Short and simple: Plushlife is a spare time project that exists to create beautiful, huge and cuddly plushies for enthusiasts. Your contact points with us are the contact form on the website, our newsletter and the order form during our preorder phase. We collect personal data from you solely to answer on a contact request, to send you news about our current project in our newsletter and to send you the plushies you have ordered. In addition our web-host creates the typical server logfiles. We care about your privacy and collect as little data as is absolutely needed. Therefore our website has no cookies, there is no advertising or analytics from third parties and we won't sell any of your data to others. This simply wouldn't be fluffy enough.
And here is the full version according to GDPR:
1 Responsible controller
Responsible for the collection, processing and use of your personal data according to article 4 GDPR is:
Thomas Langer, Konrad-Adenauer-Str. 5, 63322 Rödermark / Email: firstname.lastname@example.org
If you want to withdraw in full or in certain details the collection, processing and use of your personal data, you can send your withdrawal to the responsible person stated above. You can also save this privacy statement and print it at any time.
2 Use of our website
For this website we use a hoster. They offer infrastructure- and platform-services, computing-capacity, storage space and data base services as well as security- and technical services which we use to run this website. For this we and our hosting service process subscriber-, contact-, content-, contract-, usage-, meta- and communications-data from our customers, interests and visitors based on our legitimate interest to run this website secure and efficiently (according to article 6 in combination with article 28 GDPR)
2.2 Access data
Our host automatically collects information about you in the moment you visit this website (server logfiles). Those access data contain:
- Name and URL of the accessed file
- Date and time of the access
- Transferred amount of data
- Information about a successful request (HTTP response code)
- Type of browser and browser version
- Your operation system
- Referer URL (a site linking to ours from which you are visiting)
- Websites linked from our page which you are visiting
- Your Internet-Service-Provider
- IP-Adress and the requesting Provider
We are using this protocol data entirely without relating it to your person and without creating any kind of profile. Instead we are using this protocol data anonymized and summarized simply for statistical reasons to ensure the safe and secure run of our website and make optimization possible. In addition we also use it to count the traffic on our website and analyse which sites are more frequently visited. Herein lies the legitimate use of server logfiles in accordance to article 6 GDPR. We reserve the right to check protocol data after an incident or if we have strong suspicion of an illegal use of our website. We will store IP-adresses for a limited amount of time, if this is necessary for security reasons. We'll also store IP-adresses if we have strong suspicion of a ciminal offence in relation to the use of our website.
To keep our website simple and avoid annoying you with popups and graphic teasers this website has no cookies.
If you contact us via contact form or Email, we'll save your entered data to answer you and in case you have additional questions. Additional personal data will only be stored if you explicity agree to it or if it is legally allowed per se. Herein lies our legitimate interest according to article 6 GDPR.
2.5 Maximum Storage Time
As long as not otherwise specified we store your personal data only as long as this is needed to fullfill our legitimate interests.
3 Processing of subscriber- and customer data
For the order in our online shop we need your master data and communications- and payment information, so that we can confirm your order, communicate with you and process the actual order.
To send you our newsletter we use the double-opt-in process. Once you explicitly agree that you want to receive our newsletter we
will send you a confirmation-Email with an activation link. Only if this link is clicked your Email-adress appears in our subscription-list.
If this link is not clicked for 24h the system automatically deletes the data entered in the subscription form.
You can withdraw your subscription to the newsletter at any time. The simplest way is to click the unsubscribe-link at the end of each newsletter-Email. You can also send your withdrawal via Email and even use a written letter (if you really want do to that).
3.4 Legal basis and maximum storage time
Legal basis for the processing described in the points above is article 6 GDPR. As long as not otherwise specified we store your personal data only as long as this is needed to fulfill our legitimate interests.
4 Your Rightse
The law and specifically the GDPR grants you several rights in regards of the data that we collected from you. If you want to make use of those rights - simply write us an Email or send a letter to the adress stated above.
4.1 Right of confirmation and disclosure
You can at any time get a confirmation about if we process personal data from you. If this is the case you can get a free disclosure from us about which data we have stored from you - including a free copy of the data itself.
In addition you have the right to get the following information:
- Our reason for processing this data
- The categories of personal data, we are processing
- The receipient or categories of receipients to which personal data has been, is or will be disclosed, especially if those receipients reside in non-EU-countries or are international organisations
- If possible the planned duration of how long we are going to store this data, and if impossible the basis on which we decide for the duration of storing your data
- The existance of your right to have your personal data corrected or deleted or to limit the processing or to withdraw your agreement for the processing of this data
- The existance of your right to file complaints at a supervising authority
- If the data related to you is not collected from you personally, all available information about the origin of the data
- If an automated decision making exists including profiling (according to article 22 point 1 and 4 GDPR) and in those cases meaningful information about the logic involved and the range and consequences of such a processing for you
- If personal data is transmitted to a non-EU-country (third country) or an international organisation you have the right to be informed about suitable guarantees (according to article 46 GDPR) that come in relation to this transfer
4.2 Right of correction
It is your right to have wrong data of you corrected immediately. We will also correct incomplete data of you immediately upon request.
4.3 Right of deletion ("Right of being forgotten")
In accordance to article 17 GDPR you have the right to request from us that we will delete personal data from you immediately. We have to delete personal data from you as long as at least one of the following reasons is true:
- Your personal data is no longer necessary for the reason we have collected them
- You withdraw your agreement on which we base the processing of your personal data (in accordance to article 6 and article 9 GDPR)
- You object the processing of your personal data in accordance to article 21 GDPR
- Your personal data was processed unlawfully
- The deletion of your data is necessary under the jurisdiction of the law of the European Union (EU) or one of its member states which we are legally bound to
4.4 Right to limit the processing
You have the right to ask for a limitation of the processing of your personal data, if one of the following conditions is true:
- You dispute the correctness of your personal data - limitation is valid for the time we need to correct your data
- The processing was unlawfully but instead of deleting it you wish to limit the use of this personal data
- We no longer need your personal data but you want us to keep it to make filing a legal claim or defending a legal claim possible
- You withdraw the processing in accordance to article 21 GDPR but it is not yet clear if our legitimate reasons weigh higher then yours
4.5 Right of data tansfer
You have the right to receive your personal data or data connected to you in a structured and typically machine readable format and you have the right to transfer this data to somebody else without interference as long as:
- the processing is based on an agreement in accordance to article 6 or article 9 GDPR or based on a contract in accordance to article 6 GDPR and
- the data was processed automatically. You can demand that we transfer this data directly to another responsible as long as this is technically feasible.
4.6 Right of withdrawal
For reasons based on your specific situation you have the right to withdraw the processing of your personal data which happens based on article 6 GDPR point 1 sentence 1 e) and f) GDPR; this is also true for a profiling based on these terms. We will stop processing your data unless we can proof the existance of protectable reasons for the processing which outweigh your interests, rights and freedom or the processing is based on filing or defending a legal claim.
4.7 Automated decisionmaking including profiling
You have the right to not be dependend on a decision that is made solely by automated processing - including profiling - of your personal data if this decision has a legal effect on you or affects you severely in a similar way. An automated decision making based on your personal data does not occur.
4.8 Right to withdraw your approval based on this privacy statement
You have the right to withdraw your approval for the processing of your personal data at any time.
4.9 Right of filing a complaint at a legal entity
You have the right to file a complaint at a legal entity especially in the member state of your residence, your work place or the place of the violation if you think that the processing of your personal data is unlawful.
5 Data security and protection
We care maximally for the security of your data in accordance to the GDPR and our technical possibilities. Your personal data is transferred using the SSL (Secure Socket Layer) encryption system. We have to point out though that data transfer over the internet can have security flaws. A complete protection of your data from access of third parties is not possible. To protect your personal data we go through great technical and organisational security measures in accordance to article 32 GDPR and we are regularly updating those technical measures to keep them state of the art. We are also not guaranteeing that our business is accessible at all times. Disruptions, Interruptions and discontinuations can not fully be avoided. Our servers are subjects to regular service and backups.
6 Transfer of personal data to third parties, no transfer to non-EU-countries
We are only using your personal data within our company. If we need third parties to fulfill a contract (for example logistics services to ship the goods to you), those third parties only receive the data necessary to fulfill their service. For the case we outsource services that include the processing of personal data we will ensure that processing of your data will only happen in accordance to the GDPR and your protection is fully in place by binding these third parties to legal contracts. A transfer of your personal data to organisations or persons outside of the EU happens solely for shipping reasons. In these cases our logistic services will only forward data that is absolutely needed for delivery.