Privacy Policy
We are pleased to welcome you to our website. Below, we would like to inform you about how your data is handled in accordance with Article 13 of the General Data Protection Regulation (GDPR).
Controller
The entity responsible for the data processing described below is: Ayn Company
Hainer Weg 176
60599 Frankfurt am Main
theayncompany@gmail.com
Phone: 0173 7777062
Usage Data
When you visit our websites, we collect data that your browser transmits to our server (so-called “server log files”). On our web server, temporary usage data is stored for statistical purposes as logs to improve the quality of our websites.
This dataset consists of:
The page from which the content was requested,
The name of the requested content,
The date and time of the query,
The amount of data transferred in bytes,
The access status (file transferred, file not found),
The description of the type of web browser used,
The description of the type of operating system used,
The IP address of the requesting computer.
The aforementioned log data is stored in anonymized form only.
The legal basis for processing usage data is Article 6(1)(f) of the GDPR. The processing is carried out in the legitimate interest of providing the website’s content and ensuring a device- and browser-optimized display.
IP Address Storage
Additionally, we store the IP address transmitted by your web browser for a strictly limited purpose for a period of seven days in order to detect, limit, and eliminate attacks on our websites. After this period, we delete or anonymize the IP address. The legal basis is Article 6(1)(f) of the GDPR.
I. Online Store
(A) Contact via Phone and Email
You have the option to contact us by phone or email. If we collect data from you during a phone call, we use this data solely to address your inquiry or to contact you. The data provided in connection with an email will also be used only for these purposes. The legal basis for data processing is our legitimate interest in addressing your inquiry under Article 6(1)(f) of the GDPR. If your inquiry pertains to entering into a contract, the legal basis for processing is Article 6(1)(b) of the GDPR. We delete your data once it is no longer necessary and no legal retention obligations apply. You have the right to object at any time to processing under Article 6(1)(f) of the GDPR. To do so, please contact us at theayncompany@gmail.com.
In connection with a customer service inquiry, we may request additional information from you to verify your identity or authorization (authentication). If the verification is required by law, it will be based on Article 6(1)(c) of the GDPR in conjunction with the relevant legal obligation (e.g., Article 12(6) of the GDPR and Article 5(2) of the GDPR concerning data subject rights). In other cases, data processing is based on our legitimate interest in determining whether you are authorized to initiate the requested transaction under Article 6(1)(f) of the GDPR. We will delete your data once it is no longer necessary and no legal retention obligations apply. You have the right to object at any time to processing under Article 6(1)(f) of the GDPR. Please contact us at the email address listed in the imprint.
Creation of a Customer Account and Order Processing
You have the option to create a customer account with us. When creating an account, we store the data you enter during registration, which includes your email address and the password you choose.
Additional personal data, such as your name, first name, and address, will be stored within your customer account if you provide it. Personal data required for order processing is processed based on Article 6(1)(b) of the GDPR. Additional data not required for this purpose (e.g., your date of birth) will be processed based on your consent.
We also process personal data that you transmit to us during the order process (e.g., billing and shipping addresses, details of the items ordered, and your preferred payment method) in accordance with Article 6(1)(b) of the GDPR to process your orders. Your email address will be used to communicate the status of your order.
You can delete your customer account at any time by selecting the “Delete Account” link under the “My Account” section at the bottom of the page or by sending a message to theayncompany@gmail.com. After deletion, your customer account will be removed. Please note that some of your personal data may still be processed if, for example, a contract is still being executed or if there are statutory retention obligations. Your data will be deleted when further processing is no longer necessary unless you explicitly consent to further use of your data or there is a legally permissible reason for continued processing.
Data Sharing in the Payment Process
PayPal: You can use the PayPal service provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you choose this option, you will be redirected to PayPal at the end of the ordering process. PayPal processes only billing-relevant data, including your personal data, such as your name, address, and payment details (bank or credit card information), as well as information about your order, such as the invoice amount. We do not process this data ourselves. We only receive information about whether the payment was successful. The data processing serves the fulfillment of the contract under Article 6(1)(b) of the GDPR. PayPal acts as an independent data controller under the GDPR. PayPal may transmit data to credit rating agencies for identity and credit checks. Please note that PayPal may transfer data to countries outside the EU/EEA. You can find more information on data transfers and other privacy-related matters in PayPal’s privacy policy.
Credit Card: You also have the option to make payments by credit card (American Express, Mastercard, VISA). Your credit card number, expiration date, and security code (CVV/CVC) will be requested. PayPal provides the credit card data input fields, so we do not have access to this information. PayPal verifies the validity of your credit card and available credit limit and then forwards the payment request to the credit card company. The credit card company checks the payment and, if successful, approves the charge. The payment is then processed by the credit card company, and the amount is credited to us. Data processing serves the fulfillment of the contract under Article 6(1)(b) of the GDPR. PayPal acts as an independent data controller in the payment process. PayPal may transmit data to credit rating agencies for identity and credit checks.
Processing of Personal Data of Recipients
If you are a recipient of an order or delivery (e.g., flowers) without having placed the order yourself, we process the personal data provided to us by third parties during the order process in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in processing the order and delivering the goods to you. You have the right to object at any time to processing under Article 6(1)(f) of the GDPR. To do so, please contact theayncompany@gmail.com.
II. Data Security
To protect your data from unauthorized access, we implement technical and organizational measures. We use encryption on our websites. Your data is transmitted from your computer to our server and vice versa via the internet using SSL or TLS encryption. You can recognize this by the closed padlock symbol in the status bar of your browser and the address starting with “https://”.
III. Data Recipients and Data Transfer to Third Countries
As described in this Privacy Policy, we transfer your data to service providers who assist us in operating our websites and related processes in accordance with Article 28 of the GDPR. Our service providers are contractually obligated to comply with data protection laws. In certain circumstances, we may also share your personal data with other recipients. If they act as processors on our behalf, there is a contract in place in accordance with Article 28 of the GDPR, obligating them to process the data under our instructions.
In the case of an order, your data may be shared with service providers who assist us with order processing, shipping, and payment services (e.g., logistics companies and shipping providers like DHL).
If you have outstanding debts with us, we reserve the right to assign the collection of such debts to a debt collection agency. The necessary personal data for debt collection (name, address, phone number, email address, payment information, order details) may be shared with a collection agency. The agency acts as an independent data controller for processing your data. The legal basis for the transfer of personal data is Article 6(1)(f) of the GDPR, based on our legitimate interest in outsourcing the debt collection process.
In certain cases (e.g., allegations of data misuse or fraud), data may be shared with authorities or external legal advisors. If we are legally required to disclose the data, the legal basis for the data transfer is Article 6(1)(c) of the GDPR. If the transfer is necessary to pursue legitimate interests, the legal basis is Article 6(1)(f) of the GDPR.
In addition, we may transfer data in response to a data subject request (e.g., the right to access under Article 15 of the GDPR). If you have placed an order for another person, we may share information about the origin of data if the third party requests it. We will only share data to the extent that it is legally permissible.
IV. Data Retention
Unless otherwise specified, we delete personal data when it is no longer necessary for the purposes outlined above, and there are no legal reasons to retain it.
V. Your Rights as a Data Subject
The GDPR grants you certain rights regarding your personal data:
Right to Access (Article 15 GDPR): You have the right to request confirmation of whether your personal data is being processed and, if so, to access the data and the information listed in Article 15 GDPR.
Right to Rectification and Deletion (Articles 16 and 17 GDPR): You have the right to request the correction of inaccurate personal data or the completion of incomplete data. You also have the right to request deletion of your data if any of the reasons outlined in Article 17 GDPR apply, such as if the data is no longer needed for the intended purposes.
Right to Restriction of Processing (Article 18 GDPR): You have the right to request a restriction on the processing of your data under certain circumstances outlined in Article 18 GDPR.
Right to Data Portability (Article 20 GDPR): In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format or to request the transfer of data to another controller.
Right to Object (Article 21 GDPR): You have the right to object to processing based on Article 6(1)(f) (processing based on legitimate interests) for reasons related to your particular situation. If you object, we will no longer process the data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms.
Right to Withdraw Consent (Article 7 GDPR): If the processing of your data is based on consent, you have the right to withdraw your consent at any time.
Complaints to Supervisory Authorities
Under Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that your data is being processed in violation of data protection laws.
Data Processing in Connection with the Assertion of Rights:
We process your data to review, handle, respond to, and document your requests regarding data subject rights (Articles 15-22 GDPR). This processing is based on Article 6(1)(c) of the GDPR. We may also share your data with external service providers to assist in processing your request.
