1) Information on the collection of personal data and contact details of the data controller

1.1 We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about how we handle your personal data when you use our website. Personal data is any data that can be used to personally identify you.

1.2 The data controller for this website within the meaning of the General Data Protection Regulation (GDPR) is Sabrina Wettl, Lavendelweg 3, 9520 Annenheim, Austria, email: solilunastore@gmail.com The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 This website uses SSL/TLS encryption for security reasons to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the "https://" prefix and the padlock symbol in your browser's address bar.

2) Data collection when visiting our website

When you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary to display the website to you:

Our visited website
Date and time of access
Amount of data sent in bytes
Source/reference from which you came to this page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Data processing is carried out in accordance with Article 6 Paragraph 1 Point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for any other purpose. However, we reserve the right to subsequently review the server log files if there is concrete evidence of illegal use.

3) Cookies

To make your visit to our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of your browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they collect and process certain user information, such as browser and location data, as well as IP addresses, according to individual requirements. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can find the storage duration of each cookie in your web browser's cookie settings.

In some cases, cookies are used to simplify the ordering process by saving settings (e.g., the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies we set, this processing is carried out in accordance with Article 6(1)(b) GDPR for the performance of the contract or in accordance with Article 6(1)(f) GDPR to protect our legitimate interests in ensuring the best possible website functionality and a user-friendly and effective website experience.
We work with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). You will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following sections.

Please note that you can configure your browser to notify you when cookies are being set, allowing you to decide whether to accept them individually, or to block cookies in certain cases or entirely. Each browser manages cookie settings differently. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find this information for the respective browsers at the following links:

Please note that the functionality of our website may be limited if cookies are not accepted.

4) Making contact

When you contact us (e.g., via a contact form or email), personal data is collected. The specific data collected via a contact form is detailed within that form. This data is used solely for responding to your inquiry, contacting you, and for related technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry, in accordance with Article 6(1)(f) of the GDPR.
If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted after your request has been fully processed; this is the case when it is clear from the circumstances that the matter has been definitively resolved, provided that no statutory retention obligations apply.

5) Data processing when opening a customer account and for contract processing

In accordance with Article 6(1)(b) of the GDPR, personal data will continue to be collected and processed if you provide it to us for the performance of a contract or when opening a customer account. The specific data collected is indicated in the respective input forms. You can delete your customer account at any time by sending a message to the data controller's address listed above. We store and use the data you provide for contract processing. After the contract has been fully processed or your customer account has been deleted, your data will be blocked in accordance with tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use your data as permitted by law, about which we will inform you accordingly below.

6) Processing of data for the purpose of order processing

Use of payment service providers

iClear
If you select the payment method "iclear invoice," you will be asked to enter your personal data (first and last name, street, house number, postal code, city) during the ordering process. To protect our legitimate interest in assessing the creditworthiness of our customers, we forward this data to iclear GmbH, M2 17, 68161 Mannheim ("iclear") for the purpose of a credit check in accordance with Article 6 Paragraph 1 Point f GDPR. Based on your personal data and other data (e.g., shopping cart, invoice amount, order history, payment history), iclear checks whether the selected payment method can be granted with regard to payment and/or default risks. Furthermore, identity and credit information from the following credit agency may be included in the decision-making process for the application review: Domnowski Inkasso GmbH, Am Powverschoppen 17, 59071 Hamm, Germany.
The credit report may contain probability values (so-called score values). If score values are included in the credit report, they are based on recognized scientific, mathematical-statistical methods. The calculation of the score values includes, but is not limited to, address data. Further information on iclear's privacy policy can be found at: https://www.iclear.de/?id=32 .
You can object to this processing of your data at any time by sending a message to the data controller or to iclear. However, iclear may still be entitled to process your personal data to the extent necessary for the contractual processing of payments.
Klarna
If the payment method "Klarna Invoice Purchase" or (if offered) "Klarna Installments Purchase" is selected, payment processing is handled by Klarna AB (publ) [ https://www.klarna.com/de ]. ], Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”). For payment processing, your personal data (first and last name, street, house number, postal code, city, gender, email address, telephone number and IP address) as well as order data (e.g. invoice amount, items, delivery method) will be forwarded to Klarna for identity and credit checks, provided you have expressly consented to this in the ordering process in accordance with Art. 6 para. 1 point a GDPR.
Information on which credit agencies your data may be forwarded to can be found here: http://cdn.klarna.com/1.0/shared/content/legal/terms/Klarna/en_gb/checkout .
The credit report may contain probability values (score values) based on recognized scientific, mathematical-statistical methods and including address data, among other things. Klarna uses the information obtained about the statistical probability of non-payment to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship.
You can withdraw your consent at any time by sending a message to the data controller or to Klarna. Klarna may still be entitled to process your personal data to the extent necessary for processing payments under the contract.
Your personal data will be processed in accordance with applicable data protection regulations and Klarna's privacy policy:
Germany: https://cdn.klarna.com/1.0/shared/content/policy/data/de_en/data_protection.pdf
Austria: https://cdn.klarna.com/1.0/shared/content/policy/data/de_at/data_protection.pdf
PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal, your payment data will be transmitted to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal"). This transfer is carried out in accordance with Article 6 Paragraph 1 Point b GDPR and only to the extent necessary for payment processing.
PayPal reserves the right to conduct credit checks for the aforementioned payment methods. For this purpose, your payment details may be shared with credit reference agencies based on PayPal's legitimate interest in assessing your creditworthiness. Further information can be found in the PayPal Privacy Statement: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.
Shopify Payments
If you choose a payment method via the payment service provider “Shopify Payments”, the payment will be processed via the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we forward the information you provide in connection with your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 point f GDPR.
Shopify Payments' privacy policy can be found here: https://www.shopify.com/legal/privacy.
The privacy policy of Stripe Payments Europe Ltd can be found here: https://stripe.com/gb/privacy.
IMMEDIATELY
When selecting the payment method "SOFORT", payment is processed via SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany ("SOFORT"), to whom we transmit the information provided during the ordering process along with the order details in accordance with Article 6 Paragraph 1 Point b GDPR. SOFORT is part of the Klarna Group. Further information on SOFORT's privacy policy: https://www.klarna.com/uk/privacy-policy/.
Stripe
When selecting a Stripe payment method, the payment will be processed via Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will forward your information provided during the ordering process (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 point b GDPR.
Your data will only be shared with Stripe to the extent necessary for payment processing. Further information on Stripe's privacy policy can be found here: https://stripe.com/gb/privacy.

7) Use of videos

Using YouTube videos
This website uses the YouTube embedding function to display and play videos from the provider YouTube, Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 ESW5, Ireland (“Google”).
For this purpose, enhanced privacy mode is used to ensure that, according to the provider, user data is only stored when the video playback function is started. When playback begins, the provider sets "YouTube" cookies to collect information about user behavior. If you are logged into Google, your information will be directly linked to your Google account as soon as you click on a video. If you do not want this, you must log out of Google before activating the button. Google also stores and analyzes the data for users without an account. This processing is carried out in accordance with Article 6 Paragraph 1 Point f GDPR on the basis of Google's legitimate interest in personalized advertising, market research, and the needs-based design of the website.
Further information on YouTube's privacy policy: www.google.com/policies/privacy/.

Using Vimeo videos
Our website uses plugins from the video portal Vimeo, Vimeo LLC, 555 West 18th Street, New York, NY 10011, USA. When you access a page on our website that contains such a plugin, your browser establishes a direct connection to Vimeo's servers. The plugin's content is then transmitted directly from Vimeo to your browser and integrated into the page.
If you are logged in to Vimeo, Vimeo can immediately associate your visit with your Vimeo account.
The processing is carried out in accordance with Art. 6 para. 1 point f GDPR on the basis of Vimeo's legitimate interest in market research and needs-based service design.
If you do not want Vimeo to associate the collected data with your account, you must log out of Vimeo before visiting the website.
Further information: https://vimeo.com/privacy.

For embedded Vimeo videos, Google Analytics from Google Ireland Limited is also integrated, to which we have no access. Analytics uses cookies to analyze website usage. Data is stored on servers in the USA. Processing is carried out in accordance with Art. 6 para. 1 point f GDPR.

8) Online Marketing

Facebook Pixel for creating Custom Audiences
Our website uses the Facebook pixel of the social network Facebook, operated by Facebook Ireland Limited, 4 Grand Canal Quay, Square, Dublin 2, Ireland (“Facebook”).
When a user clicks on a Facebook ad placed by us, a URL suffix is added by the pixel.
The Facebook Pixel enables the creation of target groups (Custom Audiences). The collected data is anonymous but can be linked to the user profile. Processing is carried out in accordance with Article 6(1)(f) GDPR based on legitimate interests.
Further information on Facebook's data policy: https://www.facebook.com/about/privacy/.
You can refuse the use of the Facebook pixel by setting an opt-out cookie (valid only for this browser and this domain).

9) Rights of the data subject

You have extensive rights under the GDPR:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to be informed (Art. 19 GDPR)
Right to data portability (Art. 20 GDPR)
Right to withdraw consent (Art. 7 para. 3 GDPR)
Right to lodge a complaint (Art. 77 GDPR)

Right to object
You can object to the processing of your personal data based on legitimate interests at any time (Art. 21 GDPR).
If you object to direct marketing, processing for this purpose will be stopped.

10) Duration of storage of personal data

The storage period depends on the legal basis, the purpose of the processing and, if applicable, statutory retention periods.

In the case of processing based on explicit consent (Art. 6 para. 1 a GDPR): until revocation.
In the case of legally or contractually mandated storage (Art. 6 para. 1 b GDPR): Deletion after the expiry of the retention periods, unless further processing is required.
In the case of processing based on legitimate interests (Art. 6 para. 1 f GDPR): until the exercise of the right to object, unless there are compelling legitimate grounds for protection.
Direct marketing: until the right to object is exercised in accordance with Article 21(2) GDPR.

Unless otherwise stated, personal data will be deleted when it is no longer required for the purpose for which it was collected or processed.