Privacy policy

Privacy Policy

1. Information About the Collection of Personal Data and Contact Details of the Person Responsible

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how your personal data is handled when you use our website. Personal data is all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Body & Bra. The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (such as orders or inquiries to the person responsible), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

2. Data Collection When You Visit Our Website

If you only use our website for information purposes, meaning you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary so that we can display the website to you:

  • Our website visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page
  • Browser used
  • Operating system used
  • IP address used (if necessary in anonymized form)

Processing is carried out in accordance with Article 6 paragraph 1 letter f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

By using our website, you agree that third parties may process your IP address to determine your location for currency conversion. You also agree that this currency may be stored in a session cookie in your browser (a temporary cookie that is automatically removed when you close your browser). We do this so that the chosen currency remains selected and consistent when browsing our website, so that prices can be converted to your local currency.

3. Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted at the end of the browser session, after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies).

If cookies are set, they collect and process certain user information such as browser and location data, as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a certain period of time.

In some cases, cookies are used to simplify the ordering process by storing settings (for example, remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is processed by individual cookies we use, the processing takes place in accordance with Article 6 Paragraph 1 Letter b GDPR to implement the contract, or in accordance with Article 6 Paragraph 1 Letter f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly, effective design of the page visit.

We may work with advertising partners to help us make our website more interesting to you. For this purpose, cookies from partner companies may also be stored on your device when you visit our website (third-party cookies). If we work with such partners, you will be informed individually and separately about the use of these cookies and the scope of the data collected.

You can set your browser to inform you about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in how it manages cookie settings. How you can change your cookie settings is described in the help menu of your browser:

Please note that the functionality of our website may be restricted if you do not accept cookies.

4. Contact

When you contact us (for example, via contact form or email), personal data is collected. The data collected via a contact form can be seen from the respective form. This data is stored and used exclusively for the purpose of answering your inquiry or contacting you, and for the associated technical administration.

The legal basis for processing this data is our legitimate interest in answering your request in accordance with Article 6 paragraph 1 letter f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6 paragraph 1 letter b GDPR. Your data will be deleted after your request has been processed, provided this can be determined from the circumstances.

5. Data Processing When Opening a Customer Account and for Contract Processing

In accordance with Article 6 paragraph 1 letter b GDPR, personal data will continue to be collected and processed if you provide it to us to perform a contract or open a customer account. Which data is collected can be seen from the respective input forms.

Your customer account can be deleted at any time by sending a message to the address of the person responsible listed at the end of this policy. We store and use the data you provide to process the contract. After the contract has been fully processed or your customer account has been deleted, your data will be blocked in consideration of tax and commercial law retention periods, and deleted after these periods have expired.

6. Use of the Single Sign-On Procedure

Facebook Connect

You can create a customer account on our website or log in via the social plugin "Facebook Connect" of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). You can recognize the social plugins from "Facebook Connect" on our website by the blue button with the Facebook logo and the inscription "Log in with Facebook", "Connect with Facebook", or "Sign in with Facebook".

If you access a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. This data processing is carried out in accordance with Article 6 paragraph 1 letter f GDPR based on Facebook's legitimate interest in displaying personalized advertising based on surfing behavior.

By using the "Facebook Connect" button on our website, you also have the opportunity to log in or register on our website with your Facebook user data. Only if you give your express consent in accordance with Art. 6 Para. 1 lit. a GDPR before the registration process, we will receive from Facebook (depending on your personal data protection settings on Facebook) the general and publicly accessible information stored in your profile. This information includes user ID, name, profile picture, age, and gender.

Following changes to Facebook's data protection regulations and terms of use, your profile pictures, your friends' user IDs, and your friends list may also be transferred if you have marked them as "public" in your privacy settings on Facebook. The data transmitted by Facebook is stored and processed by us to create a user account with the necessary data if you have approved this on Facebook (title, first name, last name, address details, country, email address, date of birth). Conversely, based on your consent, we may transmit data (such as information about your surfing or purchasing behavior) to your Facebook profile.

The consent given can be revoked at any time by sending a message to the person responsible named at the end of this policy.

The purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your related rights and setting options to protect your privacy, can be found in Facebook's data protection information: facebook.com/policy.php. If you do not want Facebook to assign the data collected via our website directly to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the Facebook plugins from loading with add-ons for your browser.

7. Use of Your Data for Direct Advertising

Email Newsletter

If you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing all other data is voluntary and serves to be able to address you personally.

We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an email newsletter if you have expressly confirmed that you agree to receive newsletters. We will send you a confirmation email asking you to confirm that you would like to receive newsletters in the future by clicking on a link.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6 paragraph 1 letter a GDPR. When you register for the newsletter, we save your IP address provided by the Internet Service Provider (ISP) as well as the date and time of registration, in order to be able to trace any misuse of your email address at a later date.

The data we collect when you register for the newsletter is used exclusively for advertising via the newsletter. You can unsubscribe at any time using the link provided in the newsletter, or by sending a message to the person responsible named at the end of this policy. After you unsubscribe, your email address will be immediately deleted from our newsletter distribution list.

8. Data Processing for Order Processing

8.1 The personal data we collect will be passed on to the transport company commissioned with the delivery as part of the contract processing, to the extent necessary to deliver the goods. We pass on your payment data to the commissioned credit institution as part of payment processing, to the extent necessary. When using payment service providers, we expressly point this out below. The legal basis for the transmission of the data is Art. 6 paragraph 1 letter b GDPR.

8.2 To fulfill our contractual obligations towards our customers, we work with external shipping partners. We pass on your name and delivery address to a shipping partner selected by us exclusively for the purpose of delivering the goods in accordance with Art. 6 paragraph 1 letter b GDPR.

8.3 Use of Payment Service Providers

Amazon Pay

If you choose the payment method "Amazon Pay", the payment will be processed via the payment service provider Amazon Payments Europe sca, 5 Rue Plaetis, L-2338 Luxembourg ("Amazon Payments"). We will send the data you provided during the ordering process together with the information about your order in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with Amazon Payments and only to the extent necessary. Further information about Amazon Payments' data protection regulations can be found at pay.amazon.com/help/201751600.

PayPal

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or (if offered) "purchase on account" or "payment in installments" via PayPal, we provide your payment details to PayPal (Europe) Sàrl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal"). The transfer takes place in accordance with Article 6 Paragraph 1 Letter b GDPR and only to the extent necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods listed above. Your payment data may be passed on to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR based on PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check, with regard to the statistical probability of a payment default, to decide whether the respective payment method is offered. The credit report can contain probability values (score values) based on a scientifically recognized mathematical-statistical procedure. The calculation includes, among other things, address data.

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if necessary to process payments in accordance with the contract.

SOFORT

If you choose the payment method "SOFORT", the payment will be processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany ("SOFORT"). We will send the data you provided during the ordering process together with the information about your order in accordance with Art. 6 Para. 1 lit. b GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB, Sveavägen 46, 11134 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with SOFORT and only to the extent necessary. Further information at klarna.com/sofort/datenschutz.

Stripe

If you choose a payment method from the payment service provider Stripe, the payment will be processed via Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. We will provide the information you supplied during the ordering process along with details about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency, and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be used for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary. Further information about data protection at Stripe can be found at stripe.com/terms.

Klarna

To offer you Klarna's payment methods, we may pass on your personal data in the form of contact and order details to Klarna during the ordering process. This allows Klarna to check whether you are eligible for Klarna's payment methods and to tailor those methods to you. Your transmitted personal data will be processed in accordance with the Klarna data protection declaration.

9. Rights of the Data Subject

9.1 The applicable data protection law grants you comprehensive rights of information and intervention towards the controller with regard to the processing of your personal data. Your rights include:

Right to Information (Art. 15 GDPR)

You have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients to whom your data has been or will be passed on, the planned storage period or criteria for determining it, the existence of rights to correction, deletion, restriction of processing, or objection to processing, the right to lodge a complaint with a supervisory authority, the origin of your data if not collected by us from you, the existence of automated decision-making (including profiling), and meaningful information about the logic involved and the intended effects on you. You also have the right to information about the guarantees under Article 46 GDPR if your data is passed on to third countries.

Right to Rectification (Art. 16 GDPR)

You have the right to immediate correction of incorrect data concerning you, and to completion of incomplete data stored by us.

Right to Deletion (Art. 17 GDPR)

You have the right to request deletion of your personal data if the requirements of Article 17 paragraph 1 GDPR are met. This right does not apply if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to establish, exercise, or defend legal claims.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your personal data while the accuracy of your data is being verified, if you reject the deletion of your data despite unlawful data processing and instead request restriction, if you need your data to assert, exercise, or defend legal claims after we no longer need it, or if you have objected for reasons relating to your particular situation while it is still unclear whether our legitimate reasons outweigh yours.

Right to Information About Recipients (Art. 19 GDPR)

If you have exercised the right to correction, deletion, or restriction of processing against the person responsible, the person responsible is obliged to inform all recipients to whom your personal data has been disclosed about this correction, deletion, or restriction, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data you have provided to us in a structured, common, and machine-readable format, or to request that it be transmitted to another person responsible, where technically feasible.

Right to Revoke Consent (Art. 7 Para. 3 GDPR)

You have the right to revoke your consent to data processing at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent.

Right to Lodge a Complaint (Art. 77 GDPR)

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you live, work, or where the alleged violation occurred.

9.2 Right to Object

If we process your personal data on the basis of our overriding legitimate interests, you have the right to object to this processing at any time with future effect, for reasons relating to your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, further processing is reserved if we can demonstrate comprehensive reasons that outweigh your interests, fundamental rights and freedoms, or if the processing serves to establish, exercise, or defend legal claims.

If we process your personal data for direct advertising purposes, you have the right to object at any time to such processing. If you exercise this right, we will stop processing the relevant data for direct advertising purposes.

10. Duration of Storage of Personal Data

The duration of storage of personal data depends on the respective legal retention periods (such as commercial and tax law retention periods). After these deadlines have expired, the relevant data will be routinely deleted unless it is still required to fulfill or initiate the contract, or unless we have a legitimate interest in further storage.

You also agree to the messaging terms and privacy policies of any third-party messaging or marketing services we may use to communicate with you.

Owner and Data Controller

Body & Bra LLC
3833 Powerline Rd
Fort Lauderdale, FL 33309
United States

Owner contact email: bodyandbraunderwearstore@gmail.com