Privacy Policy

PRIVACY POLICY

1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE DATA CONTROLLER

1.1 Thank you for visiting our website and your interest in us. Below you will find information about the processing of your personal data when using our website. Personal data is any data by which you can be directly or indirectly identified.

1.2 The data controller within the meaning of the General Data Protection Regulation (GDPR) is Maison Elara London. The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of confidential content (e.g. orders or enquiries), this site uses SSL/TLS encryption. You can recognise an encrypted connection by the "https://" prefix and the padlock icon in the address bar of your browser.

2) DATA COLLECTION DURING SITE VISITS

If you use the site for informational purposes only (without registration or data transfer), we only collect the data that your browser sends to our server (log files). When you visit the site, we collect the following data, which is technically necessary for the display of the site:

* Site visited
* Date and time of access
* Volume of data transmitted (in bytes)
* Source/referrer from which you visited the site
* Browser used
* Operating system used
* IP address used (where applicable, in anonymised form)

Processing is based on Article 6(1)(f) of the GDPR (legitimate interest) and aims to improve the stability and functionality of our website. No transfer or other use of the data takes place. However, we reserve the right to review log files at a later time if there are concrete indications of unlawful use.

3) COOKIES

To improve your browsing experience and enable certain features, we use cookies. These are small text files stored on your device. Some cookies (session cookies) are deleted after you close your browser; others remain (permanent cookies) and allow us to recognise your browser on subsequent visits, including third-party cookies. Cookies may process information such as browser data, location data and IP address. Permanent cookies are automatically deleted after a certain period.

Cookies may be used, for example, to simplify the ordering process (e.g. by remembering the contents of your shopping basket). If personal data is processed via cookies, processing is based on Article 6(1)(b) of the GDPR (performance of a contract) or Article 6(1)(f) of the GDPR (legitimate interest: optimal website functionality and an efficient user experience).

We may work with advertising partners who also place third-party cookies. If this is the case, you will be informed below.

You can set your browser to notify you when cookies are placed, to accept them on a case-by-case basis, or to refuse them in general or in specific cases. Instructions can be found in your browser's help function.

* Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
* Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
* Chrome: https://support.google.com/chrome/answer/95647?hl=en
* Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
* Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Refusing cookies may limit the functionality of the website.

4) INITIAL CONTACT

When you contact us (via a form or email), we collect personal data (the form indicates the relevant fields). This data is used solely for processing your request and the associated technical administration. Legal basis: legitimate interest (Article 6(1)(f) GDPR). If your request is aimed at entering into a contract: Article 6(1)(b) GDPR. The data is deleted once your request has been fully processed, unless there are legal obligations to retain it.

5) OPENING A CUSTOMER ACCOUNT AND PERFORMANCE OF THE CONTRACT

In accordance with Article 6(1)(b) of the GDPR, we collect and process data when you provide it to us to fulfil a contract or open a customer account. The relevant fields are listed on the forms. You may request deletion of your account at any time. After the contract has been fulfilled or the account deleted, the data is blocked and subsequently deleted upon expiry of the statutory retention periods, unless you consent to further use or another legal basis for processing exists.

6) USE OF YOUR DATA FOR MARKETING PURPOSES

6.1 Newsletter subscription
By subscribing, you will regularly receive information about our offers. Only your email address is required; the other fields are optional. We use a double opt-in procedure (confirmation email with a link). Legal basis: Art. 6(1)(a) GDPR (consent). You can unsubscribe at any time via the link in any email.

6.2 Newsletter to existing customers
If you have provided your email address during a purchase, we may send you offers for similar products or services (legitimate interest, Art. 6(1)(f) GDPR). You can object to this at any time.

7) DATA PROCESSING FOR ORDER FULFILMENT

7.1 The data required for delivery is passed on to the carrier; payment data is passed on to the relevant payment provider (Art. 6(1)(b) GDPR). The payment providers used are listed below.

7.2 Payment providers

* PayPal: When paying via PayPal (card, direct debit, purchase on account or instalment payment), the necessary data is passed on to PayPal (Europe) S.à r.l. et Cie, SCA, 22–24 Boulevard Royal, L-2449 Luxembourg (Art. 6(1)(b) GDPR). PayPal may carry out a credit check (Art. 6(1)(f) GDPR). Information: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

* SOFORT (Klarna Group): Payment via SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (Klarna Group). Data transfer strictly necessary for payment (Art. 6(1)(b) GDPR). Information: https://www.klarna.com/sofort/datenschutz

8) REVIEW REQUESTS BASED ON CUSTOMER REVIEWS

We may use your email address once to invite you to write a review, provided you have given your consent (Article 6(1)(a) GDPR). You may withdraw your consent at any time.

9) SOCIAL NETWORKS: PLUG-INS

9.1 Facebook (Shariff solution) – integrated via HTML link (no direct login required before clicking). Policy: https://www.facebook.com/policy.php
9.2 Google+ (Shariff solution) – Policy: https://www.google.com/intl/en/policies/privacy/
9.3 Instagram (Shariff solution) – Policy: https://help.instagram.com/155833707900388/

10) ONLINE MARKETING

10.1 DoubleClick by Google. Used for relevant advertisements and performance reports (legitimate interest, Art. 6(1)(f) GDPR). Information: https://www.google.com/policies/privacy/

10.2 Google Ads – Conversion Tracking
After clicking on a Google advertisement, a conversion cookie is placed (valid for approximately 30 days). Aggregated statistics, no personal identification. Opt-out possible via browser settings or a plug-in. Google policy: https://www.google.com/policies/privacy/

11) AUDIENCE ANALYSIS

Google (Universal) Analytics. Used with the _anonymizeIp() extension (IP anonymisation within the EU/EEA). Legal basis: Art. 6(1)(f) GDPR (statistical analysis for optimisation/marketing purposes). Opt-out: https://tools.google.com/dlpage/gaoptout?hl=en
Additional information (user ID, cross-device analysis, possible objection): https://support.google.com/analytics/answer/2838718?hl=en

12) RETARGETING / REMARKETING / RECOMMENDATIONS

Facebook Custom Audience (Pixel) tracks behaviour after a Facebook advertisement has been displayed/clicked (effectiveness measurement, optimisation). The data is anonymous to us; Facebook processes it in accordance with their policy: https://www.facebook.com/about/privacy/
Processing only takes place with consent (Article 6(1)(a) GDPR). Cookies can be disabled via your browser or via the Digital Advertising Alliance: https://www.aboutads.info/choices/

Google Ads remarketing cookie with pseudonymous ID for interest-based advertising (Art. 6(1)(f) GDPR). Settings/opt-out: https://www.google.com/settings/ads/onweb/en — DAA.

13) YOUR RIGHTS

In accordance with the GDPR, you have the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), notification to recipients (Art. 19), data portability (Art. 20), withdrawal of consent (Art. 7(3)) and the right to lodge a complaint with a supervisory authority (Art. 77).

Right to object (Art. 21 GDPR)

* If we process your data on the basis of our legitimate interests, you may object at any time on grounds relating to your particular situation. We will then cease processing unless there are compelling legitimate grounds for the processing or the processing is necessary for the establishment, exercise or defence of legal claims.

* If your data is processed for direct marketing purposes, you may object at any time; in that case we will immediately cease processing for that purpose.

14) RETENTION

The retention period is determined by statutory deadlines (e.g. commercial and tax obligations). Once these periods have expired, the data is deleted unless it is needed for the performance of the contract or there is a legitimate interest in retaining it longer.

GENERAL SALES CONDITIONS

In the event of loss, non-return or impossibility of recovering the product, administrative costs of up to 10% of the product value may be deducted from the amount to be refunded.