Privacy Policy

1) Information About the Collection of Personal Data and Contact Details of the Controller

1.1

We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how your personal data is handled when using our website. Personal data is any data by which you can be personally identified.

1.2

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Margaret's Sweaters Dunedin. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser.

2) Data Collection When Visiting Our Website

When you use our website for informational purposes only (i.e. without registering or submitting information), we only collect data that your browser transmits to our server (“server log files”). These include:

  • Visited website
  • Date and time of access
  • Amount of data sent (in bytes)
  • Source/referrer URL
  • Browser used
  • Operating system used
  • IP address (possibly anonymized)

Processing is carried out according to Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. Data is not shared or otherwise used unless there are indications of unlawful use.

3) Cookies

We use cookies to make our website more user-friendly and enable certain functions.

  • Session cookies: deleted after closing your browser
  • Persistent cookies: remain on your device and allow recognition on future visits

Cookies may collect:

  • Browser data
  • Location data
  • IP address

Processing is based on:

  • Art. 6(1)(b) GDPR (contract performance), or
  • Art. 6(1)(f) GDPR (legitimate interest)

Third-party cookies may also be used for advertising purposes.

You can configure your browser to:

  • Be informed about cookies
  • Accept or reject cookies individually or entirely

Note: disabling cookies may limit website functionality.

4) Contacting Us

When you contact us (e.g. via contact form or email), personal data is collected.

  • Data is used only to respond to your request
  • Legal basis: Art. 6(1)(f) GDPR
  • If related to a contract: Art. 6(1)(b) GDPR

Data will be deleted once the request is fully processed unless legal retention obligations apply.

5) Data Processing for Customer Accounts and Contracts

Personal data is collected when:

  • Opening a customer account
  • Performing a contract
  • Legal basis: Art. 6(1)(b) GDPR
  • Data is stored for contract processing
  • Deleted after legal retention periods unless further use is consented

6) Use of Data for Direct Marketing

6.1 Newsletter Subscription

  • Only email address required
  • Uses double opt-in procedure
  • Legal basis: Art. 6(1)(a) GDPR

You can unsubscribe anytime.

6.2 Newsletter for Existing Customers

We may send offers related to previous purchases.

  • Legal basis: Art. 6(1)(f) GDPR
  • You may object at any time

7) Data Processing for Order Handling

7.1

Data is shared with:

  • Shipping companies (for delivery)
  • Banks/payment providers (for payment processing)

Legal basis: Art. 6(1)(b) GDPR

7.2 Payment Providers

PayPal

  • Data shared for payment processing
  • May perform credit checks
  • Legal basis: Art. 6(1)(b) and (f) GDPR

SOFORT (Klarna Group)

  • Payment processing service
  • Data shared only as necessary

8) Review Reminder

We may send a one-time email requesting a review if you consented.

  • Legal basis: Art. 6(1)(a) GDPR

9) Social Media Plugins

We use plugins (via secure “Shariff” solution) from:

  • Facebook
  • Google+
  • Instagram

These only activate when clicked and do not transmit data automatically.

10) Online Marketing

10.1 DoubleClick by Google

Used to:

  • Show relevant ads
  • Measure campaign performance
  • Uses cookies
  • Legal basis: Art. 6(1)(f) GDPR

10.2 Google Ads Conversion Tracking

Tracks effectiveness of advertisements.

  • No personal identification
  • Cookies expire after ~30 days

11) Web Analytics

Google Analytics

  • Tracks website usage
  • Uses anonymized IP addresses
  • Legal basis: Art. 6(1)(f) GDPR

You can opt out via browser plugin.

12) Retargeting / Remarketing

Facebook Pixel

Tracks user behavior after ads.

  • Used for marketing optimization
  • Requires consent (Art. 6(1)(a) GDPR)

Google Ads Remarketing

Displays ads based on browsing behavior.

  • Uses cookies
  • Legal basis: Art. 6(1)(f) GDPR

13) Rights of the Data Subject

You have the right to:

  • Access your data (Art. 15 GDPR)
  • Rectify data (Art. 16 GDPR)
  • Erase data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Withdraw consent (Art. 7(3) GDPR)
  • File complaints (Art. 77 GDPR)

Right to Object

You may object at any time to processing based on legitimate interests or direct marketing.

14) Data Retention Period

Personal data is stored according to legal retention periods (e.g. tax laws).
After expiration, data is deleted unless still required.