Privacy policy

Last updated: September 16, 2024

This privacy policy describes how Helene Galwas (the “Website”, “we”, “us”, or “our”) collects, uses, and discloses personal data when you visit helenegalwas.com (the “Website”), use our services, make a purchase there, or otherwise communicate with us regarding the Website (collectively the “Services”). For the purposes of this privacy policy, “you” and “your” refer to you as a user of the Services, regardless of whether you are a customer, website visitor, or another person whose information we have collected under this privacy policy.

Please read this privacy policy carefully.

Changes to this privacy policy

We may update this privacy policy from time to time, including to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised privacy policy on the website, update the "Last updated" date, and take any other legally required steps.

How we collect and use your personal data

To provide the services, we collect personal information about you from various sources and have collected in the last 12 months, as outlined below. The information we collect and use varies depending on how you interact with us.

In addition to the specific purposes listed below, we may use the information collected about you to communicate with you, provide or improve the services, comply with all applicable legal obligations, enforce all applicable terms of service, and protect or defend the services, our rights, and the rights of our users or others.

What personal data do we collect?

The type of personal data we obtain about you depends on how you interact with our website and use our services. When we use the term "personal information," we refer to information that identifies you, relates to you, describes you, or can be associated with you. The following sections describe the categories and specific types of personal data we collect.

Information we collect directly from you

The information you provide to us directly through our services may include:

  • Contact information including your name, address, phone number, and email address.
  • Order information including your name, billing address, shipping address, payment confirmation, email address, and phone number.
  • Account information including your username, password, security questions, and other information used for account security.
  • Shopping information including items you view, add to your shopping cart, save in your account (e.g., loyalty points, reviews, recommendations, or gift cards), or purchases.
    • Stored loyalty points/product reviews/recommendations/gift cards
  • Customer support information including the information you include in your communication with us, for example when you send a message through the services.

For some features of the services, it may be necessary for you to provide us with certain information about yourself directly. You may choose not to provide this information. However, this may result in your inability to use or access these features.

Information we collect about your usage

We may also automatically collect certain information about your interaction with the services (“Usage Data”). For this purpose, we may use cookies, pixels, and similar technologies (“Cookies”). Usage Data may include information about how you access and use our website and your account, including device information, browser information, information about your network connection, your IP address, and other information about your interaction with the services.

Information received from third parties

Finally, we may receive information about you from third parties, including vendors and service providers who collect information on our behalf, for example:

  • Companies that support our website and services, such as Shopify.
  • Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment, fulfill your orders, and provide you with the products or services you requested to fulfill our contract with you.
  • When you visit our website, open or click emails we send you, or interact with our services or ads, we or third parties we work with may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

All information we receive from third parties is handled in accordance with this privacy policy. See also the section below, Websites and Links of Third Parties.

How we use your personal data

  • Provision of Products and Services. We use your personal data to provide you with the services and fulfill our contract with you, including processing your payments, fulfilling your orders, sending notifications regarding your account, purchases, returns, exchanges, or other transactions, creating, maintaining, and otherwise managing your account, organizing shipping, facilitating returns and exchanges, as well as other features and functionalities related to your account. We may also enhance your shopping experience by allowing Shopify to match your account with other Shopify services you may wish to use. In this case, Shopify processes your data in accordance with its privacy policy and consumer privacy policy.
  • Marketing and Advertising. We may use your personal data for marketing and advertising purposes, such as sending marketing and advertising messages via email, SMS, or mail, and displaying advertisements for products or services to you. This may include using your personal data to better tailor the services and advertising on our website and other websites. If you are located in the EEA, the legal basis for these data processing activities is our legitimate interest in selling our products in accordance with Art. 6, para. 1 (f) GDPR.
  • Security and Fraud Prevention. We use your personal data to detect, investigate, or take appropriate action against potential fraudulent, illegal, or malicious activities. If you choose to use the services and register an account, you are responsible for the security of your account credentials. We strongly recommend that you do not share your username, password, or other access information with third parties. If you believe your account has been compromised, please contact us immediately. If you are located in the EEA, the legal basis for these data processing activities is our legitimate interest in ensuring the security of our website for you and other customers, in accordance with Art. 6, para. 1 (f) GDPR.
  • Communication with you and service improvement. We use your personal data to provide customer support and improve our services. This is in our legitimate interest to be able to respond to you, provide you with effective services, and maintain our business relationship with you, in accordance with Art. 6, para. 1 (f) GDPR.

Cookies

Like many websites, we use cookies on our website. Specific information about the cookies we use in connection with providing our shop via Shopify can be found at https://www.shopify.com/legal/cookies. We use cookies to operate and improve our website and services (including storing your actions and preferences), to conduct analytics, and to better understand user interaction with the services (in our legitimate interest to manage, improve, and optimize the services). We may also allow third parties and service providers to use cookies on our website to better tailor the services, products, and advertising on our website and other websites.

Most browsers automatically accept cookies by default. However, you can configure your browser to remove or reject cookies through the browser controls. Please note that removing or blocking cookies may impact your user experience and may cause some services, including certain features and general functionalities, to not work properly or become unavailable. Additionally, blocking cookies may not fully prevent us from sharing information with third parties, such as our advertising partners.

Our website also recognizes the Global Privacy Control (GPC) signal, which allows you to opt out of certain uses or disclosures of your information. If you communicate your preferences to us via GPC, we treat such a signal as a valid request to disable the sharing/targeted advertising for the associated browser or device. If we can associate the device sending the signal with a Shopify account, we will also apply the opt-out request to that account. For more information about Global Privacy Control, please see https://globalprivacycontrol.org/. Aside from the Global Privacy Control, we do not recognize any other "Do Not Track" signals that may be sent by your web browser or device.

How we share personal data

Under certain circumstances, we may share your personal data with third parties for the purpose of contract fulfillment, for legitimate purposes, and for other reasons subject to this privacy policy. These circumstances may include:

  • with providers or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analysis, customer support, cloud storage, order fulfillment, and shipping).
  • with business and marketing partners to provide you services and advertise to you. Our business and marketing partners use your data according to their own privacy policies.
  • If you instruct, request, or otherwise give us your consent to share certain information with third parties, for example to send you products or through your use of social media widgets or login integrations, and with your consent.
  • With our subsidiaries or otherwise within our corporate group, in our legitimate interest to run a successful business.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with all applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce all applicable terms of service, and to protect or defend the services, our rights, and the rights of our users or others.

In the last 12 months, we have disclosed: the following categories of personal data and sensitive personal data about users for the purposes outlined above under "How We Collect and Use Your Personal Data" and "How We Disclose Personal Data":

Category Categories of recipients
  • Identifiers such as basic contact details and certain order and account information
  • Personal information categories listed in the California Customer Records Act, e.g., basic contact details and certain order and account information
  • Commercial information such as order information, purchase information, and customer support information
  • Internet or other similar network activities, such as usage data
  • Geolocation data, e.g., locations determined via an IP address or other technical means
  • Providers and third parties who perform services on our behalf (such as internet service providers, payment processors, fulfillment partners, customer support partners, and data analytics providers)
  • Business and marketing partners
  • Affiliates

Without your consent or for the purpose of inferring your personal data, we do not use or disclose it.

In the past 12 months, we have "sold" and "shared" personal data for the purpose of conducting advertising and marketing as defined by applicable law.

Category of personal data Categories of recipients
Identifiers such as name, email address, and phone number Business and marketing partners
Commercial information such as records of purchased products or services Business and marketing partners
Usage Data Business and marketing partners

User-generated content

The services may allow you to post product reviews and other user-generated content. If you choose to submit user-generated content in a public area of the services, this content is public and accessible to everyone.

We have no control over who has access to the information you provide to others and cannot guarantee that parties who have access to this information will respect your privacy or keep it secure. We are not responsible for the privacy or security of information you make publicly available, or for the accuracy, use, or misuse of information you disclose or receive from third parties.

Third-Party Websites and Links

Our website may contain links to websites or other online platforms operated by third parties. If you follow links to websites that are not affiliated with us or controlled by us, you should review their privacy and security policies as well as other terms and conditions. We make no guarantees and assume no responsibility for the privacy or security of such websites, including the accuracy, completeness, or reliability of the information found on those websites. Information you provide in public or semi-public places, including information you share on third-party social networking platforms, may also be viewed by other users of the services and/or users of those third-party platforms, without any restrictions on its use by us or third parties. The inclusion of such links by us does not automatically imply endorsement of the content of such platforms or their owners or operators, except as disclosed in the services.

Children's Data

The services are not intended for use by children, and we do not knowingly collect personal data from children. If you are a parent or guardian of a child who has provided us with their personal data, you can contact us using the contact details below and request the deletion of that data.

At the time this Privacy Policy takes effect, we have no actual knowledge that we "disclose" or "sell" personal data of persons under 16 years old (as these terms are defined under applicable law).

Security and Retention of Your Data

Please note that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." Furthermore, the information you send to us may not be secure during transmission. We recommend that you do not use insecure channels to share sensitive or confidential information with us.

How long we retain your personal data depends on various factors, such as whether we need the data to manage your account, provide the services, comply with legal obligations, resolve disputes, or enforce other applicable contracts and policies.

Your Rights

Depending on where you live, you may have some or all of the rights listed below regarding your personal data. However, these rights are not absolute and only apply under certain circumstances. In some cases, we may refuse your request within the legally permissible framework.

  • Right to Access/Information: You may have the right to request access to the personal data we hold about you, including details on how we use and share your data.
  • Right to Deletion: You may have the right to request the deletion of the personal data we hold about you.
  • Right to Rectification: You may have the right to request the correction of inaccurate personal data that we hold about you.
  • Right to Portability: You may have the right to obtain a copy of the personal data we hold about you and, under certain circumstances and with certain exceptions, to request the transfer of this data to third parties.
  • Restriction of processing: You may have the right to request that we stop or restrict the processing of your personal data.
  • Withdrawal of consent: If we rely on your consent to process your personal data, you may have the right to withdraw that consent.
  • Right to appeal: If we deny your request, you may have the right to appeal our decision. You can do this by directly responding to our denial.
  • Manage communication settings: We may send you promotional emails, and you can opt out of receiving these emails at any time by using the unsubscribe option provided in our emails to you. If you unsubscribe, we may still send you emails that are not for promotional purposes, such as regarding your account or your orders.

You can exercise these rights as indicated on our website or by contacting us using the contact details below.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you, such as your email address or account information, to verify your identity before we can provide a substantive response to the request. Under applicable laws, you may appoint an authorized representative to make requests to exercise your rights on your behalf. Before we accept such a request from a representative, we must obtain proof from them that you have authorized them to act on your behalf. Additionally, we may need to verify your identity directly with us. We will respond to your request in a timely manner as required by applicable law.

Complaints

If you have complaints about the way we process your personal data, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, you may have the right, depending on your location, to appeal our decision by contacting us using the contact details listed below or by submitting your complaint to your local data protection authority. For the European Economic Area (EEA) you can find a list of the relevant data protection supervisory authorities here.

International Users

Please note that we may transfer, store, and process your personal data outside the country in which you live. Your personal data will also be processed by employees and external service providers and partners in these countries.

If we transfer your personal data to countries outside Europe, we rely on recognized transfer mechanisms such as the European Commission's standard contractual clauses or equivalent agreements of the respective UK authority, unless the data transfer is to a country that has been found to provide an adequate level of protection.

Contact

If you have questions about our data protection practices or this privacy policy, or if you wish to exercise any of your rights, please call us or send us an email at shop@helenegalwas.de or contact us at Hans-Böckler-Allee 26 (4th floor), 30173, Hannover, DE.


In accordance with applicable data protection laws and unless expressly stated otherwise, we are responsible for your personal data.