Privacy Policy

PRIVACY POLICY for www.thethinggallery.com

This Privacy Policy aims to inform you, as a user, about the collection of personal data on this website. We prioritize providing a transparent overview of all essential information regarding the protection of your data. If you have any questions, uncertainties, or require clarification, please do not hesitate to contact us.

A) DATA CONTROLLER
The entity responsible for data processing in accordance with the General Data Protection Regulation (Article 4(7) GDPR) and other applicable national data protection laws is:

Rahlwes & Sieverding GbR
Leipziger Str. 60, 10117 Berlin, Germany
Email: contact@thethinggallery.com

Complete provider identification: www.simplyloveit.de/pages/impressum

These contact details are relevant for all data protection inquiries related to this website, as well as any claims regarding your rights under applicable data protection laws.

B) COLLECTION AND STORAGE OF PERSONAL DATA WHEN VISITING OUR WEBSITE
Below, we outline the data-related processes that occur when you visit our website.

1. Log Files
Each time our website is accessed, we automatically collect data and information from the system you use to access the site. The following data is collected:

• Information about your browser type and version
• Details about your operating system
• Information about your internet service provider
• Date and time of access
• Websites that referred you to our website
• Websites accessed by your system through our website
• Your IP address
  

This data is not stored together with any other personal data. Both the collection of this data and its storage in log files are essential for the operation and functionality of our website. The legal basis for this temporary data storage is Article 6(1)(f) GDPR.

2. Cookies
Our website uses “cookies,” which are small files created and stored on your device by your browser when you visit our site. Cookies do not harm your system or contain viruses, trojans, or other harmful software.

We use cookies to improve our website, for example, by enhancing user-friendliness and tailoring it to user interests.

The following data may be stored and transmitted via cookies:

• Items in a shopping cart
• Login information
• Progress in project descriptions
• Use of website features

This data is pseudonymized through technical measures, meaning it cannot be linked to individual users. The data is not stored alongside other personal data.

Processing data through cookies is necessary to protect our legitimate interests and those of third parties (Article 6(1)(f) GDPR).

Most browsers accept cookies automatically. However, you can configure your browser to prevent cookies from being stored or to notify you before a cookie is created. Please note that disabling cookies may limit the functionality of our website.

3. Website Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), to analyze how users interact with our website.

Google Analytics collects data via cookies, including:

• Browser information
• Device type and operating system
• User’s referral source
• Time spent on the website
• Interactions on the website (e.g., clicks, page views)

Google processes this data to generate reports on website activity and offer related services. The data may be transferred to Google servers in the United States. Cookies used by Google Analytics are stored for up to 14 months.

Data transfers to the U.S. comply with the EU-U.S. Data Privacy Framework. Google is certified under this framework and adheres to its regulations.

To prevent data collection via Google Analytics, you can adjust your browser settings or use Google’s opt-out browser add-on: https://tools.google.com/dlpage/gaoptout.

The legal basis for processing your personal data in connection with Google Analytics is Article 6(1)(f) GDPR, as our legitimate interest lies in analyzing website usage to improve our services.

We have entered into a data processing agreement with Google to ensure your data remains secure and is not disclosed to unauthorized third parties.

Further legal details about Google Analytics can be found at:
https://policies.google.com/privacy
https://policies.google.com/technologies/partner-sites

C) Marketing
We use a marketing tool from the Facebook network called the “Facebook Pixel,” operated by Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This tool involves a script (“Pixel”) embedded in our website. If you are logged into Facebook while visiting our website, Facebook Ireland Ltd. can identify that you have accessed our site. This enables more targeted and relevant advertisements to be displayed within Facebook's network. Additionally, it helps track whether and which users, after clicking on an ad within Facebook's network, were directed to our offerings.

We cannot guarantee that Facebook does not process data in the United States. However, an adequate level of data protection is ensured by the use of the EU Commission’s standard contractual clauses under Article 46(2)(c) of the GDPR (www.facebook.com/help/566994660333381).

Details about the purpose and scope of Facebook’s data collection, processing, and use, along with your rights and options for privacy protection, can be found in Facebook Ireland Ltd.’s privacy policy: https://www.facebook.com/about/privacy/. You can also manage your ad preferences directly in your Facebook account settings: https://www.facebook.com/settings?tab=ads.

The use of this marketing tool is necessary to promote our offerings and optimize advertising measures, based on Article 6(1)(f) of the GDPR. To prevent data collection by third parties, you can use the following opt-out links: 

• NAI: http://optout.networkadvertising.org/
• EDAA: http://www.youronlinechoices.com/uk/your-ad-choices/

D) NEWSLETTER

We offer a newsletter to inform subscribers about our services. To receive the newsletter, you must register on our website. The data you provide during registration is transmitted to us and used solely for sending the newsletter.

We collect the following data:

• The email address you provide
• The IP address of the device used during registration
• The date and time of your registration

Your email address is required to send you the newsletter. The other information is necessary to prevent misuse of our system or your email address.

For newsletter distribution, we use MailChimp, a service provided by The Rocket Science Group, LLC (675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA). Under Article 28(3)(1) of the GDPR, your data is processed by MailChimp solely on our behalf. MailChimp does not use this data to contact you directly or share it with third parties. An adequate level of data protection is ensured by the EU Commission’s standard contractual clauses under Article 46(2)(c) of the GDPR.

We analyze user behavior related to our newsletters, including open and click rates, which we can attribute to individual subscribers. This analysis helps us tailor the newsletter to better suit your interests and improve its content.

Providing additional information during registration is voluntary and helps us better target our communications. However, it is not required for receiving the newsletter.

Before completing your registration, you will be asked for your consent and directed to this privacy policy (Article 6(1)(a) of the GDPR).

You can unsubscribe from the newsletter and withdraw your consent at any time. A link to cancel your subscription is included in every newsletter email.

E) SHOP SYSTEM
We use Shopify to operate our online store. Shopify is provided by Shopify Inc., 126 York Street, Suite 200, Ottawa, K1N 5T5, Canada. Shopify processes your data when you use our website. For more details, please refer to Shopify's privacy policy: https://www.shopify.com/legal/privacy.

The use of Shopify and the associated data processing is necessary to protect our legitimate interest under Article 6(1)(f) GDPR, specifically the operation of our business activities.

F) CONTACT
You can contact us electronically via email or a contact form on our website. In such cases, the data you provide will be stored by us.

This includes:

• Your name
• The date of your inquiry
• Your email address
• Any additional information you provide

If your inquiry relates to our offerings, the legal basis for data processing is Article 6(1)(b) GDPR.

The data you send will only be used to facilitate communication and will not be shared with third parties.

We will delete your data once it is no longer needed for the purpose it was collected, i.e., when the email exchange is concluded, and your inquiry has been fully addressed.

You may withdraw your consent to data processing at any time. To do so, please contact us using the details provided above. Upon withdrawal, all personal data collected for communication purposes will be deleted.

G) ONLINE ORDERS
When you purchase an item from our website, we process the information you provide to fulfill the sales contract (Article 6(1)(b) GDPR).

To process payments as part of the sales contract, we utilize payment service providers. Alongside payment information, these providers may process the following data:

• Your name
• Your address
• Your email address
• Your IP address

Neither we nor the payment providers will share your payment data or other details with third parties not involved in contract fulfillment or payment processing.

The legal basis for storing and processing this data is Article 6(1)(b) GDPR.

Payment Providers
We use the following payment service providers:

Klarna
Klarna is a service provided by Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden. Klarna collaborates with credit reporting agencies, meaning your data may be shared with companies specified in Klarna’s privacy policy. For more information, visit: https://www.klarna.com/privacy/.

PayPal
PayPal is a service provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal also works with credit reporting agencies, which may result in your data being shared with the entities mentioned in PayPal's privacy policy. For details, visit: https://www.paypal.com/webapps/mpp/ua/privacy-full.

Apple Pay
Apple Pay is provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. Apple stores anonymized transaction data, including approximate purchase amount, date, time, and transaction success status. Anonymization ensures no personal connection. Apple uses this data to improve "Apple Pay" and other services. Learn more at: https://support.apple.com/en-us/HT203027.

Google Pay
Google Pay is a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Information you provide during checkout, along with order details, may be shared with Google for payment processing. Google's privacy policy for Google Pay is available here: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice.

Stripe
Stripe is a service provided by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe may collaborate with credit reporting agencies, which may lead to your data being shared with the companies listed in Stripe's privacy policy. For more details, visit: https://stripe.com/privacy.

H) DATA PROCESSING IN NON-EU/EEA COUNTRIES
Unless stated otherwise above, the processing of your personal data in countries outside the European Union (EU) or the European Economic Area (EEA) occurs exclusively in accordance with the legal provisions under Article 44 GDPR. This is based either on an adequacy decision by the European Commission (Article 45 GDPR) and/or appropriate safeguards (Article 46 GDPR).

I) GENERAL DATA RETENTION
Personal data is stored only as long as necessary to fulfill the purpose of its collection or to comply with applicable legal retention periods. Once the purpose ceases to exist or the retention period expires, the data is deleted.

J) RIGHTS OF DATA SUBJECTS
If we process personal data relating to you, you are considered a data subject under GDPR, and you have the following rights regarding us:

(1) Article 15 GDPR: You have the right to request information about your personal data processed by us. This includes details about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the source of your data (if not collected by us), and the existence of automated decision-making, including profiling, along with meaningful information about the logic involved.

(2) Article 16 GDPR: You have the right to demand the immediate correction of inaccurate or incomplete personal data stored by us.

(3) Article 17 GDPR: You can request the deletion of your personal data stored by us unless processing is required for exercising the right to freedom of expression and information, compliance with a legal obligation, reasons of public interest, or the establishment, exercise, or defense of legal claims.

(4) Article 18 GDPR: You can request the restriction of processing of your personal data if:

• • You dispute the accuracy of the data.
  • The processing is unlawful, but you oppose its deletion.
  • We no longer need the data, but you require it for establishing, exercising, or defending legal claims.
  • You have objected to processing pursuant to Article 21 GDPR, and it is not yet clear whether our legitimate grounds override yours.

(5) Article 20 GDPR: You have the right to receive your personal data that you provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller.

(6) Article 7(3) GDPR. You may withdraw your consent at any time. This will result in us ceasing future data processing based on your prior consent.

(7) Article 77 GDPR: You have the right to lodge a complaint with a supervisory authority, typically in the member state of your habitual residence, place of work, or the location of our business headquarters.

K) RIGHT TO OBJECT
If your personal data is processed based on legitimate interests under Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR. This applies if the objection is based on reasons arising from your particular situation or if the objection is directed at direct marketing. In the latter case, you have a general right to object, which will be implemented without the need for you to specify a particular situation.

If you wish to exercise your right to withdraw consent or object to data processing, simply send an email to the address provided above.