1. Name and contact details of the controller

This privacy policy applies to data processing by:

Controller: Charles GmbH (hereinafter: hey-charles.com)
Gartenstraße 86-87,
10115 Berlin,
Germany

E-Mail: info@hey-charles.com
WhatsApp: +491741922229

Managing Director(s): Andreas Tussing

2. Collection and storage of personal data and the nature and purpose of their use

a) When visiting the website

When you visit our website www.hey-charles.com, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted: 

• IP address of the requesting computer,
• date and time of access,
• name and URL of the retrieved file,
• website from which access is made (referrer URL),
• the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The data mentioned will be processed by us for the following purposes:

• ensuring a smooth connection of the website,
• to ensure a comfortable use of our website,
• evaluation of system safety and stability as well as
• for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for the collection of data. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

In addition, we use cookies and analysis services when you visit our website. You will find more detailed information on this under points 4 and 5 of this privacy policy.

b) When registering for our newsletter

If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your email address to send you our newsletter regularly in connection with our products, events and company news. To receive the newsletter, it is sufficient to provide an email address.

You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can also send your unsubscription request to info@hey-charles.com by e-mail at any time.

c) When using our contact form or making contact via social network

If you have any questions, we offer you the possibility to contact us via a form provided on the website. A valid email address must be provided so that we know who sent the request and can answer it. Further information can be provided voluntarily.

Data processing for the purpose of establishing contact with us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent, unless it is necessary for the execution of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

If you contact us via our presence in the social networks Facebook, LinkedIn or Instagram, we process the personal data that you have deposited with the respective social network.

Data processing for the purpose of establishing contact with us via the social networks is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent, unless it is required for contract processing in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

The personal data collected by us for the use of the contact form or the social network will be automatically deleted after you have completed your enquiry, unless legal storage obligations, e.g. from commercial or tax law, apply.

d) Communication with Charles via WhatsApp

When you order our products through WhatsApp, the app used on your device collects and stores the following order-relevant information from you:

• first name and surname
• phone number
• email address
• date of birth
• clothing size, measurements and preferences
• address
• ordered products and number of orders

The mentioned data will be processed by us for order processing:

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

Additionally, we use MessengerPeople as a data processor within the meaning of Art. 28 GDPR to make Charles, our chatbot on WhatsApp, even more efficient and to improve our customer relationship. This platform allows us to resolve incoming customer inquiries through a central platform with an intuitive user interface and automation options.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, whereby the legitimate interests are in particular the better customer service and the efficiency of the processing of customer inquiries.

In addition, we use analysis services to better adapt our chat assistant to your needs within the framework of the WhatsApp chat and with regard to your order data above. The following information relevant to the analysis will be collected and stored:

• satisfaction with orders
• key attributes of your messages (e.g., style, language, sentiment, emojis)

Data processing for the purpose of chat and order analysis with us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntary consent.

e) When ordering in our online shop

If you have selected a specific product via our WhatsApp chat, you will be redirected to our online shop at www.hey-charles.com . The order data mentioned above will be processed by us for order processing. In addition there are the payment modalities (e.g. by Paypal or Stripe).

When paying via PayPal, credit card via PayPal, direct debit via PayPal, "purchase on account" or "payment by installments" via PayPal, we pass on your payment details to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"). The passing on takes place only in so far as this is necessary for the payment winding up. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "instalment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit assessment with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). If score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. Address data, among other things but not exclusively, is included in the calculation of the score values. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary to process your payment in accordance with the contract. Please refer to PayPal's data protection declaration for further information on data protection, including the credit agencies used: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

If you choose a payment method from payment service provider Stripe, payment will be processed by payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we forward the information you provide during the ordering process, including information about your order (name, address, account number, sort code, credit card number, invoice amount, currency and transaction number if applicable). Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary. For further data protection information please refer to Stripe's data protection declaration: https://stripe.com/de/privacy - translation.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

f) For order processing

Within the framework of order processing, we use the services of various partners (logistics service providers and warehouses) in order to process the order properly. For this purpose, we transmit your name and the recipient address, your e-mail address, telephone number, customer reference number, the name of the invoice recipient and the invoice address. The logistics service providers (e.g., DHL business customer portal) and warehouses are contractually obliged to use this data only for the purpose described above and in accordance with our instructions.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

g) Disclosure in case of company sale

As part of a so-called due diligence (e.g. in the case of company sales), we may disclose personal data to interested purchasers on a random basis if necessary.

The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, the legitimate interest consists in the economic aspect of possibly wanting to merge or sell a company with/to an enterprise. 

3. Data transfer

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

• You have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
• the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
• in the event that there is a legal obligation to pass on data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
• this is legally permissible and required for the execution of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

4. Cookies

We use cookies on our site. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your terminal device and do not contain viruses, Trojans or other malware.

Information is stored in the cookie, which results in each case in connection with the specifically used terminal device. This does not mean, however, that we will immediately become aware of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted after leaving our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal for a specific period of time. If you visit our site again to make use of our services, it is automatically recognized that you have already been with us and which inputs and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to record the use of our website statistically and to evaluate it for the purpose of optimising our offer for you (see point 5). These cookies enable us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. The complete deactivation of cookies may, however, result in you not being able to use all the functions of our website.

5. Analytics tools

a) Tracking tools

The tracking measures listed below and used by us are carried out on the basis of your voluntary consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. With the tracking measures used, we want to ensure that our website is designed to meet your needs and is continually optimised. On the other hand, we use the tracking measures in order to statistically record the use of our website and to evaluate it for you for the purpose of optimising our offer. These interests are to be regarded as justified within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

i) Google Analytics

We use Google Analytics, a web analysis service provided by Google LLC (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter „Google“) , for the purpose of tailoring our pages to meet your needs and continually optimising them. In this context, pseudonymised user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website such as

• browser type/version,
• operating system used,
• referrer URL (the previously visited page),
• host name of the accessing computer (IP address),
• time of the server request,
• Browser-Typ/-Version,

are transferred to a Google server in the USA and stored there. The transfer follows as a permissible third country transfer on the basis of the so-called Privacy Shield between the EU and the USA (see the entry for Google LLC). This information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for market research purposes and to tailor these Internet pages to meet specific needs. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an allocation is not possible (IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie is set to prevent your information from being collected in the future when you visit this website. The opt-out cookie applies only to this browser and only to our website and is placed on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics-help (https://support.google.com/analytics/answer/6004245?hl=de).

ii) Facebook Conversion Pixel

We use the "conversion pixel" or visitor action pixel from Facebook. This is a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). By calling this pixel from your browser, Facebook can then recognize whether a Facebook ad was successful, e.g. whether it led to an online purchase. The transfer follows as a permissible third country transfer on the basis of the so-called Privacy Shield between the EU and the USA (see also the entry for Facebook Inc.). Facebook only provides us with statistical data without reference to a specific person. This enables us to record the effectiveness of Facebook advertisements for statistical and market research purposes. This data processing is necessary to safeguard our overriding legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in order to show visitors to our website only advertising for products in which the user is also interested.

In particular, if you are registered on Facebook, we refer you to their data protection information: http://www.facebook.com/about/privacy/.

6. Social media plug-ins

We use social plug-ins of the social networks Facebook, Twitter and Instagram on our website on the basis of Art. 6 Para. 1 S. 1 lit. f DSGVO in order to make our offer better known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the DSGVO. The responsibility for the data protection-compliant operation is to be guaranteed by their respective providers. The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.

a) Facebook

Social media plugins from Facebook are used on our website to make their use more personal. For this we use the "LIKE" or "SHARE" button. This is an offer from Facebook.

If you call up a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which integrates it into the website.

By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example by pressing the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook may use this information for the purposes of advertising, market research and tailoring Facebook Pages to your needs. To this end, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to associate the information collected through our website with your Facebook account, you must log out of Facebook before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your related rights and setting options for the protection of your privacy can be found in Facebook's data protection information (https://www.facebook.com/about/privacy/).

b) Instagram

Our website also uses social plugins ("Plugins") from Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").

The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera".

When you visit a page on our website that contains such a plugin, your browser connects directly to Instagram's servers. Instagram sends the content of the plugin directly to your browser and integrates it into the page. This integration tells Instagram that your browser has accessed the appropriate page on our site, even if you do not have an Instagram profile or are not logged into Instagram.

This information (including your IP address) is transferred directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, for example by pressing the "Instagram" button, this information is also sent directly to and stored on an Instagram server.

The information is also published to your Instagram account and displayed to your contacts.

If you do not want Instagram to directly associate the data collected via our website with your Instagram account, you must log out of Instagram before visiting our website.

For more information, see Instagram's privacy policy (https://help.instagram.com/155833707900388).

7. Content Management System (Shopify)

For our online shop we use the Content Management System Shopify, a service of Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5. We offer our goods for sale via this platform. The data provided during the ordering process is stored on a Shopify server in the USA. The transfer follows as a permissible third country transfer on the basis of the so-called Privacy Shield between the EU and the USA (see the entry for Shopify Inc.).

Further information can be found in Shopify's privacy policy (https://shopify.com/legal/privacy).

8. WhatsApp

For our chatbot we use the messenger service Whatsapp from WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Through this chat platform, we can contact you for promotional purposes and you can place orders for our goods with us. The information provided during the chat process is stored on a WhatsApp server in the United States. The transfer follows as a permissible third country transfer on the basis of the so-called Privacy Shield between the EU and the USA (see the entry for WhatsApp Inc.).

Further information can be found in WhatsApp's privacy policy (whatsapp.com/legal/?lang=de).

9.  Social media accounts  (Facebook, Instagram)

As the operator of an Instagram and Facebook page, we are joint controllers with the operator of the social network Instagram and Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland) for the purposes of Art. 4 no. 7 in connection with Art. 26 of the GDPR. When visiting our Instagram or Facebook page, personal data is processed by those responsible. The transfer follows as a permissible third country transfer on the basis of the so-called Privacy Shield between the EU and the USA (see also the entry for Facebook Inc.).

The processing of this information is intended, among other things, to enable Facebook to improve its advertising system, which it disseminates via its network. On the other hand, as the operator of the Instagram page, it should enable us to obtain statistics that Facebook generates based on visits to our Instagram page. This is to control the marketing of our activity. For example, it allows us to learn about the profiles of visitors who value our Instagram page or use applications on the site to provide them with more relevant content and develop features that may be of greater interest to them.

To better understand how our Instagram and Facebook pages can help us achieve our goals, we also use the information we collect to create and share demographic and geographic reports. We may use this information to target interest-based advertisements without immediately knowing the visitor's identity. If visitors use Facebook on multiple devices, the collection and analysis may also be cross-device if they are registered visitors logged into their own profile.

The visitor statistics compiled are transmitted to us exclusively in anonymous form. We do not have access to the underlying data.

We operate the Instagram and Facebook pages to present and communicate with Instagram and Facebook users and other interested people who visit our Instagram and Facebook pages. The processing of users' personal data takes place on the basis of our legitimate interests in an optimised company presentation and customer communication (Art. 6 Para. 1 S. 1 lit. f DSGVO).

The agreements with Facebook also on joint responsibility essentially result in information requests and the assertion of further rights of data subjects being asserted directly with Facebook. Because as the provider of the social network and the opportunity to integrate Facebook pages there, Facebook alone has direct access to the necessary information and can also immediately take any necessary measures and provide information. Should our support nevertheless be necessary, we can be contacted at any time. For more details, see: https://www.facebook.com/legal/terms/page_controller_addendum.

9. Rights of data subjects

You have the right:

• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision-making process including profiling and, if applicable, meaningful information on its details;
• in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
• to demand the deletion of your personal data stored by us in accordance with Art. 17 DSGVO, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
• to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the correctness of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 DSGVO;
• in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request the transfer to another responsible person;
• in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future, and
• to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or at our company headquarters.

10. Right of objection

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation.

If you would like to make use of your right of revocation or objection, simply send an e-mail to info@hey-charles.com.

11. Data security

We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

12. Actuality und changes to this privacy policy

This privacy policy is currently valid and as of July 2019.

Due to the further development of our website and offers about it or due to changed legal or official requirements, it may be necessary to change this privacy policy. You can call up and print out the current privacy policy at any time on the website at https://hey-charles.com/policies/privacy-policy