Privacy policy

Information on the handling of personal data

We are very pleased about your interest in our website - and thus in our company. The protection of your private rights and freedoms is very important to us; we only use your data for the purposes intended. Since it is important to us that you are aware at all times of the extent to which we collect, use and, if necessary, transfer your data to third parties, we will provide you with the following comprehensive information on the processing of your personal data collected by us or stored by us.

Visiting our website is generally possible without providing (personal) data; if there are exceptions to this for selected services, we will explain these in the following chapters. When processing personal data, we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR) and any other data protection regulations.

Name and address of the controller

mandana GmbH
Christine Marhofer, Michael Marhofer
Ruhrtalstraße 77
45239 Essen
Germany

Phone: +49 201 43784800
E-mail: info@mandana-jewellery.com
Website: https://mandana-jewellery.com

Name and address of the data protection officer

Jörg ter Beek
Cortina Consult GmbH
Hafenweg 24
48155 Münster
Germany

Data protection team for general data protection inquiries:
Team e-mail: dsb.mandana@cortina-consult.de
Website: https://cortina-consult.com

Actuality of the privacy policy

To ensure that we always have up-to-date data protection information in connection with the services of our website, we use the CLOUD DSE service of Cortina Consult GmbH, Hafenweg 24 in 48155 Münster. In this process, the contents of our privacy policy are hosted on the servers at Cortina Consult and managed centrally. Necessary changes are implemented promptly by Cortina Consult and immediately displayed via direct integration on our website.

Rights of data subjects

The EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects in Chapter III, which we explain to you accordingly below with regard to the processing of your personal data:

Right to information

This requirement concerns in particular information on the following details of data processing:

  • Processing purposes
  • Data categories
  • Recipients or categories of recipients, if applicable
  • If applicable, the planned storage duration or the criteria for determining this duration.
  • Note on the respective right of correction, deletion, restriction or objection
  • Existence of the right to complain to a supervisory authority
  • If applicable, origin of the data (if not collected from you)
  • If applicable, existence of automated decision-making including profiling, including meaningful information about the logic involved, the scope and the effects to be expected
  • If applicable, (planned) transfer to a third country or international organization
Right to rectification

We will correct any erroneous data immediately, provided that you inform us of the circumstance accordingly.

Right to erasure (right to be forgotten)

Provided that the processing is no longer necessary and one of the following conditions is met:

  • Discontinuation of the purpose of processing
  • Withdrawal of their consent and absence of any other legal basis for processing
  • Objection to processing without an important reason to the contrary
  • Unlawful processing
  • Required to fulfill a legal obligation
  • Data collection was carried out in accordance with Art. 8 (1) GDPR
Right to restriction of processing

Provided that one of the following conditions is met:

  • You dispute the accuracy of your data (restriction can be made for the duration of the review on our side)
  • In the event of unlawful processing and if the data is not to be deleted, restriction of processing shall take the place of deletion
  • If the processing purposes cease to apply, at the same time you need your data for the assertion, exercise or defense of legal claims
  • After you have lodged an objection pursuant to Art. 21 (1) GDPR and for the duration of the examination as to whether our legitimate reasons outweigh yours.
Right to data portability

If it is technically possible and does not affect the rights and freedoms of other persons, we will - at your request - transfer your data to another recipient (responsible party).

Right to object

If we collect or have collected and process personal data from you (on the basis of Art. 6 (1) e or f or Art. 9 (2) a GDPR), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling interests worthy of protection for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time. This also applies to profiling, insofar as it is related to such direct advertising. You also have the right to object to processing of your data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

Automated decisions in individual cases including profiling

If we collect or have collected and process personal data from you, you have the right not to be subject to any decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or you have expressly consented to the processing. In any case, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.

Right to complain to a supervisory authority

A list of the supervisory authorities responsible in Germany can be found on the website of the Federal Commissioner for Data Protection or at the following link: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.

General information on data processing on the website

The following information applies to the data processing on our website in general. If there are exceptions or additions to this information, these are described in detail in the relevant sections.

Data security information

We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. In addition, we have implemented SSL encryption (SHA256) on our website to protect your data. However, despite regular checks, complete protection against all dangers is not possible.

Our legitimate interest

Our legitimate interest, as defined in Article 6 (1) f GDPR, is based on the performance of our business activities in order to maintain our ability to operate and secure the employment of our employees.

General deadlines for data deletion

After the purpose of storage has ceased, the retention periods are generally at least six or ten years. As a rule, data is deleted immediately in accordance with our deletion concept, provided that this does not conflict with any retention obligation, necessity for contract fulfillment or a legitimate interest.

Deletion or blocking of personal data

We store your personal data only for the period required to fulfill the specified purpose. After the purpose no longer applies and after expiration of any existing retention periods, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.

Collection of general data and information

As soon as you visit our website, our web server collects some general data and technical information - as shown in the table below:

Data collected

Purpose of the survey

browser types and versions usedcorrect display of the page content
Operating system used, visitor origin (referrer, e.g. Google), subpages clicked onOptimization of our website content as well as our advertising
Date and time of access to the website as well as IP address and internet service provider of the visitorEnsuring the permanent functionality of our IT systems (for the operation of the website) and prevention of misuse

Other data and information for security in the event of attacks

Providing relevant information to law enforcement agencies in the event of a cyberattack

Obligation to provide personal data

Under certain circumstances (e.g. due to legal or contractual regulations), an obligation arises for you to provide us with your personal data. Examples of such processing as follows:

Nature or purpose of the processing

Need

Conclusion of a sales contract (e.g. your address)Fulfillment of the contractual obligation (e.g. delivery of the goods to your address)
In the employee context (e.g. transmission of data to the tax office)Compliance with legal requirements (e.g. tax regulations)

Information about specific data processing on the website

If applicable, in deviation from or in addition to the above-mentioned general information, you will find details of the individual data processing on our website below.

Clever Reach
Purpose of processing general data
data typepurpose of collection
E-mail address, first name, last name, IP addresses of the recipients if tracking is activated

Sending newsletter emails

Legal basis (according to Art. 6 / 9 DSGVO)
  • Informed consent (Art. 6 para. 1 a). As part of an existing customer relationship (§ 7 Para. 3 UWG)
  • possibly Recipient (when passed on)Brevo; Operator: Sendinblue GmbH, Köpenicker Straße 126, 10179, Berlin
    https://www.brevo.com/legal/
    possibly Intention of forwarding to a third country or international organization (including information about the adequacy decision of the commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee general deadlines for data erasure
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data. Newsletters are only sent after registration via a double opt-in procedure (voluntary and revocable informed consent in accordance with Article 6 Paragraph 1 a GDPR) or after a purchase contract has been successfully concluded and the e-mail address was collected in this process (according to § 7 Abs. 3 UWG).
    Consequences of non-compliance (if the required data is not provided)An infringement (i.e. failure to provide the required data) would result in the newsletter not being able to be sent to you.
    possibly Existence of automated decision-makingIn this context, we do not use automatic decision-making.
    possibly Origin of the data (if not collected directly from the data subject)The data usually comes from the person concerned, but can also come from third parties.
    Contact form
    Purpose of processingProcessing and, if necessary, answering the request of the form sender
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Recipient (if applicable)The data will not be passed on to third parties and/or to a third country.
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation.
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data originates from the person concerned.
    Where applicable, categories of personal data (if not collected directly from the data subject).Data and categories requested in the respective form.
    Change of purpose if necessarynone
    Cookies

    We use cookies on this website; these are small text files that are stored on your computer via your internet browser (e.g. Google Chrome, Safari, Firefox, Edge). These cookies are used for various purposes: Many cookies are technically necessary to provide you with certain website functions (e.g. shopping cart functions, saving your login information), other cookies are used for the security of your data or the website and some cookies can be used to analyze your user behavior. The latter cookies may contain a so-called cookie ID - a unique identifier consisting of a character string that enables websites and servers to be assigned to the storing browser.
    Cookies that are necessary to carry out the transmission of a message via a public telecommunications network and cookies that are absolutely necessary to provide you with an expressly requested function are referred to as "technically necessary cookies" and may be set without your explicit consent (Section 25 (2) TDDDG). All other cookies are subject to consent (Section 25 (1) TDDDG); where applicable, this is regulated by our consent management platform.
    We use cookies in part only for the duration of your visit to the website, in part for a predefined period and in part permanently. You can delete all these cookies manually or automatically at any time via your web browser.
    It is possible to use our website (although possibly not to its full extent) without cookies. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser so that it notifies you as soon as cookies are sent.

    Google Tag Manager
    Purpose of processingSimplified management of analysis tools through central control and management of the collected analysis mechanisms
    Legal basisConsent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG)
  • Informed consent (Article 6 paragraph 1 a)
  • Recipient (if applicable)Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Irland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing of personal data in the USA.

    The data transfer is based on the standard contractual clauses of the EU Commission. Google LLC is certified according to the EU-US Data Privacy Framework (DPF).

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityno
    Consequences of non-compliance (in case of failure to provide the required data)no
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data comes from the person concerned.
    Where applicable, categories of personal data (if not collected directly from the data subject).which pages and functions are accessed or clicked during the website visit (click behavior), IP address assigned by the Internet service provider (ISP) in anonymized form, previously visited website (referrer), subpages visited, time spent on the website, frequency of visits, date, access location, time of visit
    Opt-Outno
    Data protection officer of the providerhttps://support.google.com/policies/contact/general_privacy_form
    Privacy policy of the providerhttps://business.safety.google/privacy/
    Google Analytics
    Purpose of processingCreation of usage profiles to optimize the cost-benefit factor on the website
    Legal basisConsent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG)
  • Informed consent (Article 6 paragraph 1 a)
  • Recipient (if applicable)Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Irlandhttps://policies.google.com/technologies/cookies?hl=en
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityno
    Consequences of non-compliance (in case of failure to provide the required data)no
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data comes from the person concerned.
    If applicable, categories of pb data (if not collected directly from the data subject)which pages and functions are accessed or clicked during the website visit (click behavior), IP address assigned by the Internet service provider (ISP) in anonymized form, previously visited website (referrer), subpages visited, time spent on the website, frequency of visits, date, access location, time of visit, user agent
    Change of purpose if necessaryno
    Opt-OutInstallation of the browser plug-in: https://tools.google.com/dlpage/gaoptout, see also under Cookies
    Data protection officer of the providerhttps://support.google.com/policies/contact/general_privacy_form
    Privacy policy of the providerhttps://business.safety.google/privacy/
    LinkedIn tag
    Purpose of processingOptimization of user experience, marketing, analysis of page behavior
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)LinkedIn Ireland Unlimited Company, LinkedIn Inc
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)LinkedIn, California, USA
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).none
    Privacy info of the addinhttps://www.linkedin.com/legal/cookie_policy
    Change of purpose, if applicablenone
    Pinterest tag
    Purpose of processingAnalysis, conversion tracking, targeting, performance measurement of marketing projects.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Pinterest Inc.651 Brannan Street, San Francisco, CA 94107, United States of America https://policy.pinterest.com/en-gb/privacy-policy
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).IP address, click behavior, device information, date and time of visit, browser settings, geo data.
    Change of purpose if necessarynone
    Google Signals
    Processing descriptionGoogle Signals is session data from websites and apps that Google associates with users who are logged into their Google Account and have enabled personalized advertising. Through Google Signals, you are identified through your Google profile and the data collected is linked to your profile. This allows us to track you across different sessions and devices and to combine the collected data into a user profile. As a site operator, we only receive anonymized reports from Google.
    Purpose of processingAnalysis, optimization, remarketing
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing in United States, Singapore, Taiwan, Chile; Google LCC

    The data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Search Terms, Usage Data, Device Information, Browser Information, Content Viewed, Geographic Location, IP Address, Demographic Data.
    Change of purpose if necessarynone
    Privacy policy of the providerhttps://business.safety.google/privacy/
    Google Enhanced Conversions
    Purpose of processingConversion tracking, conversion optimization, measurement partners - ensure security
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing in United States, Taiwan, Chile, Singapore; Google LCC

    The data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).E-mail address, first name, last name, address, telephone number, subscription service registration data, purchase information.
    Change of purpose if necessarynone
    Privacy policy of the providerhttps://business.safety.google/privacy/
    Google Maps
    Purpose of processingProvision of maps.
    Legal basis (according to Art. 6 / 9 GDPR)Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG)
  • Informed consent (Article 6 paragraph 1 a)
  • Recipient (if applicable)Google Ireland Limited, Google LLC, Alphabet Inc, United States of America
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Possibly transfer, storage and processing in the USA.

    The data transfer is based on the standard contractual clauses of the EU Commission. Google LLC is certified according to the EU-US Data Privacy Framework (DPF).

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityno
    Consequences of non-compliance (in case of failure to provide the required data)no
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually comes from the data subject, but can also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).IP address, date and time of visit, location information, URL, usage data, search terms, geographic location, user agent
    Change of purpose if necessaryno
    Data protection officer of the providerhttps://support.google.com/policies/contact/general_privacy_form
    Privacy policy of the providerhttps://business.safety.google/privacy/
    LiveChat
    Purpose of processingProviding a chat program for customer support.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Article 6 paragraph 1 a)
  • Recipient (if applicable)LiveChat Inc, 101 Arch Street, 8th Floor, Boston MA 02110, United States of America
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityno
    Consequences of non-compliance (in case of failure to provide the required data)no
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually comes from the data subject, but can also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).IP address, user agent, timestamp, if applicable, content of the message history
    Change of purpose if necessaryno
    Privacy info of the addinhttps://www.livechat.com/legal/gdpr-faq/#main
    Customer account and product order
    Purpose of the processing of general data
    Data typePurpose of the survey
    Salutation, title, first name, last name, street, no., postal code, city, country, date of birth (voluntary)Unique identification of the customer account, processing of the product purchase, delivery, payment transactions, processing of complaints
    E-mail address, passwordAuthentication, independent password reset
    Phone number (voluntary)Contact by phone
    Legal basisFulfillment of a contract (Art. 6 para. 1 lit. b GDPR)
    Recipient (if applicable)Parcel service provider, logistics service provider, payment service provider
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe data (in the mandatory fields) must be provided as part of the underlying contract.
    Consequences of non-compliance (in case of failure to provide the required data)The creation of a customer account is not possible in this case.
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).The data comes from the data subject himself.
    Change of purpose if necessarynone
    PayPal
    Purpose of processingpay
    Legal basis (according to Art. 6 / 9 GDPR)
  • Performance of a contract (Article 6 paragraph 1 b)
  • Recipient (if applicable)PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the data, the product order or payment cannot be processed.
    Consequences of non-compliance (in case of failure to provide the required data)Without the data, the product order or payment cannot be processed.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the person concerned.
    Where applicable, categories of personal data (if not collected directly from the data subject).no
    Change of purpose if necessaryno
    Web tracking technologies - managed with Usercentrics

    To manage all cookies, website and tracking technologies that require consent or opt-out in a privacy-compliant manner, we use the Consent Management Platform of Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, with which we have integrated the following services: