Privacy Policy

1) INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE RESPONSIBLE PARTY

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data by which you can be personally identified.

1.2 The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is josephinelondon.com. The responsible party for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

2) DATA COLLECTION WHEN VISITING OUR WEBSITE

When you use our website purely for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (“server log files”). These include: visited website, date/time of access, amount of data sent, source/reference, browser used, operating system used, IP address (possibly anonymized). Processing is carried out according to Art. 6(1)(f) GDPR based on our legitimate interest in improving stability and functionality. Data is not disclosed except in cases of suspected illegal use.

3) COOKIES

We use cookies to make our website attractive and to enable certain features. Session cookies are deleted after the browser session; persistent cookies remain on the device. Cookies may process browser data, location data, or IP addresses. Some cookies simplify ordering (e.g., remembering basket items). Processing in accordance with Art. 6(1)(b) GDPR (contract performance) or Art. 6(1)(f) GDPR (legitimate interest in functionality). We may work with third-party advertising partners who set their own cookies. You can adjust cookie settings in your browser. Restricting cookies may limit website functionality.

4) CONTACTING US

When contacting us (e.g., via contact form or email), personal data is collected. This data is stored and used to respond to your inquiry. Legal basis: Art. 6(1)(f) GDPR; when aimed at contract performance: Art. 6(1)(b) GDPR. Data is deleted once resolved unless legal retention applies.

5) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT & CONTRACT PROCESSING

Personal data is processed according to Art. 6(1)(b) GDPR when opening an account or placing an order. Data is stored for contract performance and deleted after tax/commercial retention periods, unless further use is consented.

6) USE OF DATA FOR DIRECT ADVERTISING

6.1 Newsletter: When subscribing, we use the double opt-in method. Legal basis Art. 6(1)(a) GDPR. You may unsubscribe at any time.

6.2 Newsletter to existing customers: If you provided your email while purchasing, we may send promotions for similar products based on Art. 6(1)(f) GDPR. You can opt out anytime.

7) DATA PROCESSING FOR ORDER PROCESSING

7.1 Data is shared with delivery companies and payment providers when necessary (Art. 6(1)(b) GDPR).

7.2 Payment providers: PayPal, SOFORT/Klarna — data shared only as needed. Providers may perform credit checks under Art. 6(1)(f) GDPR.

8) REVIEW REMINDERS

We may send a one-time review reminder if you consent according to Art. 6(1)(a) GDPR. Consent may be withdrawn anytime.

9) SOCIAL MEDIA PLUGINS (SHARIFF METHOD)

We use privacy-friendly Shariff integration for Facebook, Google+, and Instagram plugins. A connection is only made when clicked. Providers are certified under the Privacy Shield framework. Privacy policies:

Facebook: https://www.facebook.com/policy.php

Google: https://www.google.com/intl/en/policies/privacy/

Instagram: https://help.instagram.com/155833707900388/

10) ONLINE MARKETING

10.1 DoubleClick by Google: Uses cookies for ad performance, frequency control, and conversion tracking. Legal basis: Art. 6(1)(f) GDPR. You may disable tracking via browser settings or DAA tools.

10.2 Google AdWords Conversion Tracking: Cookie used after clicking an ad; expires after 30 days; no personal identification. You may disable conversion cookies via browser settings.

11) WEB ANALYSIS SERVICES – GOOGLE ANALYTICS

Uses cookies to analyze usage. IP anonymization via _anonymizeIp() ensures no personal identification. Legal basis: Art. 6(1)(f) GDPR. You can opt out via browser plugin or opt-out link. Also used across devices with User-ID where applicable.

12) RETARGETING / REMARKETING

Facebook Pixel: Tracks user behavior after ad interaction (only with explicit consent Art. 6(1)(a) GDPR). Data is anonymous to us but processed by Facebook for ad targeting.

Google Remarketing: Uses cookie-based interest profiling for ads. Legal basis: Art. 6(1)(f) GDPR. You may disable personalized ads or adjust cookie preferences.

13) RIGHTS OF THE DATA SUBJECT

You have rights under GDPR:

Art. 15: Access

Art. 16: Rectification

Art. 17: Erasure

Art. 18: Restriction

Art. 19: Notification

Art. 20: Portability

Art. 7(3): Withdrawal of consent

Art. 77: Complaint to supervisory authority

13.2 Right to Object: You may object to data processing based on legitimate interests or direct marketing at any time.

14) STORAGE DURATION

Storage depends on statutory retention periods. After expiry, data is deleted unless required for contract performance or legitimate interest in continued storage exists.