The following privacy statement shall apply when you use our online services on www.laure-lay.com (hereinafter „Website“). You may store or print this privacy statement at any time.
We, the Roman Laure GmbH, attach great importance to data protection. Collection and processing of your personal data takes place under the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).
1 Identity and Contact Details of the Controller
Controller for the collection, processing and utilization of your personal data according to Art. 4(7) GDPR is the
Roman Laure GmbH, Ossum 14, 40668 Meerbusch, telephone: +49 (0) 2132 / 9685204, email: firstname.lastname@example.org.
2 Nature, Purpose of and Legal Basis for the Processing of Personal Data
2.1 Access Data
When you visit this Website, we collect data in so-called server logfiles respectively protocol files. To be collected:
− name of accessed file
− date and time of access
− data volume transferred
− visited pages on our Website
− message whether access was successful
− type and version of browser used by you
− operating system used by you
− website from where you accessed this Website
− websites which you access through this Website
− your internet service provider
− host name of the accessing computer, your IP address and the provider sending the request
This aforementioned general data and information might allow to identify you. However, we do not use the data for this purpose. Rather the data is needed to (1) provide the contents of our Website correctly, (2) optimize the contents of our Website and the advertisement for it, (3) to ensure that our IT systems and the technology of our Website remain functioning permanently and (4) provide the required information to law-enforcement authorities in case of a cyber-attack.
The aforementioned reasons are also our legitimate interests for the data processing according to Art. 6(1) sentence 1 point (f) GDPR.
2.2 Data necessary for Compliance with our Contractual Obligations
We process personal data, such as name, address, email address, ordered products, invoice and payment data, which is necessary in order to comply with our contractual obligations. The collection of this data is already necessary for entering into a contract. The aforementioned also applies when you use the input form which is provided on our Website for placing orders with us.
The legal basis for processing this data is Art. 6(1) sentence 1 point (b) GDPR.
2.3 Telephone Contact, Email Contact and Contact Form
When you contact us by phone, by email or via an existing contact form on our website we process your data on the basis of Art. 6(1) sentence 1 point (b) GDPR in order to take steps at your request prior to entering into a contract respectively, in case you are already our customer, for the performance of the contract, or on the basis of Art. 6(1) sentence 1 point (f) GDPR if the processing is necessary for the purposes of legitimate interests we have. For example, answering to your email might be a legitimate interest.
2.4 Marketing and Advertisement
Provided that you have explicitly given consent under Art. 6(1) sentence 1 point (a) GDPR, we use your personal data for the purposes of marketing and advertising (e.g. by sending newsletters to your email address). You may withdraw your consent as regards the use of your data for the purposes of marketing and advertising at any time.
3 Storage Period
Sofern nicht spezifisch anders angegeben, speichern wir personenbezogene Daten nur so lange, wie dies zur Erfüllung der jeweils verfolgten Zwecke notwendig ist. So werden Zugriffsdaten nach Ziffer 2.1 für maximal sieben Tagen gespeichert und danach gelöscht. Daten, deren weitere Aufbewahrung zu Beweiszwecken erforderlich ist, sind bis zur endgültigen Klärung des jeweiligen Vorfalls von der Löschung ausgenommen.
Provided that not specified otherwise we store your personal data only for as long as necessary for the fulfilment of the respective purpose. Access data under no. 2.1 is stored for not longer than seven day and deleted afterwards. Data which is necessary for evidence purposes is excluded from erasure until the respective matter is resolved completely.
In some cases, e.g. as regards compliance with our contractual obligations under no. 2.2 or in case of a contact under no. 2.3, the legislature possibly requires to store personal data for specified time limits, for instance in the field of commercial or tax law. In such cases we only continue to store the data for the aforementioned legal purposes when we have already fulfilled the purposes we pursued. Beyond that that the data is not processed for other purposes and will be erased after expiration of the statutory retention period.
Like most other online services our Website uses own cookies and such of third parties for several purposes. Cookies contain information that is transmitted from our or a third-party´s webserver to the user´s web browser to be stored there and retrieved later. Cookies can be small files of other kind of information storage.
The cookies we use can be divided into necessary and optional cookies. Necessary cookies are essential for providing this Website in a functional way. This category solely contains cookies which ensure the basic functionality and security of this Website. These cookies do not store personal data. Optional cookies are supposed to improve the user experience on this Website. Such optional cookies can contain personal data. This allows us to analyze the user behavior and to provide third-party services.
Furthermore, you can manage your cookie settings by clicking on the button “Privacy Settings” within the cookie banner and by activating or deactivating the categories of cookies according to your preferences. If you decide later to change your settings during the browser session, you may click the following button:
Hereby your consent will be withdrawn and the cookie banner will be shown again so you can change your settings.
5 Use of Facebook and Instagram
On our Website we use the social plugins for the social networks Facebook and Instagram in order to make our company better known. The marketing purpose which we pursue by that is the legitimate interest for the according data collection under Art. 6(1) sentence 1 point (f) GDPR.
When accessing a website each of the plugins of the aforementioned social networks basically sends data of the user to the server of the social network – irrespective of whether a user clicks on the plugin or is registered in the social network concerned. This enables the social network provider to follow your behavior surfing the web and evaluate it for own marketing purposes (user tracking).
To avoid that and to increase the protection of your data during your visit of our Website we do not embed the aforementioned plugins without limitations in our Website but only by using a link. To our knowledge, embedding plugins this way does not establish a connection with the social network provider´s servers instantly when accessing our Website. Only if you click on one of the buttons a new tab of your browser will open and the service provider´s website will be accessed where you can (as the case may be after entering your login data) click the like button or follow button. In connection with this access, data such as the IP address of your computer, the website you visited as well as time and date of the access will be transmitted to the respective service provider. In case you are logged in to a social network, the aforementioned information will be collected and linked with your respective social network account.
Please see the privacy notice of the respective service provider as regards information on the purposes and extent of data collection and the further processing and use of data by the respective service provider as well as on your rights in this connection and options for privacy protection:
Facebook is provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. In you are residing outside USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is the controller for the processing of personal data.
Services of Instagram are provided by Instagram LLC, 1 Hacker Way, Menlo Park, CA, USA.
6 Use of Vimeo-Plugins
Our Website uses plugins of the video portal Vimeo on the legal basis of Art. 6(1) sentence 1 point (f) GDPR. Provider is the Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit a page with an embedded Vimeo plugin a connection with Vimeo´s servers in the USA will be established. Thereby the Vimeo server will be informed which of our pages you visited. In addition, Vimeo will get to know your IP address. This also applies if you are not logged in at Vimeo or do not own a Vimeo Account.
If you are logged in your Vimeo account, you enable Vimeo to directly link your behavior surfing the web to your personal profile. You can prevent that by logging out from your Vimeo account.
For further information as regards the handling of user data see Vimeo´s privacy statement: https://vimeo.com/privacy.
7 Google Analytics
Google will use this information on our behalf in order to evaluate the use of our online service by the users, to compile reports on the activities inside this online service and to provide other services connected with the use of this online service and the internet to us. In the process pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with active IP anonymization. This means the user´s IP address will be abbreviated in a member state of the European Union or a state which is a signatory to the European Economic Area. As far as we are aware the full IP address is transmitted to and abbreviated at a Google Server in the USA only in exceptional cases. To our knowledge the IP address transmitted by the browser of a user will not be consolidated with other data available at Google.
Users may object to the storage of cookies by choosing the according settings in your browser. Beyond that the user may prevent Google from collecting data related to their use of the online service created by the cookies and processing such data by downloading and installing a browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information as regards the use of data by Google as well as possible settings and objections is available on Google´s websites: https://www.google.com/intl/de/policies/privacy/partners, https://policies.google.com/technologies/ads, https://adssettings.google.com/authenticated.
8 Embedding of further Services and Contents of Third Parties
On the basis of our legitimate interests under Art. 6(1) sentence 1 point (f) GDPR (i.e. interests in analyzing, optimizing and commercial exploitation of our online services), we embed contents and services from third party providers, such as videos or fonts, in our online service (hereinafter called “Contents”). This implies that the third-party providers are aware of the user´s IP address because without knowing the IP address they are not able to transmit Contents to the user´s browser. Therefore, the IP address is required for displaying the Contents. We endeavor to use only such Contents whose providers only use the IP address for the delivery of Contents.
Further, third-party providers can use so-called pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes. By these pixel tags information, such as the user traffic on the pages of this Website, can be evaluated. Further, this pseudonymous information can be stored in cookies on the device of the user, can contain, amongst others, technical information as regards the browser and the operating system, referring websites, time of visit and further details on the use of our online services and can also be linked with information from other sources.
Below an overview is provided as regards third-party providers and their Contents, accompanied by links to their privacy statements which might contain further information on the processing of data and objections (so-called opt out):
• External fonts by Google, LLC., https://www.google.com/fonts („Google Fonts“). („Google Fonts“). Embedding Google Fonts is carried out by accessing a Google server (normally located in the USA). Privacy statement: https://policies.google.com/privacy, opt out: https://adssettings.google.com/authenticated.
• Maps of the service „Google Maps“ by the third-party provider Google LLC. Privacy statement: https://www.google.com/policies/privacy/, opt out: https://www.google.com/settings/ads/.
• Videos of the „YouTube“-platform by the third-party provider des Drittanbieters Google LLC. Privacy notice: https://policies.google.com/privacy, opt out: https://adssettings.google.com/authenticated.
• Videos of the Vimeo-platform by the third-party provider „Vimeo“: https://vimeo.com/terms und https://vimeo.com/privacy
9 Your Rights as a Data Subject
Under the applicable laws you have different rights as regards your personal data. To the extent you want to assert such rights please inform us accordingly and at the same time clearly identify yourself. Below you will find an overview of your rights.
9.1 Right of Confirmation and Access
Under Art. 15(1) GDPR you have, at any time, the right to obtain from us a confirmation as to what extend personal data concerning you are being processed. Where this is the case, you have the right to obtain access to your stored personal data and to receive a copy of this data free of charge. In particular you may obtain access to the following information:
– the purposes of the processing;
– the categories of personal data concerned;
– the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
– where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
– the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
– the right to lodge a complaint with a supervisory authority;
– where the personal data are not collected from you, any available information as to their source.
We do not conduct an automated decision-making, including profiling, referred to in Article 22(1) and 4 GDPR.
9.2 Right to Rectification
Under Art. 16 GDPR you shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
9.3 Right to Erasure (“Right to be Forgotten”)
Under Art. 17(1) GDPR you shall have the right to obtain from us the erasure of personal data concerning you without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
– you withdraw consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
– you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
– the personal data have been unlawfully processed;
– the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
– the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
9.4 Right to Restriction of Processing
Under Art. 18(1) GDPR you shall have the right to obtain from us restriction of processing where one of the following applies:
– the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
– the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
– we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
– you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override those of you.
9.5 Right to Data Portability
Under Art. 20(1) GDPR you shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:
– the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
– the processing is carried out by automated means.
In exercising your right to data portability pursuant, under Art. 20(2) GDPR you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
9.6 Right to Object
Under Art. 21(1) GDPR you shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
9.7 Right to withdraw Consent to Data Processing
Under Art. 7(3) GDPR you shall have the right to withdraw your consent to processing personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9.8 Right to lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, under Art. 77(1) GDPR you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
10 Disclosure of Data to Third Parties, Data Transfer to Third Countries
Notwithstanding no. 5 to 8 we only disclose your personal data to third parties if:
– you have explicitly consented to this;
– this is necessary for the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request;
– the disclosure is necessary in order to comply with a legal obligation;
– the disclosure is necessary in order to protect the vital interests of the data subject or of other persons;
– the disclosure is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
– the disclosure is necessary for the purposes of the legitimate interests pursued us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
Unless otherwise provided by legal or contractual provisions we only process data or have data processed in a third country (i.e. outside the European Union or European Economic Area) under the special requirements of Art. 44 et seq. GDPR. This means for example processing is carried out only if appropriate safeguards exist, such as an officially binding decision that an adequate level of data protection exists or special contractual clauses which are officially recognized (so-called “standard contractual clauses”), if necessary for compliance with our (pre-)contractual obligations, on the basis of your given consent or due to a legal obligation.
11 Data Protection Officer
We are not obligated under law to designate a data protection officer. Therefore, we do not have a data protection officer.
12 Google reCAPTCHA
13 Version of this Privacy Statement