Information on data protection (Instagram, Meta)

INFORMATION ON DATA PROTECTION

1) Information about the collection of personal data and contact details of the controller

1.1 Below we will inform you about how we handle your personal data. Personal data is all data that can be used to personally identify you.

Please carefully check which personal data you share with us via Instagram. Instagram is part of the Meta group of companies and shares the infrastructure, systems and technology with Meta and other Meta companies ( https://www.facebook.com/help/111814505650678?ref=dp ). We expressly point out that Meta stores the data of users of its services (e.g. personal information, IP address, etc.) and may also use this for business purposes. For more information on Meta's data processing on Instagram, see Instagram's privacy policy at https://help.instagram.com/help/instagram/519522125107875/

We have no influence on the data collection and further processing by Meta. Furthermore, we cannot determine to what extent, where and for how long the data is stored, to what extent Meta complies with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. If you would like to prevent Meta from processing personal data that you have sent to us, please contact us by other means. You can find our full contact details in our imprint on Instagram.

1.2 The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is VANA eK
Owner: Stefan Voggenthaler, Waldstraße 28, 84558 Kirchweidach, Germany, Tel.: 004986236132631, E-Mail: hello@vana-store.com, insofar as we exclusively process the data you send to us via Instagram ourselves. Insofar as the data you send to us via Instagram is also or exclusively processed by Meta, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is also responsible for data processing within the meaning of the General Data Protection Regulation (GDPR).

The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

2) Data Protection Officer

You can contact Meta’s data protection officer using the online contact form provided at https://www.facebook.com/help/contact/540977946302970 .

3) Data processing when contacting us

We ourselves collect personal data when you contact us, for example via a contact form or messenger. You can see which data we collect when you contact us via the contact form in the relevant contact form. This data is stored and used solely for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 Paragraph 1 Letter f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Paragraph 1 Letter b GDPR. Your data will be deleted after your request has been finally processed, unless there are statutory retention periods to the contrary. We assume that processing has been finalized if the circumstances indicate that the matter in question has been conclusively clarified.

4) Data processing for contract execution

If your contact via Instagram serves as the basis for a contract for the delivery of goods and/or the provision of services with us, we will additionally process the data you send us in this context in the event of a contract being concluded as follows:

4.1 We will pass on your payment data to the commissioned credit institution as part of the payment processing if this is necessary for the payment processing. The legal basis for the transfer of data is Art. 6 Para. 1 lit. b GDPR.

4.2 In the case of contracts for the delivery of goods, we will pass on the personal data we have collected to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact details you provided when ordering (name, address, email address) in order to inform you personally about upcoming updates within the legally stipulated period by suitable communication channels (e.g. by post or email) within the scope of our statutory information obligations in accordance with Art. 6 Paragraph 1 Letter c GDPR. Your contact details will be used strictly for the purpose of notifying you about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.

5) Rights of the data subject

5.1 The applicable data protection law grants you comprehensive rights as a data subject (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we will inform you below:

Right to information pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to information pursuant to Art. 19 GDPR;
Right to data portability according to Art. 20 GDPR;
Right to revoke consent granted in accordance with Art. 7 Para. 3 GDPR;
Right to complain according to Art. 77 GDPR.

5.2 RIGHT OF OBJECTION

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCE OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

6) Duration of storage of personal data

The duration for which personal data is stored is determined based on the respective legal basis, the purpose of processing and – if applicable – also on the respective statutory retention period (e.g. retention periods under commercial and tax law).

When processing personal data on the basis of an explicit consent in accordance with Art. 6 (1) (a) GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that are processed within the framework of legal transactions or quasi-legal obligations on the basis of Art. 6 (1) (b) GDPR, these data will be routinely deleted after the retention periods have expired, provided that they are no longer required to fulfill or initiate a contract and/or we no longer have a legitimate interest in continuing to store them.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, these data will be stored until you exercise your right of objection in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct advertising on the basis of Art. 6 (1) (f) GDPR, these data will be stored until you exercise your right of objection in accordance with Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.