Short and simple: Plushlife is a spare time project that exists to create beautiful, huge and cuddly plushies for enthusiasts. Your contact points with us are the contact form on the website, our newsletter and the order form during our preorder phase. We collect personal data from you solely to answer on a contact request, to send you news about our current project in our newsletter and to send you the plushies you have ordered. In addition our web-host creates the typical server logfiles. We care about your privacy and collect as little data as is absolutely needed. Therefore our website has no cookies, there is no advertising or analytics from third parties and we won't sell any of your data to others. This simply wouldn't be fluffy enough.
And here is the full version according to GDPR:
1 Responsible controller
Responsible for the collection, processing and use of your personal data according to article 4 GDPR is:
Thomas Langer, Wilhelm-Hauff-Str. 11, 78234 Engen, Germany / Email: firstname.lastname@example.org
2 Use of our website
For this website we use a hoster. They offer infrastructure- and platform-services, computing-capacity, storage space and data base services as well as security- and technical services which we use to run this website. For this we and our hosting service process subscriber-, contact-, content-, contract-, usage-, meta- and communications-data from our customers, interests and visitors based on our legitimate interest to run this website secure and efficiently (according to article 6 para. 1 sentence 1 lit. f) GDPR in combination with article 28 GDPR)
2.2 Access data
Our host automatically collects information about you in the moment you visit this website (server logfiles). Those access data contain:
- Name and URL of the accessed file
- Date and time of the access
- Transferred amount of data
- Information about a successful request (HTTP response code)
- Type of browser and browser version
- Your operation system
- Referer URL (a site linking to ours from which you are visiting)
- Websites linked from our page which you are visiting
- Your Internet-Service-Provider
- IP-Address and the requesting Provider
We are using this protocol data entirely without relating it to your person and without creating any kind of profile. Instead we are using this protocol data anonymized and summarized simply for statistical reasons to ensure the safe and secure run of our website and make optimization possible. In addition we also use it to count the traffic on our website and analyse which sites are more frequently visited. Herein lies the legitimate use of server logfiles in accordance to article 6 GDPR. We reserve the right to check protocol data after an incident or if we have strong suspicion of an illegal use of our website. We will store IP-addresses for a limited amount of time, if this is necessary for security reasons. We'll also store IP-addresses if we have strong suspicion of a ciminal offence in relation to the use of our website. This data processing is based on our legitimate interest to run this website secure and efficiently (according to article 6 para. 1 sentence 1 lit. f) GDPR.
2.3 How we use “cookies” and other tracking technologies
If you send us inquiries via E-Mail or the contact form, your message (comment) including the contact data you provided there will be stored and processed accordingly for the purpose of processing and answering the inquiry as well as for the case of follow-up questions. We do not pass on this data to third parties unless this is necessary in the context of processing and answering your contact request or you have given us your corresponding consent.
If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of products or our other services, the data and information you provide will be processed for the purpose of processing and responding to your contact request in accordance with article 6 para. 1 sentence 1 lit. b) GDPR (legal basis). Incidentally, for the protection of our legitimate interests pursuant to article 6 para. 1 sentence 1 lit. f) GDPR for the proper response to customer/contact inquiries.
The data you enter in the contact form will remain with us until the purpose for the data storage/processing no longer applies (e.g. after the processing of your inquiry has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.
3 Processing of subscriber- and customer data
For the order in our online shop we need your master data and communications- and payment information, so that we can confirm your order, communicate with you and process the actual order.
The following data are processed when registering as a customer and/or placing an order:
- Telephone number
- E-mail address
- Delivery address if different from address
- Payment information
We use these data solely to execute the contract and for any necessary communication with the customers. These include the initiation, formation, execution, provision, and any reverse transaction of the contract. The data are stored until complete execution of the contract. If there are any commercial or fiscal retention periods, the duration period may last up to 10 years. This data processing is based on article 6 para. 1 sentence 1 lit. b) GDPR (legal basis), which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures.
We use personal customer data to send a newsletter to the customer only if the customer has granted their prior consent to this usage.
For registration for the newsletter, we use the so-called double opt-in procedure. This means that after registration, the customer receives an e-mail at the address provided in which we ask for confirmation that the customer would like to receive the newsletter. If the customer does not confirm their registration within 24 hours, their information will be blocked and automatically deleted after one month. Furthermore, we store the IP address and the times of registration and confirmation. The purpose of this procedure is to verify registration and to be able to resolve any potential misuse of personal data.
The e-mail address is the only information required to send the newsletter. The provision of other, specially designated information is voluntary and will be used to personally address the customer. After confirmation we save the customer's e-mail address for purposes of sending the newsletter.
The customer may revoke their consent to receive the newsletter and unsubscribe at any time. The customer may revoke their consent by clicking on the link provided in every newsletter email or by e-mailing email@example.com.
This data processing is conducted on the basis of your voluntary consent. The legal basis is article 6 para. 1 sentence 1 lit. a) GDPR.
4 Transmission of Data
We only provide customers' personal data to other parties to the extent required to execute the contract or to ensure our justified interests. We utilize external service providers (data processors) to execute the contract.
Separate data processing contracts were formed with these service providers in order to ensure the security of the customers' personal data.
This data processing is based on article 6 para. 1 sentence 1 lit. b) GDPR for the execution of the contract.
5 Your Rights
5.1 Right of confirmation and disclosure
The law and specifically the GDPR grants you several rights in regards of the data that we collected from you. If you want to make use of those rights - simply write us an Email or send a letter to the adsress stated above.
In addition you have the right to get the following information:
- Our reason for processing this data
- The categories of personal data, we are processing
- The recipient or categories of recipients to which personal data has been, is or will be disclosed, especially if those recipients reside in non-EU-countries or are international organisations
- If possible the planned duration of how long we are going to store this data, and if impossible the basis on which we decide for the duration of storing your data
- The existence of your right to have your personal data corrected or deleted or to limit the processing or to withdraw your agreement for the processing of this data
- The existence of your right to file complaints at a supervisory authority
- If the data related to you is not collected from you personally, all available information about the origin of the data
- If an automated decision making exists including profiling (according to article 22 point 1 and 4 GDPR) and in those cases meaningful information about the logic involved and the range and consequences of such a processing for you
- If personal data is transmitted to a non-EU-country (third country) or an international organisation you have the right to be informed about suitable guarantees (according to article 46 GDPR) that come in relation to this transfer
5.2 Right of correction
It is your right to have wrong data of you corrected immediately. We will also correct incomplete data of you immediately upon request.
5.3 Right of deletion ("Right of being forgotten")
In accordance to article 17 GDPR you have the right to request from us that we will delete personal data from you immediately. We have to delete personal data from you as long as at least one of the following reasons is true:
- Your personal data is no longer necessary for the reason we have collected them
- You withdraw your agreement on which we base the processing of your personal data (in accordance to article 6 and article 9 GDPR)
- You object the processing of your personal data in accordance to article 21 GDPR
- Your personal data was processed unlawfully
- The deletion of your data is necessary under the jurisdiction of the law of the European Union (EU) or one of its member states which we are legally bound to
5.4 Right to limit the processing
You have the right to ask for a limitation of the processing of your personal data, if one of the following conditions is true:
- You dispute the correctness of your personal data - limitation is valid for the time we need to correct your data
- The processing was unlawfully but instead of deleting it you wish to limit the use of this personal data
- We no longer need your personal data but you want us to keep it to make filing a legal claim or defending a legal claim possible
- You withdraw the processing in accordance to article 21 GDPR but it is not yet clear if our legitimate reasons weigh higher then yours
5.5 Right of data transfer
You have the right to receive your personal data or data connected to you in a structured and typically machine readable format and you have the right to transfer this data to somebody else without interference as long as:
- the processing is based on an agreement in accordance to article 6 or article 9 GDPR or based on a contract in accordance to article 6 GDPR and
- the data was processed automatically. You can demand that we transfer this data directly to another responsible as long as this is technically feasible.
5.6 Right of withdrawal
For reasons based on your specific situation you have the right to withdraw the processing of your personal data which happens based on article 6 GDPR point 1 sentence 1 e) and f) GDPR; this is also true for a profiling based on these terms. We will stop processing your data unless we can proof the existance of protectable reasons for the processing which outweigh your interests, rights and freedom or the processing is based on filing or defending a legal claim.
5.7 Automated decision-making including profiling
You have the right to not be dependent on a decision that is made solely by automated processing - including profiling - of your personal data if this decision has a legal effect on you or affects you severely in a similar way. An automated decision making based on your personal data does not occur.
You have the right to withdraw your approval for the processing of your personal data at any time.
5.9 Right of filing a complaint to a supervisory authority
You have the right to file a complaint to a supervisory authority especially in the member state of your residence, your work place or the place of the violation if you think that the processing of your personal data is unlawful. A list of data protection supervisory authorities and their contact details for Germany can be found at the following link:
6 Data security and protection
We care maximally for the security of your data in accordance to the GDPR and our technical possibilities. Your personal data is transferred using the SSL (Secure Socket Layer) encryption system. We have to point out though that data transfer over the internet can have security flaws. A complete protection of your data from access of third parties is not possible. To protect your personal data we go through great technical and organisational security measures in accordance to article 32 GDPR and we are regularly updating those technical measures to keep them state of the art. We are also not guaranteeing that our business is accessible at all times. Disruptions, Interruptions and discontinuations can not fully be avoided. Our servers are subjects to regular service and backups.
7 Transfer of personal data to third parties, no transfer to non-EU-countries
We are only using your personal data within our company. If we need third parties to fulfill a contract (for example logistics services to ship the goods to you), those third parties only receive the data necessary to fulfill their service. For the case we outsource services that include the processing of personal data we will ensure that processing of your data will only happen in accordance to the GDPR and your protection is fully in place by binding these third parties to legal contracts. A transfer of your personal data to organisations or persons outside of the EU happens solely for shipping reasons. In these cases our logistic services will only forward data that is absolutely needed for delivery.