Privacy Policy
Privacy Policy
1) Information on the Collection of Personal Data and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data refers to all data that can be used to personally identify you.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Opal & Lace. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries directed to the controller). You can recognize an encrypted connection by the "https://" string and the lock icon in your browser’s address bar.
2) Data Collection When Visiting Our Website
If you use our website purely for informational purposes, without registering or otherwise providing information, we only collect data that your browser transmits to our server (so-called server log files). When you access our website, we collect the following technically necessary data to display the website:
- The visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference through which you accessed the site
- Browser used
- Operating system used
- IP address used (if necessary, in anonymized form)
Data processing is carried out in accordance with Art. 6 (1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used in any other way. However, we reserve the right to retrospectively check the server log files if there are specific indications of illegal use.
3) Cookies
To make your visit to our website attractive and enable certain functions, we use cookies on different pages. These are small text files stored on your device. Some of these cookies are deleted after the browser session ends (session cookies). Other cookies remain on your device, enabling us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie.
Cookies may help simplify the ordering process (e.g., by remembering the contents of a virtual shopping cart for a future visit). Where cookies process personal data, the processing is either necessary for contract performance (Art. 6 (1)(b) GDPR) or carried out based on our legitimate interest in ensuring the best functionality of the website (Art. 6 (1)(f) GDPR).
You can configure your browser to notify you about cookie settings and decide individually whether to accept cookies, exclude cookies for certain cases, or generally reject them. Please note that if cookies are not accepted, the functionality of our website may be restricted.
For guidance on adjusting cookie settings in popular browsers, you can visit:
- Internet Explorer: Delete and manage cookies
- Firefox: Cookies - Allow and reject
- Chrome: Clear, enable, and manage cookies
- Safari: Manage cookies and website data
- Opera: Web preferences
4) Contacting Us
When you contact us (e.g., via a contact form or email), personal data is collected. The specific data collected in the case of a contact form is evident from the form itself. This data is used solely for the purpose of responding to your request and for the associated technical administration. The legal basis for processing is our legitimate interest in responding to your inquiry in accordance with Art. 6 (1)(f) GDPR. If your contact aims at concluding a contract, then Art. 6 (1)(b) GDPR serves as an additional legal basis.
Your data will be deleted after the final processing of your inquiry, provided there are no legal retention obligations, and it can be inferred from the circumstances that the matter has been conclusively resolved.
5) Data Processing for Customer Account Setup and Contract Execution
Personal data is collected and processed in accordance with Art. 6 (1)(b) GDPR when you provide it to us for the execution of a contract or the creation of a customer account. The specific data collected is evident from the input forms used. The deletion of your customer account is possible at any time and can be requested by sending a message to the controller's address mentioned above.
We store and use the data you provide to fulfill the contract. Once the contract is fully executed or your customer account is deleted, your data will be blocked and deleted after tax and commercial retention periods expire, unless you have explicitly consented to further use of your data or we reserve the right to use data in a manner permitted by law, about which we inform you in this policy.
6) Use of Your Data for Direct Advertising
6.1 Subscription to Our Email Newsletter
When you subscribe to our email newsletter, we send you regular information about our offers. Providing your email address is mandatory for receiving the newsletter, while providing other data is optional and used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means you will only receive the newsletter if you explicitly confirm your consent to receive it by clicking a link in the confirmation email we send.
By activating the confirmation link, you consent to the use of your personal data under Art. 6 (1)(a) GDPR. Upon subscription, we store your IP address and the date and time of registration. This serves to trace potential misuse of your email address. You may unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a request to the controller. After unsubscribing, your email address will be deleted from our newsletter mailing list unless you have explicitly consented to its further use or we are permitted to retain it for other purposes as outlined in this policy.
6.2 Sending Newsletters to Existing Customers
If you have provided your email address in connection with the purchase of goods or services, we reserve the right to send you offers for similar products or services via email without requiring separate consent. This is based on our legitimate interest in personalized direct advertising as per Art. 6 (1)(f) GDPR. You may object to the use of your email address for this purpose at any time by notifying us, without incurring any costs beyond standard transmission rates.
7) Data Processing for Order Fulfillment
7.1 Transmission of Personal Data to Shipping Providers
For contract fulfillment, we share your personal data with the shipping company responsible for delivery, to the extent necessary for the delivery of goods. The legal basis is Art. 6 (1)(b) GDPR.
7.2 Use of Payment Service Providers (Payment Processors)
-
PayPal
When using PayPal, your payment details are shared with PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, as part of payment processing. This transfer of data is based on Art. 6 (1)(b) GDPR and is limited to what is necessary for processing payments.
PayPal reserves the right to conduct a creditworthiness check for certain payment methods like credit card or direct debit. The legal basis for such checks is Art. 6 (1)(f) GDPR. PayPal’s privacy policy provides additional details: PayPal Privacy Policy. You can object to this processing by notifying PayPal, though PayPal may still process your data to fulfill the contractual obligations.
8) Contact for Review Reminders
We use your email address to send a one-time reminder to leave a review of your order for our review system if you have given your express consent to this during or after your order in accordance with Art. 6 (1)(a) GDPR.
You can revoke your consent at any time by notifying the controller.
9) Use of Social Media Plugins
9.1 Facebook Plugins with Shariff Solution
Our website uses social plugins (“plugins”) from Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). To increase the protection of your data when you visit our website, these buttons are integrated using an HTML link rather than unrestrictedly as plugins. This ensures that when you access a page on our site containing such buttons, no connection to Facebook’s servers is made.
If you click the button, a new browser window opens and loads the Facebook page, where you can interact with the plugins (e.g., like or share a post) after logging in. Facebook Inc. is certified under the EU-U.S. Privacy Shield framework, ensuring compliance with European data protection standards. More information is available here: Facebook Privacy Policy.
9.2 Google+ Plugins with Shariff Solution
Our website uses social plugins from Google+, operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Similar to Facebook, these plugins are implemented using an HTML link to protect your data. Interactions with Google+ plugins occur only after you click on them, which establishes a connection to Google’s servers. Google LLC is also certified under the EU-U.S. Privacy Shield. Details are available here: Google Privacy Policy.
9.3 Instagram Plugins with Shariff Solution
We also use plugins from Instagram, operated by Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”). These plugins are integrated similarly to Facebook and Google+ using an HTML link for increased data protection. More details about Instagram’s data handling can be found here: Instagram Privacy Policy.
10) Online Marketing
10.1 DoubleClick by Google
This website uses the DoubleClick online marketing tool by Google LLC. DoubleClick uses cookies to display ads relevant to users, improve campaign performance, and prevent repetitive ads. Google processes data on the basis of our legitimate interest in the optimal marketing of our website (Art. 6 (1)(f) GDPR). DoubleClick does not store personal data but assigns a unique cookie ID to track ads and conversions.
For more details, refer to the DoubleClick Privacy Policy: DoubleClick Privacy Policy.
10.2 Google AdWords Conversion Tracking
We use Google AdWords and its Conversion Tracking feature to measure the effectiveness of our advertising. When you click on an AdWords ad, a cookie is stored on your device to track user actions (e.g., purchases). The cookie expires after 30 days and does not collect personally identifiable information.
For more information about Google’s data practices, visit: Google Privacy Policy.
11) Web Analytics Services
Google (Universal) Analytics
This website uses Google Analytics, a web analysis service provided by Google LLC. Google Analytics employs cookies to analyze how users interact with the site. Data is processed using IP anonymization, ensuring no direct connection to individual users.
You can disable Google Analytics tracking via a browser plugin: Opt-Out Plugin. Further details are available here: Google Analytics Help.
12) Retargeting/Remarketing/Referral Advertising
Facebook Custom Audience via Pixel
Our website uses the “Facebook Pixel” from Facebook Inc. to track user behavior after interacting with our ads. This helps us evaluate ad performance for marketing optimization. The data collected is anonymized for us but processed by Facebook for targeted advertising.
For more details on Facebook’s data policies: Facebook Privacy Policy.
Google AdWords Remarketing
We also use Google AdWords Remarketing, which places a cookie on your browser to serve interest-based ads on Google and third-party sites. You can disable cookies for advertising through the following link: Google Ads Settings.
13) Rights of the Data Subject
Under applicable data protection laws, you have the following rights regarding the processing of your personal data:
13.1 Right to Access (Art. 15 GDPR):
You have the right to obtain confirmation as to whether or not your personal data is being processed and, if so, access the specific data, the purposes of processing, the categories of personal data, the recipients or categories of recipients, the planned storage period, and more. You may also request information about your rights to rectification, deletion, restriction, objection, the origin of your data, and any automated decision-making, including profiling.
13.2 Right to Rectification (Art. 16 GDPR):
You have the right to request immediate correction of inaccurate personal data and to have incomplete data completed.
13.3 Right to Deletion (Art. 17 GDPR):
You can request the deletion of your personal data if the requirements of Art. 17 (1) GDPR are met. This right may not apply if the data processing is required for exercising freedom of expression, compliance with a legal obligation, reasons of public interest, or the establishment, exercise, or defense of legal claims.
13.4 Right to Restriction of Processing (Art. 18 GDPR):
You can request the restriction of your personal data processing under certain conditions, such as disputing the accuracy of your data, unlawful processing, or while determining whether our legitimate grounds override your objection.
13.5 Right to Notification (Art. 19 GDPR):
If you have exercised your rights to rectification, deletion, or restriction of processing, we are obliged to notify all recipients of your data unless this proves impossible or involves disproportionate effort. You can request to be informed about these recipients.
13.6 Right to Data Portability (Art. 20 GDPR):
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller, where technically feasible.
13.7 Right to Withdraw Consent (Art. 7 (3) GDPR):
You may withdraw your consent to data processing at any time. Upon withdrawal, we will cease processing your data unless justified by other legal grounds.
13.8 Right to Lodge a Complaint (Art. 77 GDPR):
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority in your place of residence, workplace, or where the alleged infringement occurred.
14) Right to Object
If we process your personal data based on a balance of interests (Art. 6 (1)(f) GDPR), you have the right to object to this processing at any time for reasons arising from your particular situation.
If you object, we will cease processing your data unless we can demonstrate compelling legitimate grounds that outweigh your interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defense of legal claims.
If your data is processed for direct marketing purposes, you have the right to object at any time. Once you object, we will no longer process your data for such purposes.
15) Data Retention Period
The retention period for personal data depends on the applicable legal retention periods (e.g., tax or commercial law). After these periods expire, the corresponding data is routinely deleted, provided it is no longer required for contract fulfillment or initiation and there are no legitimate grounds for further retention.
This concludes the translation of the Privacy Policy. If you have further requests or need assistance with specific parts, let me know!