Privacy Policy

We are happy about your visit on our website. Since the protection of your personal data is particularly important to us, we would like to inform you in the following about the data processing that takes place in connection with our website https://artsocks.co/.
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by our external service providers.

1. Definitions

The legislator requires that personal data are processed processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’). In order to ensure this, we first inform you in this section about the individual legal definitions which are also used in this data protection declaration:

1.1. Personal data

"Personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.2. Processing

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.3. Restriction of processing

"Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future.

1.4. Profiling

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

1.5. Pseudonymisation

"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

1.6. Filing system

"Filing system" means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

1.7. Controller

"Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.8. Processor

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1.9. Recipient

"Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

1.10. Third party

"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

1.11. Consent

"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Lawfulness of processing

The processing of personal data shall be lawful only if there is a legal basis for the processing. Pursuant to Article 6 (1) sentence 1 letters a) to f) of the GDPR, the legal basis for the processing may be, in particular:

a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the controller is subject;

d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

3. Purely informative use of our website

In this section we inform you about which data is processed by us if you use our website purely for information purposes, i.e. if you do not actively transmit data when visiting our website.

3.1. Log-Files

When you view our website, we collect the following data in so-called log files, which are technically necessary for us to be able to show you our website and to guarantee its stability and security:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Amount of data transmitted in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software


We are entitled to collect and store this data in accordance with Art. 6 para. 1 sentence 1 letter f) GDPR, as we have a legitimate interest in the security and stability of our website. They are automatically deleted after seven days at the latest, unless there is a justified suspicion of unlawful action.

3.2. Cookies

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your end device and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.

3.2.1. Required cookies

On the one hand, we use cookies, which are necessary to enable certain functions of our website in order to make your visit here as pleasant as possible. In particular, these include the so-called session cookies. They store a so-called session ID with which various requests from your browser can be assigned to the common session. Thereby your terminal device can be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
We are entitled to use these cookies in accordance with Art. 6 para. 1 sentence 1 letter f) EU-GDPR, as we have a legitimate interest in the functionality and correct display of our website.

3.2.2. Tracking for range measurement & control of advertising

We also use cookies to measure the reach of our website in order to analyse the use of our website and thus improve ourselves. In addition, cookies are also used by us to control personalised advertising. In this way, we want to ensure that users are only shown advertisements that are of presumed interest to the respective user and, in particular, that are not annoying.
When you visit our website for the first time, we will ask you for your explicit consent that we may set cookies for the aforementioned purposes. The legal basis for this data processing is therefore Art. 6 para. 1 sentence 1 letter a) GDPR.

3.2.3. Cookie settings

Of course you can also access our website without cookies. However, if you wish to use our website fully or conveniently, you should accept cookies. Most web browsers are preset by default to accept cookies. However, you have the option of setting your browser to display cookies before they are saved, to accept or reject only certain cookies or to reject cookies in general. Please note that changes to settings always only affect the respective browser. If you use different browsers or change the terminal device, you will have to make the settings again. Furthermore, you can delete cookies from your storage medium at any time. Information on the cookie settings, changing them and deleting cookies can be found in the help section of your web browser.

4. Use of our webshop

If you want to order in our web shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. Mandatory data necessary for the processing of contracts are marked separately, further data are voluntary. We process the data provided by you to process your order. For this purpose we can also pass on your payment data to our house bank.
The legal basis for this is Art. 6 para. 1 sentence 1 letter b) GDPR, according to which personal data may be processed for the fulfilment of a contract.

4.1. Duration of storage

We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. After two years, however, we will restrict processing, i.e. your data will then only be used to comply with legal obligations. 

4.2. Payment service provider

We offer several payment methods for the use of our webshop and use different payment service providers. Depending on which payment method you choose, different data is transmitted to the respective payment service provider. The legal basis for the transmission is also Art. 6 para. 1 sentence 1 letter b) GDPR, as the payment data is required to process the contract with you.

4.2.1. PayPal

If you decide to pay by PayPal, your personal data will be transmitted to PayPal. The prerequisite for using PayPal is the opening of a PayPal account. When using or opening a PayPal account, your name, address, telephone number and e-mail address must be submitted to PayPal. The legal basis for the transmission of data is Art. 6 para. 1 letter a GDPR (consent) and Art. 6 para. 1 letter b GDPR (processing for the performance of a contract).

Operator of the payment service PayPal is the:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg
Email: impressum@paypal.com

With the payment option PayPal you agree to the transmission of personal data such as name, address, telephone number and e-mail address to PayPal. What other data is collected by PayPal can be found in the respective PayPal privacy policy. This can be found under: https://www.paypal.com/de/webapps/mpp/ua/privacy-full 

4.2.2. Shopify payments (Stripe)

If you choose a payment method other than PayPal, it will be made through the "Shopify Payments" service, an offer from Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Behind it is the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, ("Stripe"). These companies therefore receive payment data as part of the payment. Information provided during the ordering process, together with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) is passed on. The transfer of your data is exclusively for the purpose of payment processing with the payment service provider. You can find more information on data protection at https://stripe.com/de/terms and https://www.shopify.com/legal/privacy.

4.3. Shopify

Our online shop uses the shop system of the provider Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify"). We use the services of Shopify for the purpose of hosting and displaying the online shop.

4.3.1 General data processing by Shopify

All data collected on our website is processed on Shopify's servers. In this context, personal data may also be transmitted to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc. In the event that data is transferred to Shopify Inc. in Canada, an adequate level of data protection is guaranteed in accordance with the adequacy finding of the European Commission under Art 45 GDPR. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc. in the USA have submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. In accordance with the decision of the European Commission of 12.07.2016, data transmission to the USA in compliance with the provisions of the agreement offers an adequate level of protection within the meaning of Art. 45 GDPR.
The legal basis for the use of Shopify is Art. 6 para. 1 sentence 1 letter f) GDPR. We have a legitimate interest in using external service providers for effective and simple order processing.
You can obtain further information under https://www.shopify.com/legal/privacy.

4.3.2. Cookies 

The following cookies are set during the use of Shopify:

Required cookies

Name of the coookies  Function of the cookies

_ab

Used in connection with access to admin.

_orig_referrer

Used in connection with shopping cart.

_secure_session_id

Used in connection with navigation through a storefront.

Cart

Used in connection with shopping cart.

cart_sig

Used in connection with checkout.

cart_ts

Used in connection with checkout.

checkout_token

Used in connection with checkout.

Secret

Used in connection with checkout.

Secure_customer_sig

Used in connection with customer login.

storefront_digest

Used in connection with customer login.

 

Reach measurement & Marketing

Name of the coookies   Function of the cookies

_landing_page

Track landing pages.

_orig_referrer

Track landing pages.

_s

Shopify analytics.

_shopify_fs

Shopify analytics.

_shopify_s

Shopify analytics.

_shopify_sa_p

Shopify analytics relating to marketing & referrals.

_shopify_sa_t

Shopify analytics relating to marketing & referrals.

_shopify_uniq

Shopify analytics.

_shopify_visit

Shopify analytics.

_shopify_y

Shopify analytics.

_y

Shopify analytics.

tracked_start_checkout

Shopify analytics relating to checkout.

 

Further information can be found at https://www.shopify.com/legal/cookies and under point 3.2 of this privacy policy.

5. Newsletter

If you wish to receive our newsletter, we will ask you for your explicit consent that we may process your e-mail address and the other data provided. Your consent therefore forms the legal basis for this data processing in accordance with Art. 6 Paragraph 1 S. 1 Letter a) GDPR.

Your e-mail address is the only compulsory information for the sending of the newsletter. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. 

We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

You can revoke your consent to receive the newsletter at any time and thus unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail or by sending an e-mail to support@artsocks.co.

6. Contact form

If you would like to contact us via our contact form, we ask you for your explicit consent that your e-mail address and the other data you have provided may be processed. We are then entitled to process these data in accordance with Art. 6 Para. 1 S. 1 letter a) GDPR. Of course, your data will only be used strictly for the purpose of processing and answering your inquiry and will be deleted immediately after final processing.

7. General inquiries

If you contact us by post, e-mail, telephone or fax, your inquiry including all personal data resulting from it will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. The processing of this data is carried out on the basis of Art. 6 para. 1 sentence 1 letter b) GDPR, insofar as your request is related to the fulfilment of a contract concluded with us or is necessary for the implementation of pre-contractual measures. Otherwise, processing is based on Art. 6 para. 1 sentence 1 letter f) GDPR, as we have a legitimate interest in the effective processing of the inquiries addressed to us. In addition, we may also be entitled to be informed under Art. 6 para. 1 sentence 1 letter f) GDPR. c) GDPR, as we are legally obliged to enable rapid electronic contact and direct communication with us.
Certainly, your data will be used strictly for the purpose of processing and answering your inquiry and will be deleted after final processing, provided that we are not subject to any legal storage obligations.

8. Processor

We will not pass on your data to third parties without your explicit consent. However, like any modern company, we work together with contract processors in order to be able to offer you an uninterrupted and best possible service. 
When we work together with external service providers, we regularly process orders on the basis of Art. 28 GDPR. For this purpose, we conclude appropriate agreements with our partners to ensure the protection of your data. When processing your data, we use only carefully selected contract processors. These are bound by our instructions and are regularly checked by us. We only commission external service providers who have ensured that all data processing procedures are carried out in accordance with data protection regulations.
The following types of processors may receive personal data:

  • Shop system provider (Shopify)
  • Newsletter service provider
  • Marketing service provider
  • Shipping service provider

9. Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet.

The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension "_anonymizeIp()". This allows IP addresses to be processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is therefore deleted immediately.

We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. In accordance with the decision of the European Commission of 12.07.2016, data transmission to the USA in compliance with the provisions of the agreement offers an adequate level of protection within the meaning of Art. 45 GDPR.  The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 letter f) GDPR. 

Information provided by the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. user conditions: 

http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data protection declaration: http://www.google.de/intl/de/policies/privacy.

This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out using a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My Data", "Personal Data".

10. Facebook Pixel

We use on our website the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
With the help of the Facebook pixel, Facebook is able to determine you as a visitor to our online offer as a target group for the presentation of advertisements (so-called "Facebook Ads"). We use the Facebook Pixel in order to display the Facebook ads we have placed only to those users who have also shown interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products) that we transmit to Facebook (so-called "Custom Audiences").
With the help of the Facebook pixel, we want to ensure in particular that our Facebook ads also correspond to the potential interest of users and that they do not appear to be annoying. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes, as this enables us to see whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion").
The processing of data by Facebook is carried out within the framework of Facebook's data policy. General information on the display of Facebook ads can be found here. Special information and details about the Facebook pixel and its functionality can be found here.
The data collected using the Facebook pixel may be transferred to Facebook servers in the USA. Facebook has undertaken to comply with the provisions of the so-called "Privacy-Shield" agreement. You can find more information on this at https://www.privacyshield.gov. According to the decision of the European Commission of 12.07.2016, data transmission to the USA in compliance with the provisions of the agreement offers an adequate level of protection within the meaning of Art. 45 EU-GDPR.
When you first visit our website, we will ask you for your express consent that cookies may be set on your terminal device for advertising purposes. The legal basis for the data processing is therefore Art. 6 para. 1 sentence 1 letter a) GDPR.

11. Children & Teenagers

Our offer is basically directed at adults. Persons under 18 years of age should not transmit any personal data to us without the consent of their parents or legal guardians.

12. Deployment obligation and profiling

There is no legal obligation to provide us with personal data.
There is no automated decision-making within the meaning of Art. 22 EU-GDPR.

13. Your rights

In this section we inform you about your rights regarding your personal data.

14.1. Revocation of consent

If the processing of personal data is based on a granted consent, you have the right to revoke this consent at any time. Revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

14.2. Right to confirmation

You have the right to request confirmation from the data controller as to whether we are processing personal data concerning you. You can request such confirmation at any time by contacting us at the contact details given above.

14.3. Right of access by the data subject

If personal data is processed, you can request information about this personal data and about the following information at any time: 

a) the purposes of the processing;

b) the categories of personal data concerned;

c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

f) the right to lodge a complaint with a supervisory authority;

g) where the personal data are not collected from the data subject, any available information as to their source;

h) the existence of automated decision-making, including profiling, referred to in Article 22 paragraphs 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer. We will provide a copy of the personal data that is the subject of the processing. For any further copies that you request personally, we may charge a reasonable fee based on the administrative costs. If you make the request electronically, the information shall be provided in a standard electronic format, unless the request states otherwise. The right to receive a copy pursuant to paragraph 3 shall not prejudice the rights and freedoms of other persons.

14.4. Right to rectification

You have the right to ask us to correct any incorrect personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

14.5. Right to erasure (‘right to be forgotten’)

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:

a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;

c) the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;

d) the personal data have been unlawfully processed;

e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

The right to erasure (‘right to be forgotten’) shall not apply to the extent that the processing is necessary: 

a) for exercising the right of freedom of expression and information;

b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;

d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    
e) for the establishment, exercise or defence of legal claims.

14.6. Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
   
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

d) the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

14.7 Right to data portability

You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) GDPR; and
    
b) the processing is carried out by automated means.

In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The exercise of the right to data portability is without prejudice to the right to erasure (‘right to be forgotten’). That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

14.8. Right to object

According to Art. 21 GDPR you have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. 

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1), you, on grounds relating to your particular situation, shall have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

14.9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if the you consider that the processing of personal data relating to you infringes this Regulation.

15. Controller & Contact

Responsible for data protection:

Artsocks UG (haftungsbeschränkt)

represented by the managing director Hayk Sahakyan

In der Rehre 33

30457 Hannover

If you have questions regarding data protection or wish to assert one of your rights, please contact us by post at the above address or by e-mail at support@artsocks.co. We will endeavour to deal with your request as quickly as possible. 

16. Modifications

Due to the rapid development of the Internet and data protection law, we expressly reserve the right to make modifications to this data protection declaration.