Login

Country

Cart

Your cart is empty

Privacy policy

Privacy Policy

  1. Introduction and Contact Details of the Data Controller 1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when using our website. Personal data refers to all information that can be used to identify you personally.

1.2 The data controller for processing personal data on this website, as defined by the General Data Protection Regulation (GDPR), is Sana Sehic, Sumana, Semmelstr. 53, 97070 Würzburg, Germany, Tel.: +49 176 72429753, Email: info@sumana-jewelry.de. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

  1. Data Collection When Visiting Our Website When you visit our website for informational purposes only, i.e., when you do not register or transmit information to us in any other way, we collect only data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data, which is technically required to display the website:
  • The website visited
  • Date and time of access
  • Amount of data transmitted in bytes
  • Source/referral from which you accessed the page
  • Used browser
  • Used operating system
  • Used IP address (if applicable: in anonymized form)

The processing takes place in accordance with Art. 6 (1) lit. f GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data is not shared or otherwise used. However, we reserve the right to review the server log files retrospectively if there are specific indications of unlawful use.

  1. Hosting & Content Delivery Network Shopify

We use the system of the following provider for hosting our website and displaying the page content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, ensuring the protection of the data of our website visitors and prohibiting unauthorized disclosure to third parties.

In the case of data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

  1. Cookies To make visiting our website more attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for a longer period and enable the storage of page settings (so-called “persistent cookies”). In the latter case, you can check the storage duration in the cookie settings of your browser.

If personal data is processed by certain cookies we use, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either for the performance of a contract, according to Art. 6 (1) lit. a GDPR if consent is given, or according to Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the optimal functionality of the website and a customer-friendly, effective design of the page visit.

You can configure your browser to notify you when cookies are set and allow you to accept them individually or reject them for specific cases or generally.

Please note that if you reject cookies, the functionality of our website may be restricted.

  1. Contacting Us When contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of processing and responding to your inquiry and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted when it becomes clear that the matter has been fully resolved and provided no statutory retention obligations prevent deletion.

  1. Data Processing When Opening a Customer Account According to Art. 6 (1) lit. b GDPR, personal data will be collected and processed to the necessary extent when you provide it for the opening of a customer account. The data required for account creation can be found in the input mask of the relevant form on our website.

You may delete your customer account at any time by sending a message to the above-mentioned address of the data controller. After deletion of your account, your data will be deleted, provided that all contracts concluded through the account have been fully processed, no statutory retention periods are in place, and we have no legitimate interest in continuing to store the data.

  1. Use of Customer Data for Direct Marketing Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for the newsletter subscription is your email address. Providing additional data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for the newsletter, which ensures that you will only receive the newsletter after confirming your consent by clicking on a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent for the use of your personal data in accordance with Art. 6 (1) lit. a GDPR. We also store your IP address registered by your Internet Service Provider (ISP) and the date and time of registration in order to trace any misuse of your email address at a later point in time. The data collected during the newsletter subscription process is used strictly for that purpose.

You can unsubscribe from the newsletter at any time by using the designated link in the newsletter or by sending a corresponding message to the responsible party mentioned above. After unsubscribing, your email address will be immediately removed from our newsletter distribution list, unless you have explicitly consented to further use of your data or we reserve further data usage that is legally permitted and which we inform you about in this declaration.

  1. Data Processing for Order Processing 8.1 As required for contract fulfillment for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the bank, in accordance with Art. 6 (1) lit. b GDPR.

If we owe you updates for goods with digital elements or digital products based on an agreement, we process the contact data you provided during the order (name, address, email) to inform you about upcoming updates within the legally required timeframe, in compliance with our legal obligations under Art. 6 (1) lit. c GDPR. Your contact details are used strictly for notifications about updates we owe and will only be processed for this purpose as necessary.

To process your order, we also cooperate with the service provider(s) listed below, who support us in the execution of concluded contracts. Certain personal data will be shared with these service providers as described below.

8.2 Transfer of Personal Data to Shipping Service Providers

  • DHL

We use the following provider for transport services: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.

We will provide your email address and/or phone number to the provider in accordance with Art. 6 (1) lit. a GDPR before delivery for the purpose of coordinating the delivery date or for delivery notification, provided you have given explicit consent during the ordering process. Otherwise, we will only share the recipient's name and delivery address with the provider in accordance with Art. 6 (1) lit. b GDPR for the purpose of delivery. The transfer will only take place as necessary for the delivery of the goods. In this case, prior coordination of the delivery date or the delivery announcement with the provider will not be possible.

Consent can be revoked at any time with effect for the future either to the responsible party mentioned above or to the provider.

8.3 Use of Payment Service Providers (Payment Services)

  • Apple Pay

If you choose the "Apple Pay" payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing occurs via the "Apple Pay" function on your device running iOS, watchOS, or macOS, using a payment card registered with Apple Pay. Apple Pay employs security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must enter a code you have set up beforehand, and verify your identity using the “Face ID” or “Touch ID” feature on your device.

For the purpose of processing the payment, the information you provide during the order process, along with the details of your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before forwarding it to the payment service provider of the payment card registered with Apple Pay for payment processing. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is processed, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the payment success.

If personal data is processed in the described transmissions, such processing is solely for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization fully excludes any personal identification. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.

When you use Apple Pay on an iPhone or Apple Watch to complete a purchase made through Safari on a Mac, the Mac and the authorization device communicate via an encrypted channel to Apple’s servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in the settings of your iPhone by going to "Wallet & Apple Pay" and turning off "Allow Payments on Mac."

Further privacy information about Apple Pay can be found at the following URL: https://support.apple.com/en-us/HT203027

  • Google Pay

If you choose the "Google Pay" payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing occurs through the "Google Pay" application on your mobile device, which runs at least Android 4.4 ("KitKat") and has NFC functionality. The payment is made using a payment card registered with Google Pay or a verified payment system (e.g., PayPal). To authorize a payment via Google Pay over 25€ in value, you must first unlock your mobile device using the verification method you have set up (such as facial recognition, password, fingerprint, or pattern).

For the purpose of payment processing, the information you provide during the order process, along with the details of your order, is transmitted to Google. Google then sends your payment information stored in Google Pay to the originating website as a unique transaction number, verifying the payment. This transaction number contains no details about your real payment data; instead, it is a unique numeric token created and transmitted for this purpose. Google acts solely as an intermediary for processing the payment. The transaction itself is carried out exclusively between the user and the originating website through the charge to the payment method registered with Google Pay.

If personal data is processed in the described transmissions, such processing is solely for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.

Google reserves the right to collect, store, and analyze specific transaction-related information for every transaction made via Google Pay. This includes the date, time, amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer (or sender and recipient), the used payment method, your description of the transaction’s reason, and any associated offers.

According to Google, this processing is solely carried out under Art. 6 (1) (f) GDPR based on legitimate interests in proper billing, verification of transaction data, and optimization and maintenance of the Google Pay service.

Google also reserves the right to combine the processed transaction data with other information gathered and stored by Google from the use of other Google services.

The terms of service for Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en

Further privacy information regarding Google Pay can be found at the following URL:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

  • Klarna

This website offers one or more online payment methods from the following provider: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.

If you choose a payment method from the provider where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and card details, currency, and transaction number), as well as information about the content of your order, will be forwarded to Klarna in accordance with Art. 6 (1) (b) GDPR. The transfer of your data in this case will solely be for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you choose a payment method where the provider pays in advance (e.g., invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and possibly data for an alternative payment method) during the order process.

To safeguard our legitimate interest in assessing the payment ability of our customers, these data will be forwarded to Klarna in accordance with Art. 6 (1) (f) GDPR for the purpose of a credit check. The provider will check, based on the personal data you provided as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the selected payment option can be granted with respect to payment and/or default risks.

For the decision during the application process, in addition to internal provider criteria in accordance with Art. 6 (1) (f) GDPR, identity and credit information from the following credit agencies may be included:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may include probability values (so-called score values). If score values are part of the credit report outcome, they are based on a scientifically recognized mathematical-statistical process. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if necessary for the proper execution of the contractually agreed payment.

  • PayPal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you choose a payment method from the provider where you pay in advance, your payment data provided during the order process (including name, address, bank and card details, currency, and transaction number), as well as information about the content of your order, will be forwarded to PayPal in accordance with Art. 6 (1) (b) GDPR. The transfer of your data in this case will solely be for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you choose a payment method where we pay in advance, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and possibly data for an alternative payment method) during the order process.

To safeguard our legitimate interest in determining your payment ability, this data will be forwarded to PayPal in accordance with Art. 6 (1) (f) GDPR for the purpose of a credit check. PayPal will assess, based on the personal data you provided and other data (such as shopping cart, invoice amount, order history, payment experiences), whether the selected payment option can be granted with respect to payment and/or default risks.

The credit report may include probability values (so-called score values). If score values are part of the credit report outcome, they are based on a scientifically recognized mathematical-statistical process. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if necessary for the proper execution of the contractually agreed payment.

  • PayPal Checkout

This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal’s own payment methods and local payment methods from third-party providers.

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "Pay Later" via PayPal, we will forward your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The data transfer is carried out in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.

PayPal reserves the right to conduct a credit check for payment methods like credit card via PayPal, direct debit via PayPal, or – if offered – "Pay Later" via PayPal. For this purpose, your payment data may be forwarded to credit agencies in accordance with Art. 6 (1) (f) GDPR based on PayPal’s legitimate interest in assessing your payment ability. The result of the credit check regarding the statistical risk of payment default will be used by PayPal to decide whether to offer the respective payment method. The credit report may contain probability values (so-called score values). If score values are part of the credit report result, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, but is not limited to, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the proper execution of the contractually agreed payment.

If the "Invoice Purchase" PayPal payment method is available and selected, your payment data will first be transmitted to PayPal to prepare the payment, after which PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") for payment processing. The legal basis is Art. 6 (1) (b) GDPR. In this case, RatePay performs an identity and credit check on its own behalf to assess payment ability according to the principles mentioned above and forwards your payment data to credit agencies in accordance with Art. 6 (1) (f) GDPR, based on the legitimate interest of determining payment ability. A list of credit agencies that Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/

When using a local third-party payment method, your payment data will first be transmitted to PayPal for payment preparation in accordance with Art. 6 (1) (b) GDPR. Depending on your choice of available local payment methods, PayPal will then forward your payment data for payment processing to the respective provider in accordance with Art. 6 (1) (b) GDPR:

  • Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
  • Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
  • iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
  • Bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
  • Blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
  • eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
  • MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
  • Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

For further data protection information, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

9) Website Functionalities
Judge.me

Our website incorporates graphic elements from the following provider to display external customer reviews and/or externally awarded quality seals: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom.

When you visit a page of our website containing such graphic elements, your browser establishes a direct connection to the provider’s servers to properly load the elements. During this process, certain browser information, including your IP address, will be transmitted to the provider.

If personal data is processed in the course of this, it is done in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in optimally marketing our offer and creating an appealing website design.

We have entered into a data processing agreement with the provider to ensure the protection of our site visitors’ data and to prevent unauthorized sharing with third parties.

When data is transferred to the provider’s location, an adequate level of data protection is ensured through an adequacy decision by the European Commission.

10) Tools and Other Services
Judge.me

To verify and publish customer reviews, we use the services of the following provider: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom.

When you submit a review on our website, your first and last name, email address, order date and number, as well as name and international references (GTIN/ISDNF), will be collected, transmitted to the provider, and evaluated to determine the legitimacy of a customer review for a specific order. These processes are carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in ensuring the authenticity of customer reviews by verifying transaction relevance and preventing review abuse. After the review has been checked and approved, the data will be deleted by the provider.

When data is transferred to the provider’s location, an adequate level of data protection is ensured through an adequacy decision by the European Commission.

11) Rights of the Data Subject
11.1 The applicable data protection law grants you the following rights in relation to the processing of your personal data by the controller (right of access and intervention), with the specific conditions for exercising these rights being referred to in the respective legal basis:

  • Right of access according to Art. 15 GDPR;
  • Right to rectification according to Art. 16 GDPR;
  • Right to erasure according to Art. 17 GDPR;
  • Right to restriction of processing according to Art. 18 GDPR;
  • Right to notification according to Art. 19 GDPR;
  • Right to data portability according to Art. 20 GDPR;
  • Right to withdraw consent given according to Art. 7 (3) GDPR;
  • Right to lodge a complaint according to Art. 77 GDPR.

11.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING MAY BE PERMITTED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES AT ANY TIME. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

12) Duration of Storage of Personal Data

The duration of the storage of personal data is determined based on the respective legal basis, the purpose of processing, and, if applicable, any statutory retention periods (e.g., commercial and tax law retention periods).

When personal data is processed based on explicit consent according to Art. 6 (1) (a) GDPR, the data will be stored until you withdraw your consent.

If statutory retention periods apply to data processed under commercial or similar obligations based on Art. 6 (1) (b) GDPR, the data will be routinely deleted after the expiration of the retention periods, provided they are no longer necessary for the performance or initiation of the contract and/or we no longer have a legitimate interest in retaining them.

When personal data is processed based on Art. 6 (1) (f) GDPR, the data will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

When personal data is processed for direct marketing purposes based on Art. 6 (1) (f) GDPR, the data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise specified in this notice for specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.