Privacy Policy
1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE DATA CONTROLLER
1.1 Thank you for visiting our website and for your interest in our services. Below, we inform you about how we handle your personal data when you use our website. Personal data refers to any information that can be used to identify a natural person.
1.2 The party responsible for data processing on this website, as defined under the General Data Protection Regulation (GDPR), is Emily & Grace Dublin. The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.
1.3 For security reasons, and to protect the transmission of personal data and other confidential content (such as orders), this website uses SSL or TLS encryption. You can identify an encrypted connection by the "https://" prefix and the padlock icon displayed in your browser's address bar.
2) DATA COLLECTION WHEN VISITING THE WEBSITE
If you visit our website purely for informational purposes — that is, without registering or providing any information — we only collect the data that your browser automatically transmits to our server (so-called "server log files"). These may include:
- The page visited
- Date and time of access
- Volume of data transferred (in bytes)
- The referring source (the website from which you arrived)
- Browser used
- Operating system used
- IP address (anonymised where applicable)
The legal basis for this processing is our legitimate interest under Article 6(1)(f) GDPR, aimed at improving the stability and functionality of our website. This data is not passed on to third parties and is not used for any other purpose, unless there is concrete evidence of unlawful use. In such cases, we reserve the right to review the server log files retrospectively.
3) COOKIES
Our website uses cookies in various areas to enhance the user experience and to provide certain functions. Cookies are small text files stored on your device.
Some cookies are automatically deleted when you close your browser (session cookies), whilst others remain on your device and allow your browser to be recognised on your next visit (persistent cookies).
Depending on their function, cookies may collect data such as browser type, location, or IP address. Persistent cookies are automatically deleted after a specified period of time.
Certain cookies help to simplify the ordering process (for example, by remembering the contents of your shopping basket).
The legal basis for data processing via cookies is:
- Article 6(1)(b) GDPR (performance of a contract), or
- Article 6(1)(f) GDPR (legitimate interest in improving functionality and user experience)
Where we work with advertising partners, third-party cookies may also be used. We will provide separate information on this where applicable.
You can configure your browser settings to receive notifications about cookies, to allow them selectively, to block them entirely, or to have them deleted automatically when you close your browser. Please note that disabling cookies may limit the functionality of the website.
4) CONTACT
When you get in touch with us (via contact form or email), we collect the personal data you provide. You can reach our support team at support@emilygrace-dublin.com. This data is used solely to respond to your enquiry and for the related technical administration.
The legal basis for processing is our legitimate interest under Article 6(1)(f) GDPR. Where the contact is aimed at entering into a contract, the legal basis is Article 6(1)(b) GDPR.
Once your enquiry has been dealt with, your data will be deleted, unless a statutory retention obligation applies.
5) USER ACCOUNT REGISTRATION AND PERFORMANCE OF CONTRACT
In order to enter into a contract or to create a user account, we collect and process the personal data you provide. Mandatory fields are indicated separately on the relevant forms.
Your user account can be deleted at any time. Following the performance of the contract or deletion of the account, your data will be archived and then deleted once the statutory retention periods (under tax and commercial law) have expired, unless further consent or another legal basis exists for continued retention.
6) DATA PROCESSING FOR DIRECT MARKETING PURPOSES
6.1 Newsletter If you subscribe to our newsletter, we will send you regular information and offers. This is done solely with your explicit consent, using a double opt-in procedure.
Legal basis: Article 6(1)(a) GDPR. You may unsubscribe from the newsletter at any time.
6.2 Emails to Existing Customers If you provided your email address during a purchase, we may send you offers relating to similar products on the basis of our legitimate interest (Article 6(1)(f) GDPR), unless you object to this.
7) DATA PROCESSING FOR THE FULFILMENT OF ORDERS
7.1 In order to fulfil the contract, we pass the necessary data on to delivery service providers and financial institutions on the basis of Article 6(1)(b) GDPR.
7.2 We make use of payment service providers such as PayPal and SOFORT (Klarna). Only the data required to process the payment is transferred. Each provider operates under its own privacy policy.
8) REQUESTING PRODUCT REVIEWS
Where you have given your explicit consent (Article 6(1)(a) GDPR), we may send you an email requesting a review of a product you have purchased. This consent may be withdrawn at any time.
9) SOCIAL MEDIA PLUG-INS
Our website uses social media plug-ins (e.g. Facebook, Google+, Instagram) via the "Shariff" solution, which prevents automatic data transmission.
Data is only transferred if you actively click on the relevant button. The providers hold Privacy Shield certification.
10) ONLINE MARKETING
We use DoubleClick and Google AdWords conversion tracking for personalised advertising, on the basis of legitimate interest (Article 6(1)(f) GDPR).
Cookies can be disabled via your browser settings or by using browser extensions.
11) ANALYTICS SERVICES
We use Google Analytics (with anonymised IP addresses) to analyse how our website is used.
Legal basis: Article 6(1)(f) GDPR. Tracking can be disabled using the following browser add-on: https://tools.google.com/dlpage/gaoptout?hl=en
12) REMARKETING
Facebook Pixel and Google Remarketing analyse user behaviour in order to improve our marketing campaigns.
Data collection only takes place with your explicit consent (Article 6(1)(a) GDPR).
Advertising preferences can be managed at the following pages: https://www.aboutads.info/choices/ https://www.google.com/settings/ads
13) YOUR RIGHTS AS A DATA SUBJECT
You are entitled to the following rights:
- Right of access (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right to withdraw consent (Article 7(3) GDPR)
- Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
14) DATA RETENTION PERIODS
The retention period for your data depends on the statutory retention periods prescribed by law (under tax and commercial legislation). Once these periods have elapsed, your data will be deleted, unless a contractual obligation or legitimate interest justifies further retention.
Data processing and advertising services are managed by CAVALEIRUS LLC.