Privacy Policy

DATA PROTECTION / PRIVACY POLICY

1. INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTROLLER CONTACT DETAILS

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we inform you about the handling of personal data when using our website. Personal data includes all data with which you can be personally identified.

1.2 The controller for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Elliot & Grace (the “Controller”). The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3 This website uses SSL/TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (such as orders or inquiries). You can recognize an encrypted connection by “https://” and the lock symbol in your browser bar.

2. DATA COLLECTION WHEN VISITING OUR WEBSITE

When you use our website for informational purposes only—without registering or otherwise providing information—we only collect the data that your browser transmits to our server (server log files). When you visit our website, we collect the following data, which is technically necessary to display the website to you:

  • The website visited

  • Date and time of access

  • Amount of data sent in bytes

  • Source/referrer from which you accessed the page

  • Browser used

  • Operating system used

  • IP address used (possibly anonymized)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way, but we reserve the right to check server log files retrospectively if there are concrete indications of illegal use.

3. COOKIES

To make your visit to our website attractive and to enable certain functions, we use cookies. Some are session cookies (deleted after your browser session), others are persistent cookies (stored for a defined period).

If cookies implemented by us process personal data, this is done:

  • under Art. 6(1)(b) GDPR (contract performance), or

  • under Art. 6(1)(f) GDPR (our legitimate interests in providing optimal website functionality and a user-friendly experience).

We may also work with advertising partners; in such cases, third-party cookies may be stored on your device. Where applicable, you will be informed about these cookies and the scope of data collected.

Cookie controls: You can configure your browser to inform you about cookie placement, decide on acceptance individually, or generally exclude cookies. Browser-specific instructions are available here:

Note: Disabling cookies may limit website functionality.

4. CONTACTING US

When you contact us (e.g., via contact form or email), we collect personal data. The specific data collected is indicated in each form. We process this data solely to respond to your inquiry and for related technical administration.

  • Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in responding).

  • If your inquiry aims at contract conclusion or performance: Art. 6(1)(b) GDPR.

Your data will be deleted once your request is fully handled and there are no statutory retention obligations to the contrary.

5. DATA PROCESSING FOR ACCOUNT CREATION AND CONTRACT PERFORMANCE

Under Art. 6(1)(b) GDPR, we collect and process personal data when you provide it to execute a contract or open a customer account. Required data fields are shown on the relevant forms.

You may request deletion of your customer account at any time by contacting us. We store and use the data you provide to process the contract. After full performance or account deletion, we restrict processing to comply with commercial/tax retention periods and delete the data thereafter, unless you have consented to further processing or such processing is otherwise permitted by law.

6. USE OF YOUR DATA FOR DIRECT ADVERTISING

6.1 Newsletter Registration

When you subscribe to our newsletter, we send periodic information about our offers. Only your email address is required; other fields are optional. We use a double opt-in process.

  • Legal basis: Art. 6(1)(a) GDPR (your consent).
    We store your registration data (including IP address, date/time) to document consent and prevent misuse. You can unsubscribe anytime via the link in each email or by contacting the controller. After unsubscribing, we remove your email unless you consent to further use or another legal basis applies.

6.2 Newsletter to Existing Customers

If you provided your email address during a purchase, we may send you offers for similar products or services based on Art. 6(1)(f) GDPR (legitimate interest in direct marketing). You can object at any time at no cost beyond transmission charges per base rates.

7. DATA PROCESSING FOR ORDER HANDLING

7.1 Delivery and Payment

We share necessary personal data with the transport company to deliver goods and with the payment institution (or provider) to process payments, per Art. 6(1)(b) GDPR.

7.2 Payment Service Providers

PayPal
If you pay via PayPal (incl. PayPal Credit Card, Direct Debit, “Pay on Account,” “Installments” if offered), your payment data is transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg under Art. 6(1)(b) GDPR. PayPal may conduct a credit check under Art. 6(1)(f) GDPR (legitimate interest) and share data with credit agencies. Details: https://www.paypal.com/en/webapps/mpp/ua/privacy-full. You may object by contacting PayPal.

SOFORT (Klarna)
If you select SOFORT, the payment is processed by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. We transmit the necessary order and personal data under Art. 6(1)(b) GDPR solely for payment processing. Details: https://www.klarna.com/sofort/datenschutz.

8. REVIEW REMINDER

With your express consent during or after purchase, we may send a one-time review request via email under Art. 6(1)(a) GDPR. You may revoke consent at any time by contacting the controller.

9. USE OF SOCIAL MEDIA: SOCIAL PLUGINS

9.1 Facebook (Shariff Solution)

We use social plugins from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For enhanced privacy, we use Shariff (HTML link only). No connection to Facebook is made until you click the button, which opens Facebook in a new window. Privacy policy: https://www.facebook.com/policy.php

9.2 Google+ (Shariff Solution)

Plugins from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA are integrated via Shariff. No connection is made to Google+ until clicked. Privacy policy: https://www.google.com/intl/en/policies/privacy/

9.3 Instagram (Shariff Solution)

Plugins from Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA are integrated via Shariff. Privacy policy: https://help.instagram.com/155833707900388/

10. ONLINE MARKETING

10.1 DoubleClick by Google

We use DoubleClick by Google (cookies for ad relevance and frequency capping). Processing is based on our interest in optimal marketing under Art. 6(1)(f) GDPR. You can block cookies from www.googleadservices.com and/or manage preferences at www.aboutads.info. Privacy policy: https://www.google.de/policies/privacy/

10.2 Google Ads Conversion Tracking

We use Google Ads conversion cookies (typically expire after 30 days). If you don’t want tracking, disable the Google conversion cookie in your browser. Legal basis: Art. 6(1)(f) GDPR (targeted advertising). Privacy policy: https://www.google.de/policies/privacy/

11. WEB ANALYTICS – Google (Universal) Analytics

We use Google Analytics (cookies). This site uses _anonymizeIp() so IPs are truncated within the EU/EEA. In rare cases, the full IP may be sent to the US and shortened there. Legal basis: Art. 6(1)(f) GDPR (legitimate interests in statistics, optimization, marketing).

Google processes this on our behalf and does not merge your truncated IP with other data. You can:

  • Block cookies in your browser (may limit functionality).

  • Install the opt-out add-on: https://tools.google.com/dlpage/gaoptout?hl=de

  • Use the mobile opt-out link (sets an opt-out cookie for this domain/browser only; re-enable after cookie deletion).

We also use User-ID for cross-device analysis (anonymized, persistent ID). You can deactivate via the Google plug-in above.

More on Universal Analytics: https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376

12. RETARGETING / REMARKETING / REFERRAL ADVERTISING

Facebook Custom Audiences (Pixel)
With your explicit consent, we use the Facebook Pixel to measure ad effectiveness and improve campaigns. Data may be linked to your Facebook profile and used under Facebook’s policies: https://www.facebook.com/about/privacy/
Processing occurs only with consent under Art. 6(1)(a) GDPR. Users under 13 should obtain guardian consent. You can manage broader ad settings via the Digital Advertising Alliance: https://www.aboutads.info/choices/

Google Ads Remarketing
We use Google Ads Remarketing (cookie-based pseudonymous IDs) under Art. 6(1)(f) GDPR (legitimate interest in marketing). If you’re logged into Google and opted into ad personalization, Google may combine data for cross-device audiences. Opt-outs:

13. RIGHTS OF THE DATA SUBJECT

13.1 Your GDPR Rights

You have the following rights regarding your personal data:

  • Access (Art. 15)

  • Rectification (Art. 16)

  • Erasure (Art. 17)

  • Restriction (Art. 18)

  • Notification to recipients (Art. 19)

  • Data portability (Art. 20)

  • Withdrawal of consent (Art. 7(3))

  • Complaint to a supervisory authority (Art. 77)

13.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON LEGITIMATE INTERESTS (ART. 6(1)(f) GDPR), YOU HAVE THE RIGHT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT AT ANY TIME WITH EFFECT FOR THE FUTURE.

IF YOU OBJECT, WE WILL STOP PROCESSING THE DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

YOU MAY OBJECT AT ANY TIME TO PROCESSING FOR DIRECT MARKETING PURPOSES. IF YOU DO SO, WE WILL CEASE SUCH PROCESSING IMMEDIATELY.

14. STORAGE PERIOD

The storage duration of personal data depends on statutory retention periods (e.g., commercial/tax laws). After these periods expire, the data is routinely deleted unless it is still necessary for contract fulfillment, contract initiation, or if we have a legitimate interest in continued storage.

Contact

Questions or requests about data protection may be sent to:
📩 contact@elliotgrace.com