Privacy policy

Data Protection & Privacy Policy

1) Information on the Collection of Personal Data and Contact Details of the Data Controller

1.1 Thank you for visiting our website. Below we inform you about how your personal data is processed when you use our website. Personal data refers to any information that can be used to identify you personally.

1.2 The data controller responsible for processing personal data on this website is Grace Auckland.
The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data, as defined by the EU General Data Protection Regulation (GDPR).

1.3 This website uses SSL or TLS encryption to protect the transmission of personal data and other confidential information (such as orders or inquiries). You can recognize an encrypted connection by the browser address bar starting with “https://” and the lock icon.

2) Data Collection When Visiting Our Website

When you use our website for informational purposes only (i.e., without registering or submitting information), we collect only the data that your browser transmits to our server (so-called server log files). This data is technically necessary to display the website and ensure its stability and security.

The following data is collected:

  • Visited page

  • Date and time of access

  • Amount of data transferred (in bytes)

  • Referring page (source)

  • Browser used

  • Operating system used

  • IP address used (possibly anonymized)

The processing of this data is based on our legitimate interest in improving the stability and functionality of our website in accordance with Article 6(1)(f) GDPR.
This data will not be passed on or used for any other purpose unless there are concrete indications of unlawful use, in which case the data may be reviewed retrospectively.

3) Cookies

To make our website attractive and enable certain functions, we use cookies (small text files stored on your device).

Some cookies are deleted when you close your browser (session cookies), while others remain stored on your device to recognize your browser on future visits (persistent cookies). These cookies may collect personal data such as browser type, location, or IP address.

Persistent cookies are automatically deleted after a defined period, which varies depending on the cookie. Some cookies simplify the ordering process (e.g., by saving items in the shopping cart).

If cookies process personal data, the processing is based on:

  • Article 6(1)(b) GDPR (performance of a contract), or

  • Article 6(1)(f) GDPR (legitimate interest in optimal website functionality and user experience).

We may work with advertising partners who also store cookies on your device when visiting our website (third-party cookies). If this occurs, you will be informed in this policy about their use and scope.

You can configure your browser to notify you about the use of cookies and decide individually whether to accept them. Instructions vary by browser and can be found in the help menu of your browser.

If you disable cookies, some website functions may be limited.

4) Contact

When you contact us (e.g., via a contact form or email), personal data is collected. The data collected is specified in the respective form and is used exclusively to respond to your inquiry and manage related technical matters.

The legal basis for processing this data is our legitimate interest in responding to inquiries under Article 6(1)(f) GDPR.
If your inquiry aims at concluding a contract, the legal basis is Article 6(1)(b) GDPR.

Once the matter has been fully resolved and no statutory retention obligations exist, your data will be deleted.

5) Customer Accounts and Contract Performance

When you provide personal data to enter into a contract or create a customer account, we process this data in accordance with Article 6(1)(b) GDPR. The required data is indicated in the respective forms.

You may request the deletion of your customer account at any time by contacting us at info@graceauckland.com.

After completion of the contract or deletion of the account, the data will be restricted for tax and commercial retention purposes and deleted once these legal retention periods expire, unless you have consented to further use or the law permits it.

6) Use of Data for Direct Marketing

6.1 Newsletter Subscription

If you subscribe to our newsletter, we will regularly send you promotional offers. Only your email address is required; additional information is optional and used solely for personalization.

We use a double opt-in procedure, meaning you will receive a confirmation email and will only be subscribed once you confirm via the link.

By activating the confirmation link, you give your consent to the processing of your data under Article 6(1)(a) GDPR. We record the IP address and time of registration to prevent misuse.

You may unsubscribe at any time via the unsubscribe link in the newsletter or by contacting us at info@graceauckland.com. Upon unsubscription, your email address will be removed from our mailing list unless further use is legally permitted.

6.2 Marketing Emails to Existing Customers

If you provided your email address during a purchase, we may send you emails with offers for similar products without requiring additional consent. This is based on our legitimate interest in personalized direct marketing under Article 6(1)(f) GDPR.

You may object to receiving these emails at any time by contacting us.