Privacy Statement (EU)

This privacy statement was last updated on April 22, 2024 and applies to citizens and legal permanent residents of the European Economic Area and Switzerland.

In this privacy statement, we explain what we do with the data we obtain about you via https://breitensteinart.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

1.1 Contact – Through phone, mail, email and/or webforms

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data
  • Financial information such as bank account number or credit card number
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered

The basis on which we may process these data is:

Upon the provision of consent.

Retention period

We retain this data upon termination of the service for the following number of months: 3

1.2 Payments

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data
  • Financial information such as bank account number or credit card number
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered

The basis on which we may process these data is:

It is necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party.

Retention period

We retain this data upon termination of the service for the following number of months: 3

1.3 Registering an account

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • An email address
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered
  • Financial information such as bank account number or credit card number

The basis on which we may process these data is:

It is necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party.

Retention period

We retain this data upon termination of the service for the following number of months: 3

1.4 Newsletters

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • An email address

The basis on which we may process these data is:

Upon the provision of consent.

Retention period

We retain this data until the service is terminated.

1.5 To support services or products that a customer wants to buy or has purchased

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data
  • Financial information such as bank account number or credit card number
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered

The basis on which we may process these data is:

It is necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party.

Retention period

We retain this data upon termination of the service for the following number of months: 3

1.6 To be able to comply with legal obligations

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data
  • Financial information such as bank account number or credit card number
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered

The basis on which we may process these data is:

It is necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party.

Retention period

We retain this data upon termination of the service for the following number of months: 3

1.7 Compiling and analyzing statistics for website improvement.

For this purpose we use the following data:

  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement

The basis on which we may process these data is:

It is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and that interest outweighs the interest of the person concerned.

Retention period

We determine the retention period according to fixed objective criteria: Our GDPR-compliant web statistics counter collects only non-identifying information, is 100% stored locally, and uses no cookies. This data is retained indefinitely, for the measurement and improvement of this web site’s usability and performance.

1.8 To be able to offer personalized products and services

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data
  • Financial information such as bank account number or credit card number
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered

The basis on which we may process these data is:

It is necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party.

Retention period

We retain this data upon termination of the service for the following number of months: 3

1.9 Deliveries

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data
  • Financial information such as bank account number or credit card number
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered

The basis on which we may process these data is:

It is necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party.

Retention period

We retain this data upon termination of the service for the following number of months: 3

1.10 To sell or share data with a third party

For this purpose we use the following data:

  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • IP Address
  • Geolocation data
  • Financial information such as bank account number or credit card number
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered

The basis on which we may process these data is:

It is necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party.

Retention period

We retain this data upon termination of the service for the following number of months: 3

2. Sharing with other parties

We only share or disclose this data to processors for the following purposes:

Processors

Name: Stripe
Country: Germany (origin of order processing) and possible additional procssing or banking services in customer’s billing country, if applicable.
Purpose: Financial transaction information related to web store purchases, order delivery, and related activities.
Name: DHL
Country: Germany (shipping origin) and possible additional delivery services in destination country, if any.
Purpose: Shipment and delivery of purchases placed by customers on the web site.
Name: Dreamhost
Country: United States of America
Purpose: Newsletter sign-up and delivery, as voluntarily submitted and confirmed by the recipient.

3. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy

4. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

5. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorized access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

6. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

7. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

8. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

9. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Data Protection Authority.

10. Contact details

Marlene Breitenstein Art
Wollmesheimer Hauptstr. 54
76829 Landau
Germany
Website: https://breitensteinart.com
Email: resists-captcha-0y@icloud.com
Phone number: +1 240-487-9387

11. Data Requests

For the most frequently submitted requests, we also offer you the possibility to use our data request form

×

Annex

WooCommerce

We collect information about you during the checkout process on our store.

What we collect and store

While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of cart contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 8 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.

Payments

We accept payments through Stripe. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information.

Please see the Stripe Privacy Policy for more details.

WooCommerce Shipping & Tax

Data Used: For payments with Stripe: purchase total, currency, billing information. For taxes: the value of goods in the cart, value of shipping, destination address. For checkout rates: destination address, purchased product IDs, dimensions, weight, and quantities. For shipping labels: customer’s name, address as well as the dimensions, weight, and quantities of purchased products.

Data Synced: For payments, we send the purchase total, currency and customer’s billing information to the respective payment processor. Please see Stripe’s Privacy Policy for more details. For automated taxes we send the value of goods in the cart, the value of shipping, and the destination address to TaxJar. Please see TaxJar’s Privacy Policy for details about how they handle this information. For checkout rates we send the destination ZIP/postal code and purchased product dimensions, weight and quantities to the carrier directly or via EasyPost, depending on the service used. For shipping labels we send the customer’s name, address as well as the dimensions, weight, and quantities of purchased products to EasyPost. We also store the purchased shipping labels on our server to make it easy to reprint them and handle support requests.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information, such as what was purchased, when it was purchased and where it should be sent, and
  • Customer information, such as your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfill orders, process refunds and support you.

What we share with others

We share information with third parties who help us provide our orders and store services to you. We never sell your data, and only collect and use data you voluntarily provide, and with your consent. If you choose to enter personal data on our web site, such as signing up for our newsletter, browsing our store, making purchases, leaving comments, etc., we collect and may share your data with the following entities, solely to provide you with our services, at your request. 

  • Dreamhost – Email communication, and newsletter services.
  • Stripe payment gateway – To process purchases, refunds and the like.
  • DHL – For shipping and delivery of purchases you make.
  • WooCommerce – For additional shop functions and marketing purposes.

 

Solid Central

Where we send your data

This web site uses a third party service to manage administrative tasks. If you leave a comment, submit personal information via a contact form, or otherwise exchange personal details with us, it is possible that we may use this service to manage that data. Please visit the SolidWP Privacy Policy for more information regarding the way they handle data.
 

Solid Security

What personal data we collect and why we collect it

Cookies

Some forms on this site require the use of the hCAPTCHA service before they can be submitted. If you consent to this service, a cookie is created that stores your consent. This cookie deletes itself after thirty days.

Magic links create a temporary cookie named “itsec-ml-lockout-bypass” that enables users to log in through a link sent to their email. This cookie references session data containing the user’s ID and IP address. It automatically expires after 30 minutes.

A cookie named “itsec_interstitial_browser” is created to track a user’s login process to implement enhanced security features.

Visiting the login page sets a temporary cookie that aids compatibility with some alternate login methods. This cookie contains no personal data and expires after 1 hour.

Some users can enable the “Remember This Device” feature to skip Two-Factor when using the same device. This generates a cookie named “itsec_remember_2fa”. It contains no personal data and expires after 30 days.

Security Logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 183 days.

Who we share your data with

For security, use of hCaptcha is required which is subject to their Privacy Policy and Terms of Use.

A QR code image is generated for users that set up two-factor authentication for this site. This image is generated using a SolidWP-hosted API. In the process of generating this image, your username is sent to the API. This data is not logged. For privacy policy details, please see the SolidWP Privacy Policy.

When running Security Check, solidwp.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to solidwp.com as part of this process. Requests to solidwp.com include the site’s URL. For solidwp.com privacy policy details, please see the SolidWP Privacy Policy.

This site is scanned for potential malware and vulnerabilities by the SolidWP Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

In order to ensure file integrity, Solid Security pulls data from wordpress.org, solidwp.com, ithemes.com and amazonaws.com. No personal data is sent to these sites. Requests to wordpress.org include the WordPress version, the site’s locale, a list of installed plugins, and a list of each plugin’s version. Requests to solidwp.com and amazonaws.com include the installed SolidWP products and their versions. For wordpress.org privacy policy details, please see the WordPress Privacy Policy. For solidwp.com privacy policy details, please see the SolidWP Privacy Policy. Requests to amazonaws.com are to retrieve content added and managed by SolidWP which is covered by the Amazon Web Services Data Privacy policy.

How long we retain your data

Security logs are retained for 183 days.

Backups of security log details are retained for a maximum of 1 year. 

Database backups are sent via email. Retention of database backup emails is a maximum of two weeks.

We ensure that past personal data erasure requests are respected even in the event of restoring a backup of the site. 

Where we send your data

This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by solidwp.com. For privacy policy details, please see the SolidWP Privacy Policy.

Database backups are sent via email. Our site and email are hosted by Dreamhost. For privacy policy details, please see the Dreamhost Privacy Policy.

 

Akismet

We collect information about visitors who comment or leave reviews, using the Akismet Anti-spam service. The information we collect includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).

 

Complianz | The Privacy Suite for WordPress

This website uses the Privacy Suite for WordPress from Complianz to collect records of consent. For this functionality your IP address is anonymized and stored in our database. For more information, see the Complianz Privacy Statement.