DATA PROTECTION policy
Josiane Biwer thanks you for your interest in our work and this website. We take the protection of your personal data very seriously and encourage you to read our explanations about our data protection policy(used abbreviation: GPDR). We treat it with confidentiality and in accordance with legal regulations.
New technologies and the constant development of this website may result in changes to this data protection declaration, we recommend that you read the data protection declaration at a regular base.
You can save and print out this data protection policy.
Please be aware that the German version of this data protection policy is the only legally valid version and reference.
1. General information
The following data protection policy applies to the website www.josianebiwer.com.
Controller for data processing, collection and use within the meaning of the European General Data Protection Regulation (GDPR) (legal text 2016/679) is
Josiane Biwer
44, Haaptstrooss
L-6869 Wecker
Luxembourg
Telephone: +352 621 165 823
Email: info@josianebiwer.com
Hereinafter referred to as Josiane Biwer or we/us.
Valid from May 07, 2024
2. General purposes of the processing
Josiane Biwer processes data for the purpose of operating the website www.josianebiwer.com and to be able to provide the services offered by our online shop. The collected data is also used for analysis purposes in order to optimise our services.
3 Data that we use
3.1 During your visit to our website
During your visit to our website, we, i.e. our hosting provider, only collect and store data that your browser sends to our server.
These are
the page visited on our domain
Date and time of the server request
Operating system used
Referrer URL
Host name of the accessing computer
IP address
Access status/HTTP status code
This data is collected without assigning it to you personally or to other profiling that could be used for statistical purposes. The sole purpose of this data processing is the security and optimisation of our website.
According to the legal text 2016/679 of the GDPR, this is our legitimate interest.
3.2 Hosting of our website
Our website uses the services of external service providers to generate the presentation of our website and products. The collected data listed under point 4.1. helps us to ensure the operation, security and optimisation of our website. The data collected also gives us an idea of the visitors traffic as well as the extent and type of use of our website. With the help of this information, we can analyse the data traffic and, if necessary, correct errors and improve the services we provide.
The basis for the data processing listed here is the GDPR and the corresponding legal text 2016/679.
The data is stored in computer files, called log files of our system. This data is in no way combined with other data sources. The anonymous data of the server log files are not stored in any connection with personal data provided by individuals.
We reserve the right to check the log files retrospectively, should there be a concrete suspicion of unlawful use of our website.
Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: USA.
The adequacy decision for the USA applies as the basis for third country transfers, insofar as the respective service provider is certified. Service providers
used from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). If the service providers used are not certified under the DPF, standard contractual clauses have been
concluded as a suitable guarantee.
3.3 During the order process
To process your order, Josiane Biwer requires personal data. First this data serves as a legally binding basis for order processing and secondly it makes us able to deliver your goods. Sometimes it has to be forwarded to third party service providers who support us in fulfilling the order. As soon as the storage of your data is no longer necessary or required by law, it will be immediately deleted.
The data collected during the ordering process are
Surname, first name
address
Transaction data
Invoice data
e-mail address
Products ordered
We will ask for your consent in advance, if law requires it.
The basis for the data processing listed here is the GDPR and the corresponding legal text 2016/679.
3.4 Use of the payment system Paypal
We use Paypal as online payment service provider. Any transfer data for the payment process is not stored by us, but Paypal, handles the payment process.
We do our utmost to ensure the security of our website as well as all servers and systems connected to it in order to prevent any access, destruction, loss, alteration or dissemination of your data by unauthorised persons.
3.5 Email contact/contact form
When you contact Josiane Biwer (e.g. via our contact form on this website or by email or telephone), we process and store your details in order to work on your enquiry and in case you have any more questions for us. This information will not be passed on to third parties as it is purely for the purpose of communication between Josiane Biwer and you.
Your data may be used for pre-contractual purposes at your request or, if you are already a customer, to execute the contract.
You can also contact Josiane Biwer via social media platforms such as Instagram or Facebook. Please note that Josiane Biwer is not the owner of these platforms and has no saying in how your data will be used. Your data will be treated in accordance with the privacy policies of the respective owners of these platforms. Josiane Biwer can
3.6 Consignment tracking
We use the service of a shipping company to send your order to you. The possibility of ‘Track and Trace’ is included in our delivery offer. For this service we forward your address to Post
Luxembourg (Contact: 20, rue de Reims; L-2417 Luxembourg), who are obliged by law to comply with data protection laws.
The basis for the data processing listed here is the GDPR and the corresponding legal text 2016/679.
If you have any objections to the forwarding of your e-mail address, please send an e-mail to info@josianebiwer.com.
4. website analysis (Jimdo statistics)
While visiting our website, we collect information about your usage through a web analytics tool provided by our hosting service. This web analytics tool collects and combines your IP address and your user agent, shortens them and stores the data with a hash function. This process creates a visitor identifier that is encrypted with a randomly generated value (SALT) that changes every 24 hours. By using this method, it is ensured that your IP address cannot be reconstructed from the stored visitor identifier, thus preserving your right of anonymity. In addition to these precautinos, we do not merge this information with other data and it will be only stored on the hosting provider's server.
We also process web analytics data, as well as HTTP data and web analytics profile data. The web analytics tool we use creates and stores a web analytics profile that contains details about your use of the website, meaning page views, frequency of visits, time spent on each page and the user agent of your device. This includes usage data, meaning (web pages visited and access times) as well as communication data (such as browser type, operating system and IP addresses).
By processing this type of data, we are able to analyse user behaviour in summarised form helping us to improve the presentation and content of our website. The legal basis for this processing is our legitimate interest (Art. 6 para. 1 lit. (f) GDPR), in particular in carrying out web measurements in order to improve our products and our website.
The data collected is shared with our website hosting provider and processed within the EU.
5. Cookies
5.1 Session cookies: We use session cookies. This is a small text file that is sent by the respective servers when you visit a website and is temporarily stored on your hard drive. The file contains a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognised when you return to our website. These cookies are automatically deleted as soon as you close your browser or the session has expired. These session cookies are used, for example, to be able to use the shopping basket function across several pages.
5.2 Persistent cookies
We also use persistent cookies to a small extent. These are also small text files that are stored on your end device and which remain on your end device and
make it possible to recognise your browser on your next visit. These cookies are stored on your hard drive and delete themselves after the specified time. Their lifespan is between 1 month and 10
years. With the help of these persistent cookies, our website is presented in a more user-friendly, effective and secure manner and we can display customised information to you.
The use of the cookies listed here is in accordance with the GDPR and the corresponding legal text 2016/679, meaning that we use this information in order to ameliorate our website for you.
The following data and information are stored in the cookies:
Log-in information
language settings
Search terms entered
Information about the number of visits to our website and the use of individual functions of our website.
When the cookie is activated, it is assigned an identification number and your personal data is not assigned to this identification number. Your name, IP address or similar data that would allow the cookie to be assigned to you are not stored in the cookie. We only receive pseudonymised information, such as which pages were visited on our website or which products were viewed, etc.
You have the option of making the setting in your browser to be informed about cookies in advance or to block them completely. Please note that this setting can lead to problems or restrictions in the complete display of websites.
5.3. Social Media Cookies
You have the possibility to share our work via social media. Furthermore you can open our social media representations via the corresponding icons. For these services, we use plug-ins (facebook,
Instagram). Data is transferred to third parties for this purpose. This only happens when you click on the respective social media icon. Josiane Biwer has neither influence nor access to the
associated cookies placed by Instagram, facebook, etc.
6. Receiver of private data
Josiane Biwer, as responable of this website and the business Josiane Biwer, has access to your personal data. If necessary, data is passed on to third party service providers who support us in
our work.
7. Period of storage
Your personal data will be stored by us for the duration of the warranty period for our goods and within the scope of the statutory retention periods.
The data will be deleted after the warranty periods and statutory retention periods have expired.
The legal basis for the processing of this data is the GDPR and the corresponding legal text 2016/679. This data is required so that we can fulfil all our contractual obligations towards you.
8. Your rights as a data subject affected by data processing
You have various rights regarding your personal data at any time In accordance with the applicable laws. If you wish to assert these rights, please send us your request by e-mail or by post, clearly identifying yourself, using the address given in section 1.
8.1 Withdrawal of consent to data processing
Josiane Biwer uses only the personal data provided by you with your express consent. However, if you wish to withdraw this consent, you can do so at any time and in a simple form. Send us an e-mail to info@josianebiwer.com stating that you wish to withdraw your consent to data processing. The lawful processing of your personal data remains unaffected until you withdraw your consent.
8..2.1 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with
You have the right to obtain confirmation at any time as to whether or not personal data concerning you is being processed. If this is the case, you have the right to request information free of charge about the personal data stored about you together with a copy of this data. Furthermore, you have the right to the following information:
1. the purposes of processing;
2. the categories of personal data being processed
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
5. the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing
6. the existence of a right to lodge a complaint with a supervisory authority
7. if the personal data is not collected from you, all available information about the origin of the data
8. the existence of automated decision-making including profiling in accordance with the GDPR and the legal text 1026/679 - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for you.
If personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards in accordance with the GDPR and the corresponding legal text 2016/679 in connection with the transfer.
8.3 Right to rectification
If personal data concerning you is incorrect or incomplete, you have the right to contact us immediately and request the correction of your data.
8.4 Right to erasure/right to be ‘forgotten’
Under various circumstances, we are obliged to erase personal data concerning you:
Specifically:
In accordance with the GDPR and the corresponding legal text 2016/679, you have the right to have personal data concerning you deleted by us without delay. In this case, we are obliged to comply with your request immediately if one of the following reasons applies
1. the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed
2. you withdraw your consent on which the processing was based according to the GDPR, and where there is no other legal ground for the processing
3. you object to the processing pursuant to the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to the GDPR
4. the personal data has been processed unlawfully.
5. the deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject
6. the personal data were collected in relation to information society services offered in accordance with the GDPR and the corresponding legal text 2016/679
If we have made the personal data public and we are obliged to erase it in accordance with the GDPR and the legal text 2016/679, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you have requested them to erase all links to this personal data or copies or replications of this personal data.
8.5 Right to restriction of processing
You are entitled in a number of cases to demand that we restrict the processing of your personal data.
in detail:
You have the right to obtain from us restriction of processing where one of the following applies:
1. the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data, 2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims; or
4. you have objected to processing pursuant to the GDPR pending the verification whether the legitimate grounds of our company override yours.
8.6 Right to data portability
You have the right to receive, transmit or have us transmit personal data concerning you in machine-readable form. In detail: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, or to have them transmitted by us.
In detail:
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where
1. the processing is based on consent in accordance with the legal text of GDPR 2016/679 and
2. the processing is carried out by automated means.
When exercising your right to data portability in accordance with paragraph 1, you have the right to obtain that the personal data be transferred directly by us to another controller, insofar as this is technically feasible.
8.7 Right to object
You have the right to object to the processing of your personal data by us, even if the processing is lawful. This is the case if this is based on your particular situation and our interests in the processing do not outweigh your interests.
In detail:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which has been collected in accordance with the GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes in accordance with the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
8.8 Automated decisions including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Automated decision-making based on the personal data collected does not take place.
8.9. Right to withdraw consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time.
9. Disclosure of data to third parties, data transfer to non-EU countries
In principle, we only use your personal data within our company. If and insofar as we involve third parties in the fulfilment of contracts (such as logistics service providers), they will only
receive personal data to the extent that the transfer is necessary for the corresponding service. In the event that we outsource certain parts of data processing (‘order processing’), we
contractually oblige order processors to use personal data only in accordance with the requirements of data protection laws and to guarantee the protection of the rights of the data
subject.
Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: USA.
The adequacy decision for the USA applies as the basis for third country transfers, insofar as the respective service provider is certified. Service providers
used from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). If the service providers used are not certified under the DPF, standard contractual clauses have been
concluded as a suitable guarantee.
10. data security
In order to guarantee you a secure visit to our website, we use SSL/TLS encryption. This encryption is directly recognisable by the ‘https://’ address line and a small lock in the browser line. This encryption makes your transmitted data unreadable to third parties.
However, we must point out that data transmission on the Internet, such as communication by e-mail, can have security gaps. It is not possible to completely protect data from access by third parties. In order to ensure the security of your data, we maintain technical and organisational security measures in accordance with the GDPR, which we constantly adapt to the state of the art. We also do not guarantee that our service will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are regularly and carefully backed up.
11. data protection officer
If you have any questions or concerns about data protection, please contact our data protection officer:
Josiane Biwer
44, Haaptstrooss
L-6869 Wecker
Luxemburg
Telefon: +352 621 165 823
Email: info@josianebiwer.com