Privacy policy
Privacy Policy
1) Introduction and contact details of the data controller
1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we explain how we handle your personal data when you use our website. Personal data refers to any information that can be used to identify you personally.
1.2 The data controller for this website within the meaning of the General Data Protection Regulation (GDPR) is Lineage – Sven Folchert & Carlos Wenzel García GbR, Wilhelmstraße 21, 42553 Velbert, Germany, Tel.: +49 2053 8401766, Email: hey@lineage-atelier.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data collection when you visit our website
2.1 When you use our website for information purposes only – i.e. if you do not register or otherwise provide us with any information – we only collect the data that your browser transmits to the website server (so-called ‘server log files’). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- The website you visited
- Date and time of access
- Amount of data transmitted (in bytes)
- Source/link from which you accessed the page
- Browser used
- Operating system used
- IP address used (where applicable: in anonymised form)
The processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively should there be concrete evidence of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential information (e.g. orders or enquiries to the data controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the “https://” in your browser address bar and the padlock icon.
3) Hosting & Content-Delivery-Network
3.1 Shopify
Für das Hosting unserer Website und die Darstellung der Seiteninhalte nutzen wir das System des folgenden Anbieters: Shopify International Limited, Victoria Buildings, 2. Etage, 1-2 Haddington Road, Dublin 4, D04 XN32, Irland („Shopify“)
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the provider’s servers. We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits its unauthorised disclosure to third parties.
Where data is transferred to Canada, an adequate level of data protection is guaranteed by an adequacy decision issued by the European Commission.
3.2 Cloudflare
We use a content delivery network provided by the following company: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA
This service enables us to deliver large media files, such as graphics, page content or scripts, more quickly via a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Article 6(1)(f) of the GDPR. We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.
4) Cookies
To make your visit to our website more enjoyable and to enable the use of certain features, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called ‘session cookies’), whilst others remain on your device for longer and enable page settings to be saved (so-called ‘persistent cookies’). In the latter case, you can find the retention period in the overview of your web browser’s cookie settings.
Where personal data is processed via individual cookies used by us, such processing is carried out in accordance with Article 6(1)(b) of the GDPR for the purpose of performing the contract, in accordance with Article 6(1)(a) of the GDPR where consent has been given, or in accordance with Article 6(1)(f) of the GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a user-friendly and effective design of the site visit.
You can configure your browser to notify you when cookies are set, allowing you to decide on a case-by-case basis whether to accept them, or to block cookies in specific cases or generally.
Please note that if you do not accept cookies, the functionality of our website may be limited.
5) Getting in touch
5.1 Judge.me
We use the services of the following provider for review reminders: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom
We will only transfer your email address and, where applicable, other customer data to the provider on the basis of your explicit consent in accordance with Article 6(1)(a) of the GDPR, so that the provider can contact you via email with a review reminder.
You may withdraw your consent at any time, with effect for the future, by notifying us or the provider.
We have entered into a data processing agreement with the provider which ensures the protection of our website visitors’ data and prohibits its unauthorised disclosure to third parties.
Where data is transferred to the provider’s location, an adequate level of data protection is guaranteed by an adequacy decision issued by the European Commission.
5.2 When you contact us (e.g. via the contact form or by email), personal data will be processed – solely for the purpose of handling and responding to your enquiry and only to the extent necessary for this purpose.
The legal basis for the processing of this data is our legitimate interest in responding to your enquiry in accordance with Article 6(1)(f) of the GDPR. If the purpose of contacting you is to enter into a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted once it is clear from the circumstances that the matter in question has been fully resolved, provided that there are no statutory retention obligations to the contrary.
6) Data processing for order fulfilment
6.1 To the extent necessary for the performance of the contract for the purposes of delivery and payment, the personal data we collect will be disclosed to the contracted transport company and the contracted bank in accordance with Article 6(1)(b) of the GDPR.
Where we are obliged to provide you with updates for goods containing digital elements or for digital products under the terms of a relevant contract, we will process the contact details you provided when placing your order in order to inform you personally, in accordance with our legal obligations to provide information under Article 6(1)(c) of the GDPR. Your contact details will be used strictly for the specific purpose of sending you notifications regarding updates we are required to provide, and will be processed by us for this purpose only to the extent necessary to provide the relevant information.
To process your order, we also work with the service provider(s) listed below, who assist us, either in full or in part, with the fulfilment of contracts entered into. Certain personal data is transferred to these service providers in accordance with the following information.
6.2 Gelato
We use the following service provider to process orders: Gelato Sweden AB, c/o Epicenter, Mäster Samuelsgatan 36, 111 57 Stockholm, Sweden
Your name, address and, where applicable, other personal data will be passed on to the service provider in accordance with Article 6(1)(b) of the GDPR, solely for the purpose of processing your online order. Your data will only be passed on to the extent that this is actually necessary for the processing of the order.
6.3 Use of payment service providers
- Apple Pay
If you choose the “Apple Pay” payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed via the “Apple Pay” function on your iOS, watchOS or macOS device by charging a payment card registered with “Apple Pay”. Apple Pay uses security features built into your device’s hardware and software to protect your transactions. To authorise a payment, you must therefore enter a passcode you have previously set and verify your identity using your device’s ‘Face ID’ or ‘Touch ID’ feature.
For the purposes of processing your payment, the information you provide during the ordering process, together with details of your order, will be transmitted to Apple in encrypted form. Apple then re-encrypts this data using a developer-specific key before transmitting it to the payment service provider associated with the payment card stored in Apple Pay, so that the payment can be processed. Encryption ensures that only the website through which the purchase was made can access the payment details. Once the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm that the payment was successful.
Where personal data is processed in connection with the transfers described, such processing is carried out solely for the purpose of payment processing in accordance with Article 6(1)(b) of the GDPR.
Apple stores anonymised transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. This anonymisation ensures that the data cannot be linked to any individual. Apple uses this anonymised data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you’ve made via Safari on your Mac, your Mac and the authorisation device communicate via an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a format that could be used to identify you.
You can disable the option to use Apple Pay on your Mac in your iPhone’s settings. Go to ‘Wallet & Apple Pay’ and turn off ‘Allow Payments on Mac’.
For further information on privacy with Apple Pay, please visit the following website: https://support.apple.com/de-de/HT203027
- Google Pay
If you choose the “Google Pay” payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment processing takes place via the “Google Pay” application on your mobile device, which must be running Android 4.4 (“KitKat”) or later and have NFC functionality, by debiting a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To authorise a payment via Google Pay for an amount exceeding €25, you must first unlock your mobile device using the verification method set up on your device (such as facial recognition, a password, a fingerprint or a pattern).
For the purposes of processing your payment, the information you provide during the ordering process, together with details of your order, will be passed on to Google. Google then sends your payment details stored in Google Pay to the originating website in the form of a one-off transaction number, which is used to verify that the payment has been made. This transaction number does not contain any information about the actual payment details of the payment methods stored in Google Pay; instead, it is generated and transmitted as a one-off numerical token. For all transactions made via Google Pay, Google acts solely as an intermediary in processing the payment. The transaction is carried out exclusively between the user and the originating website by debiting the payment method stored with Google Pay.
Where personal data is processed in connection with the transfers described, such processing is carried out solely for the purpose of payment processing in accordance with Article 6(1)(b) of the GDPR.
Google reserves the right to collect, store and analyse certain transaction-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, the merchant’s location and description, a description of the goods or services purchased provided by the merchant, any photos you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction, and, where applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Article 6(1)(f) of the GDPR on the basis of a legitimate interest in proper accounting, the verification of transaction data, and the optimisation and maintenance of the Google Pay service.
Google also reserves the right to combine the transaction data processed with other information collected and stored by Google when you use other Google services.
The Google Pay Terms of Service can be found here:
Further information on data protection for Google Pay can be found at the following web address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Paypal
This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
If you select a payment method from this provider that requires you to pay in advance, your payment details provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the contents of your order will be transmitted to the provider in accordance with Art. 1 lit. b GDPR. In this case, your data will be passed on solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method where we pay in advance, you will also be asked during the ordering process to provide certain personal details (first name and surname, street, house number, postcode, town, date of birth, email address, telephone number, and, where applicable, details of an alternative payment method).
In order to safeguard our legitimate interest in assessing your creditworthiness in such cases, we will pass this data on to the provider for the purpose of a credit check, in accordance with Article 6(1)(f) of the GDPR. The provider will use the personal details you have provided, along with other information (such as your shopping basket, invoice total, order history and payment history), to assess whether the payment method you have selected can be approved, taking into account the risks of non-payment and/or bad debt.
The credit report may contain probability values (known as ‘scores’). Where such scores are included in the credit report, they are based on a scientifically recognised mathematical and statistical method. The calculation of these scores takes into account, amongst other things, but not exclusively, address details.
You may object to this processing of your data at any time by contacting us or the provider. However, the provider may still be entitled to process your personal data where this is necessary for the contractual processing of payments.
- Shopify Payments
This website offers one or more online payment methods provided by the following provider: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
If you select a payment method offered by the provider that requires you to pay in advance (such as credit card payment), your payment details provided during the ordering process (including your name, address, bank and payment card details, currency and transaction number), as well as information about the contents of your order, will be passed on to the provider in accordance with Article 6(1)(b) of the GDPR. In this case, your data will be shared solely for the purpose of processing payments with the provider and only to the extent necessary for this purpose.
7) Web analytics services
Shopify Analytics
This website uses the web analytics service provided by the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymised visitor data, including information about the device used, such as the IP address and browser information, in order to analyse usage behaviour on our website and create pseudonymised user profiles. Among other things, this enables the analysis of user behaviour patterns (known as heatmaps), which reveal the duration of page visits and interactions with page content (e.g. text entries, scrolling, clicks and mouse-overs). Pseudonymisation fundamentally precludes any direct link to an individual. No merging takes place with other personal data collected about you by other means.
All processing operations described above, in particular the reading or storage of information on the device you are using, will only be carried out if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.
Wir haben mit dem Anbieter einen Auftragsverarbeitungsvertrag geschlossen, der die
We have entered into a data processing agreement with the service provider, which protects the data of our website visitors and prohibits its disclosure to third parties.
Where data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision issued by the European Commission.
8) Site features
Pinterest-Plugins
Our website uses plugins from the social network provided by the following company: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
These plugins enable direct interaction with content on the social network.
To enhance the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using a so-called ‘2-click’ or ‘Shariff’ solution.
This integration ensures that, when a page on our website containing such plugins is accessed, no connection is established with the provider’s servers.
Only once you have activated the plugins and thereby given your consent to the transfer of data in accordance with Article 6(1)(a) of the GDPR will your browser establish a direct connection to the provider’s servers. In doing so, regardless of whether you are logged into an existing user profile, certain information about the device you are using (including your IP address), your browser and your browsing history is transmitted to the provider and may be further processed there.
If you are logged into an existing user profile on the provider’s social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts.
You can withdraw your consent at any time by deactivating the plugin by clicking on it again. However, this will not affect any data that has already been transferred to the provider.
Data may also be transferred to: Pinterest Inc., USA
We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
For the transfer of data to the USA, the provider relies on the European Commission’s standard contractual clauses, which are designed to ensure compliance with European data protection standards.
9) Tools and Miscellaneous
Cookie-Consent-Tool
This website uses a so-called “cookie consent tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users when they visit the site in the form of an interactive user interface, on which consent for specific cookies and/or cookie-based applications can be granted by ticking the relevant boxes. When this tool is used, all cookies and services requiring consent are only loaded once the user has given their consent by ticking the relevant box. This ensures that such cookies are only set on the user’s device once consent has been given.
The tool sets technically necessary cookies to save your cookie preferences. No personal user data is processed in this process.
If, in individual cases, the storage, assigning or logging cookie settings, this is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and, consequently, in the legally compliant design of our website.
A further legal basis for the processing is Article 6(1)(c) of the GDPR. As the data controller, we are legally obliged to make the use of cookies that are not technically necessary subject to the user’s consent.
Where necessary, we have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
Further information about the operator and the settings options for the cookie consent tool can be found directly in the relevant user interface on our website.
10) Rights of the data subject
10.1
Under current data protection law, you have the following data subject rights (rights of access and rights to take action) vis-à-vis the controller with regard to the processing of your personal data; please refer to the legal basis cited for the respective conditions for exercising these rights:
- Right of access under Article 15 of the GDPR;
- Right to rectification under Article 16 of the GDPR;
- Right to erasure under Article 17 of the GDPR;
- Right to restriction of processing under Article 18 of the GDPR;
- Right to be informed under Article 19 of the GDPR;
- Right to data portability pursuant to Article 20 of the GDPR;
- Right to withdraw consent pursuant to Article 7(3) of the GDPR;
-
Right to lodge a complaint pursuant to Article 77 of the GDPR.
10.2 RIGHT TO OBJECT
IF, AS PART OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. WE RESERVE THE RIGHT TO CONTINUE PROCESSING, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR WHERE THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THIS RIGHT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.
11) Retention period for personal data
The period for which personal data is stored is determined by the relevant legal basis, the purpose of the processing and, where applicable, the relevant statutory retention period (e.g. retention periods under commercial and tax law).
Where personal data is processed on the basis of explicit consent pursuant to Article 6(1)(a) of the GDPR, the data concerned will be stored until you withdraw your consent.
Where statutory retention periods apply to data processed in connection with contractual or quasi-contractual obligations on the basis of Article 6(1)(b) of the GDPR, such data is routinely deleted once the retention periods have expired, provided that it is no longer required for the performance or initiation of a contract and/or we no longer have a legitimate interest in its continued storage.
When processing personal data on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
When processing personal data for the purposes of direct marketing on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(2) of the GDPR.
Unless otherwise specified in the other information contained in this statement regarding specific processing situations, stored personal data will otherwise be erased when it is no longer necessary for the purposes for which it was collected or otherwise processed.