and about which we inform you in this declaration.

If you have also given us your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR for the analysis of our newsletter, we also analyze your handling of our newsletter through measurement, storage and evaluation of opening rates and click rates for the purpose of design future newsletter campaigns ("newsletter tracking").

For this evaluation, the sent e-mails include one-pixel technologies (e.g. so-called web beakons, tracking pixels) that are stored on our website. For the evaluations, we in particular link the following "newsletter data"

  • the page from which the page was requested (so-called referrer url),
  • The date and time of the call,
  • The description of the type of the web browser used,
  • The IP address of the requesting computer,
  • The email address,
  • The date and time of registration and confirmation

and the one-pixel technologies with your email address or your IP address and, if necessary, an individual ID. Links contained in the newsletter can also contain this ID.

The newsletter tracking can be deregistered at any time and can be made either by a message to the contact option described or via a link provided in the newsletter.

The information is saved as long as you have subscribed to the newsletter.

5.2 Newsletter shipping

The newsletter and the newsletter tracking shown above will also be sent by our service providers as part of processing on our order. If you have any questions about our service providers and the basis of our cooperation with you, please contact the contact options described in this data protection declaration.

Our service providers sit and/or use servers in the following countries, for which the European Commission has determined an appropriate level of data protection by decision: United Kingdom.

Our service providers sit and/or use servers in the following countries, for which the European Commission has determined an appropriate level of data protection by decision: USA, United Kingdom.

The approval decision for the United States is the basis for the third -party transmission, insofar as the respective service provider is certified. A certification is available.

Our service providers sit and/or use servers in these countries: Australia. For these countries there is no adequacy decision of the European Commission. Our cooperation with you is based on these guarantees: standard data protection clauses of the European Commission.

6. Cookies and other technologies

 General information

In order to make the visit of our website attractive and to enable the use of certain functions, we use technologies including so -called cookies on different pages. Cookies are small text files that are automatically saved on your end device. Some of the cookies we use will be deleted again after the end of the browser session, i.e. after closing your browser, (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser the next time you visit (persistent cookies).

Protection of privacy for end devices
When using our online offer, we use the necessary technologies in order to be able to provide the expressly desired telemedia service. The storage of information in your end device or access to information that is already stored in your end device does not require consent.

If the functions are not absolutely required, the storage of information in your end device or access to information that is already stored in your device requires your consent. We would like to point out that if necessary, parts of the website may not be unreservedly usable if the consent is not given. Your consent granted remain until you adapt or reset the respective settings in your device.

Any downstream data processing by cookies and other technologies

We use such technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping cart function). These technologies provide and process the IP address, time of the visit, device and browser information as well as information on your use of our website (e.g. information on the content of the shopping cart). This serves as part of a weighing up of interests on an optimized presentation of an optimized presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

Cookie settings

The cookie settings for your browser can be found under the following links: Microsoft Edge ™ / Safari ™ / Chrome ™ / Firefox ™ / Opera ™

Insofar as you have consented to the use of the technologies in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, you can revoke your consent at any time by a message to the contact options described in the data protection declaration.

7. Social media

 Our online presence on Instagram (by Meta), LinkedIn

Insofar as you have given your consent in accordance with Art. 6 Para. 1 S. 1 Lit. a GDPR to the respective social media operator, your data is automatically collected for market research and advertising purposes when visiting our online presences on the social media mentioned above And saved from which usage profiles are created using pseudonyms. These can be used to switch advertisements inside and outside the platforms that allegedly correspond to their interests. Cookies are usually used for this. The detailed information on the processing and use of the data by the respective social media operator as well as a contact option and your rights and setting options to protect your privacy, please refer to the data protection information from the provider linked below. If you still need help in this regard, you can contact us.

Instagram (by meta) is an offer of the Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is usually on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, Menlo Park, California 94025, USA Translated and saved there. Data processing as part of the visit of an Instagram (by Meta) fan page is based on an agreement between jointly responsible in accordance with Art. 26 GDPR. Further information (information about Insights data) can be found here.

Our service providers sit and/or use servers in the following countries, for which the European Commission has determined an appropriate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, united Kingdom, Argentina.

The approval decision for the United States is the basis for the third -party transmission, insofar as the respective service provider is certified. A certification is available.

Our service providers sit and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
For these countries there is no adequacy decision of the European Commission. Our cooperation with you is based on these guarantees: standard data protection clauses of the European Commission.

LinkedIn is an offer from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is usually transferred to a server of the LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

Our service providers sit and/or use servers in the following countries, for which the European Commission has determined an appropriate level of data protection by decision: USA.

The approval decision for the United States is the basis for the third -party transmission, insofar as the respective service provider is certified. A certification is available.

8. Contact options and their rights

8.1 Your rights

As a person concerned, you have the following rights:

  • According to Art. 15 GDPR, the right to request information about your personal data processed by us in the scope described there;
  • According to Art. 16 GDPR, the right to immediately request the correction of incorrect or completion of your personal data stored by us;
  • According to Art. 17 GDPR the right to request the deletion of your personal data stored by us, unless the further processing
    • to exercise the right to freedom of expression and information;
    • to fulfill a legal obligation;
    • For reasons of public interest or
    • to assert, exercise or defend legal claims;
  • According to Art. 18 GDPR the right to restrict the processing of your personal data, if necessary
    • the correctness of the data is denied by you;
    • the processing is illegal, but they reject their deletion;
    • we no longer need the data, but you need it to assert, exercise or defend legal claims or
    • They have objected to the processing in accordance with Art. 21 GDPR;
  • According to Art. 20 GDPR, the right to obtain your personal data that you have provided to us in a structured, common and machine -readable format or to request the transmission to another responsible;
  • According to Art. 77 GDPR, the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual whereabouts or workplace or our company seat.

Right of contradictions

Insofar as we process personal data as explained to safeguard our legitimate interests that are predominant in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for the purposes of direct marketing, you can exercise this right at any time as described above. Insofar as the processing for other purposes is carried out, you only have a right to object if there are any reasons that arise from your special situation.

After exercising your right of objection, we will not continue to process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing of assertion, exercise or defense Legal claims.

This does not apply if the processing is carried out for direct marketing purposes. Then we will not process your personal data for this purpose.

8.2 contact options

If you have any questions about the collection, processing or use of your personal data, information, correction, restriction or deletion of data as well as revocation granted or contradiction against a specific data usage, please contact us directly via the contact details in our imprint.