MOVING SALE UP TO 70% OFF
BUY 2 GET EXTRA 10% OFF | BUY 3 GET EXTRA 20% OFF

Privacy Policy

1) INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER

1.1

We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data means all data that can be used to identify you personally.

1.2

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Charlotte & Rose Toronto. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3

For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL/TLS encryption. You can recognise an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.

2) DATA COLLECTION WHEN YOU VISIT OUR WEBSITE

When you use our website for informational purposes only (i.e. you do not register or otherwise provide information), we only collect the data your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

The website you visited
Date and time of access
Amount of data sent in bytes
Source/referrer from which you arrived at the page
Browser used
Operating system used
IP address (if applicable, in anonymised form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

3) COOKIES

To make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages. Cookies are small text files that are stored on your device.

Some cookies used by us are deleted after the end of the browser session (i.e. after you close your browser) (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognise your browser the next time you visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

Some cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit). If personal data is processed via individual cookies implemented by us, processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of the contract, or in accordance with Art. 6(1)(f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.

We may work with advertising partners who help us make our online offering more interesting for you. In this case, cookies from partner companies (third-party cookies) may also be stored on your device during your visit. If we work with such advertising partners, you will be informed separately and specifically about the use of such cookies and the scope of information collected within the following sections.

Please note that you can set your browser to inform you about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in how it manages cookie settings. This is described in the help menu of each browser.

Browser help links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manag
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/kb/ph21411?locale=de
Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if cookies are not accepted, the functionality of our website may be limited.

4) CONTACTING US

When you contact us (e.g. via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your enquiry and for the technical administration associated with this.

The legal basis for processing is our legitimate interest in responding to your enquiry in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, then the additional legal basis is Art. 6(1)(b) GDPR.

Your data will be deleted after final processing of your enquiry, provided that the circumstances indicate that the matter has been conclusively clarified and there are no statutory retention obligations to the contrary.

5) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING

In accordance with Art. 6(1)(b) GDPR, personal data is also collected and processed if you provide it to us for the purpose of performing a contract or when opening a customer account. Which data is collected can be seen from the respective input forms.

You can delete your customer account at any time by sending a message to the controller at the address stated above. We store and use the data you provide for contract processing. After complete fulfilment of the contract or deletion of your customer account, your data will be blocked in accordance with tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or further data use is legally permitted and reserved by us, about which we will inform you below.

6) USE OF YOUR DATA FOR DIRECT MARKETING

6.1 Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required to send the newsletter is your email address. Providing additional data is voluntary and may be used to address you personally.

We use the so-called double opt-in procedure. This means we will only send you the newsletter after you have expressly confirmed that you agree to receive it. We will then send you a confirmation email asking you to confirm by clicking a link that you wish to receive the newsletter in the future.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. When registering for the newsletter, we store the IP address entered by your internet service provider (ISP) as well as the date and time of registration to be able to trace possible misuse of your email address later.

The data collected for newsletter registration is used exclusively for advertising purposes via the newsletter. You can unsubscribe at any time via the link provided in the newsletter or by contacting the controller named at the beginning. After unsubscribing, your email address will be deleted immediately from our mailing list unless you have expressly consented to further use or we reserve further lawful use, about which we inform you in this policy.

6.2 Newsletter for existing customers

If you provided your email address when purchasing goods or services, we reserve the right to send you regular offers by email for similar goods or services from our range to those you have already purchased. We do not need separate consent for this.

Processing is based solely on our legitimate interest in personalised direct advertising pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send such emails.

You may object to the use of your email address for this advertising purpose at any time with effect for the future by notifying the controller named at the beginning. You will only incur transmission costs according to the basic tariffs. After receiving your objection, we will immediately stop using your email address for advertising purposes.

7) DATA PROCESSING FOR ORDER PROCESSING

7.1

The personal data collected by us will be passed on to the transport company commissioned with delivery as far as necessary to deliver the goods. We will pass on your payment data to the commissioned credit institution as far as necessary for payment processing. If payment service providers are used, we will explicitly inform you below. The legal basis for the transfer of data is Art. 6(1)(b) GDPR.

7.2 Use of payment service providers

- PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or (if offered) “purchase on account” or “instalments” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) as part of payment processing. The transfer is carried out in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for payment processing.

PayPal reserves the right to carry out a credit check for certain payment methods (credit card, direct debit, purchase on account, instalments). For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6(1)(f) GDPR based on PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result to decide whether to provide the payment method. The credit report may include probability values (score values). Score values are based on scientifically recognised mathematical-statistical procedures. Address data may be included in the calculation. Further information can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing at any time by notifying PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractually compliant payment processing.

- SOFORT
If you select “SOFORT”, payment processing is carried out via SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (“SOFORT”), to whom we transfer the information you provided during the ordering process as well as information about your order pursuant to Art. 6(1)(b) GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is transferred exclusively for payment processing and only to the extent necessary. Further information:
https://www.klarna.com/sofort/datenschutz

8) CONTACTING YOU FOR A REVIEW REMINDER

Own review reminder (no sending via a customer review system)
We use your email address to send you a one-time reminder to submit a review of your order for the review system we use, provided that you gave us your express consent during or after your order pursuant to Art. 6(1)(a) GDPR.

You may revoke your consent at any time by notifying the controller responsible for data processing.

9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS

9.1 Facebook plugins using the Shariff solution

Social plugins (“plugins”) of the Facebook social network are used on our website, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”).

To increase protection of your data when you visit our website, these buttons are not embedded as full plugins, but only as HTML links. This ensures that when you open a page on our website containing such buttons, no connection is established to Facebook servers yet. Only when you click the button will a new browser window open and call up Facebook’s page, where you can interact with the plugins (if necessary after entering your login data).

Facebook Inc. in the USA is certified under the EU-US “Privacy Shield” agreement (note: this is an older reference), which is intended to ensure compliance with EU data protection standards.

Purpose and scope of data collection and further processing by Facebook, as well as your rights and options to protect your privacy, can be found here:
https://www.facebook.com/policy.php

9.2 Google+ plugins using the Shariff solution

Social plugins of Google+ are used, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

For data protection reasons, the buttons are only integrated as HTML links. Clicking opens a new browser window to Google+ where you can interact with the plugins (if necessary after login).

Further information:
https://www.google.com/intl/de/policies/privacy/

9.3 Instagram plugin using the Shariff solution

Social plugins of Instagram are used, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”).

For data protection, buttons are integrated only as HTML links. Clicking opens a new browser window to Instagram.

Further information:
https://help.instagram.com/155833707900388/

10) ONLINE MARKETING

10.1 DoubleClick by Google

This website uses the online marketing tool DoubleClick by Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“DoubleClick”).

DoubleClick uses cookies to serve relevant ads, improve campaign performance reports, and prevent a user from seeing the same ads multiple times. Google uses a cookie ID to track which ads are served in which browser and prevents them from being shown multiple times. Processing is based on our legitimate interest in optimal marketing of our website pursuant to Art. 6(1)(f) GDPR.

DoubleClick may also record conversions using cookie IDs, e.g. when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and makes a purchase. According to Google, DoubleClick cookies do not contain personal information.

Your browser automatically establishes a direct connection to Google servers due to the marketing tools used. We have no influence over the scope and further use of data collected by Google.

You can disable conversion tracking cookies by blocking cookies from www.googleadservices.com via browser settings, or via https://www.google.de/settings/ads (note: this setting will be deleted if you delete cookies). You can also manage cookie settings via the Digital Advertising Alliance at www.aboutads.info.

Further information:
https://www.google.de/policies/privacy/

10.2 Google AdWords Conversion Tracking

This website uses Google AdWords and conversion tracking by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

We use Google AdWords to draw attention to our offers via ads on external websites. We can determine how successful advertising measures are in relation to campaign data. We do this to show you relevant advertising, make our website more interesting, and ensure fair calculation of advertising costs.

The conversion tracking cookie is set when a user clicks an AdWords ad. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not expired, Google and we can recognise that the user clicked the ad and was redirected to that page.

Each AdWords customer receives a different cookie. Cookies cannot be tracked across AdWords customers’ websites. The information collected is used to create conversion statistics for those customers who opted in. Customers learn the total number of users who clicked their ad and were redirected to a page with a conversion tracking tag, but receive no information that personally identifies users.

You can disable conversion tracking by disabling the Google conversion tracking cookie in your browser settings. You will then not be included in conversion tracking statistics.

Further information:
https://www.google.de/policies/privacy/

11) WEB ANALYTICS SERVICES

Google (Universal) Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies that enable analysis of website usage. Information generated by the cookie about your use of the website (including shortened IP address) is usually transmitted to and stored on a Google server in the USA.

This website uses Google Analytics exclusively with the “_anonymizeIp()” extension, which anonymises IP addresses by shortening them, excluding direct personal identification. Within the EU/EEA, your IP address is shortened before transmission. Only in exceptional cases is the full IP address transmitted to the USA and shortened there.

Google evaluates usage on our behalf to compile reports and provide further services related to website and internet usage. Your IP address transmitted by your browser is not merged with other Google data.

You can prevent the storage of cookies via your browser settings. You can also prevent data collection and processing by Google by installing the browser plugin:
https://tools.google.com/dlpage/gaoptout?hl=de

Alternatively, click a link (if provided on the site) to set an opt-out cookie that prevents future Google Analytics tracking for this domain in this browser. If you delete cookies, you must click the opt-out link again.

Further information:
https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376

This website may also use a cross-device analysis via a user ID. On the first page visit, a unique, persistent, anonymous ID is assigned. This allows interaction data to be linked across devices and sessions. The user ID contains no personal data.

You can object to data collection/storage via the user ID at any time by disabling Google Analytics on all systems you use.

12) RETARGETING / REMARKETING / REFERRAL ADVERTISING

Facebook Custom Audience via pixel method

This website uses the “Facebook Pixel” from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). If explicit consent is given, user behaviour can be tracked after users have seen or clicked on a Facebook ad. This is used to measure ad effectiveness for statistical and market research purposes and to optimise future advertising.

The data is anonymous to us, so we cannot identify users. However, Facebook stores and processes the data so that a connection to the user profile is possible, and Facebook may use the data for its own advertising purposes according to Facebook’s data policy:
https://www.facebook.com/about/privacy/

You can disable cookies via your browser settings and can also opt out of cookies from third parties like Facebook on the Digital Advertising Alliance site:
https://www.aboutads.info/choices/

Users under 13 are not permitted to give consent for the Facebook Pixel.

Google AdWords Remarketing

Our website uses Google AdWords remarketing functions. We advertise this website in Google search results and on third-party websites. Google sets a cookie in your browser that enables interest-based advertising based on pages you visited, using a pseudonymous cookie ID. Processing is based on our legitimate interest in optimal marketing pursuant to Art. 6(1)(f) GDPR.

Further processing only occurs if you have consented to Google linking your browsing history to your Google account and using information from your account to personalise ads. If you are logged in to Google during your visit, Google may combine your data with Google Analytics data to create cross-device remarketing audiences.

You can permanently disable cookies for ad preferences by installing the plugin:
https://www.google.com/settings/ads/onweb/

Further information:
https://www.google.com/policies/technologies/ads/

13) RIGHTS OF THE DATA SUBJECT

The applicable data protection law grants you comprehensive rights regarding the processing of your personal data, including:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to notification (Art. 19 GDPR)
Right to data portability (Art. 20 GDPR)
Right to withdraw consent (Art. 7(3) GDPR)
Right to lodge a complaint (Art. 77 GDPR)

13.2 Right to object

If we process your personal data on the basis of legitimate interests (balancing of interests), you have the right to object at any time for reasons arising from your particular situation, with effect for the future.

If you object, we will stop processing the affected data. Further processing may remain reserved if we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if processing serves the establishment, exercise, or defence of legal claims.

If your data is processed for direct marketing purposes, you have the right to object at any time to processing for such marketing. If you object, we will stop processing for direct marketing purposes.

14) DURATION OF STORAGE OF PERSONAL DATA

The duration for which personal data is stored is determined by the applicable statutory retention periods (e.g. commercial and tax retention obligations). After the retention period has expired, the relevant data is routinely deleted, provided it is no longer required for fulfilling a contract or initiating a contract and/or we no longer have a legitimate interest in continuing to store it.