Data protection

1) Introduction and Contact Details of the Responsible Party

​

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data refers to any data that can personally identify you.

​

1.2 The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Sandra Lehmann, Alessanara, Platanenweg 3, 04158 Leipzig, Germany, Tel.: +49 15226375427, Email: info@alessanara.com. The responsible party for processing personal data is the individual or legal entity that decides on the purposes and means of processing personal data, alone or together with others.

​

2) Data Collection When Visiting Our Website

​

2.1 When you use our website purely for informational purposes, meaning you do not register or otherwise provide us with information, we only collect the data your browser transmits to our server (“server log files”). When you access our website, we collect the following data necessary for technical purposes to display the website to you:

• Our visited website

• Date and time at the time of access

• Amount of data sent in bytes

• Source/reference from which you accessed the page

• Browser used

• Operating system used

• IP address used (if applicable, in anonymized form)

Processing is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be transferred or otherwise used. However, we reserve the right to review the server log files retrospectively if there are specific indications of unlawful use.

​

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to the responsible party), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" string and the lock symbol in your browser line.

​

3) Hosting & Content Delivery Network

​

3.1 Amazon Web Services

For hosting our website and displaying its content, we use the system of the following provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA. All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider to ensure the protection of our site visitors’ data and to prevent unauthorized disclosure to third parties. For data transfers to the USA, the provider adheres to the EU-US Data Privacy Framework based on an adequacy decision by the European Commission, ensuring compliance with European data protection levels.

​

3.2 Wix

​

For hosting our website and displaying its content, we use the system of the following provider: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel. Data is also transferred to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA. All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider to ensure the protection of our site visitors’ data and prevent unauthorized disclosure to third parties. An adequate level of data protection is ensured for data transfers to the provider's location by an adequacy decision of the European Commission.

​

3.3 Google Cloud CDN

​

We use a content delivery network of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This service enables us to deliver large media files, such as graphics, content, or scripts, faster through a network of regionally distributed servers. Processing takes place to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Article 6(1)(f) GDPR. Data may also be transferred to: Google LLC, USA. We have concluded a data processing agreement with the provider to ensure the protection of our site visitors’ data and prevent unauthorized disclosure to third parties.

​

4) Cookies

​

To make our website more attractive and enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), while some remain on your device for longer, allowing us to save settings (so-called “persistent cookies”). You can view the storage duration of these in your browser's cookie settings.

​

5) Contact

​

When you contact us (e.g., via contact form or email), personal data is processed solely for the purpose of responding to your inquiry. The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Article 6(1)(f) GDPR.

​

6) Data Processing When Opening a Customer Account

​

Personal data will continue to be collected and processed as necessary when you provide it to us when opening a customer account in accordance with Article 6(1)(b) GDPR.

​

7) Use of Customer Data for Direct Advertising

​

Subscription to our Email Newsletter

​

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. For sending the newsletter, we use the double opt-in process to ensure you only receive the newsletter after confirming your subscription by clicking a verification link sent to the specified email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) lit. a GDPR. We store your IP address provided by your internet service provider (ISP), along with the date and time of subscription, to track any potential misuse of your email address at a later date. The data collected during newsletter registration is strictly used for this purpose.

​

You may unsubscribe from the newsletter at any time by using the link provided in the newsletter or by notifying the responsible party mentioned at the beginning of this document. After unsubscribing, your email address will be immediately removed from our newsletter distribution list unless you have expressly consented to further use of your data, or we reserve the right to use your data beyond this, as permitted by law, which we inform you of in this statement.

 

8) Data Processing for Order Fulfillment

​

8.1 As required for contract processing, we share the personal data collected for delivery and payment purposes in accordance with Art. 6 (1) lit. b GDPR with the appointed transport company and the payment institution.

If we owe you updates for goods with digital elements or digital products based on a relevant contract, we process the contact data provided at the time of order (name, address, email) to personally inform you via an appropriate communication method (e.g., post or email) about forthcoming updates within the legally required period, in line with our legal information obligations under Art. 6 (1) lit. c GDPR. Your contact details are strictly used for notifications about updates we owe you and are processed solely as required for each notification.

​

To fulfill your order, we also collaborate with the following service provider(s), who assist us in implementing completed contracts. Certain personal data is transferred to these service providers as outlined below.

​

8.2 Use of Payment Service Providers

• Wix Payments

On this website, one or more online payment methods from the following provider are available: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel

​

If you select a payment method from this provider that requires prepayment (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and credit card details, currency, and transaction number) and information about your order are shared with this provider in accordance with Art. 6 (1) lit. b GDPR. Data transfer is strictly for the purpose of payment processing with the provider and only to the extent necessary.

Within these services, data may also be processed further by Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA.

​

For data transfers to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission. For data transfers to the USA, the provider relies on the European Commission’s standard contractual clauses, which are intended to ensure European data protection standards.

​

9) Tools and Other

​

Cookie-Consent Tool

​

This website uses a “cookie-consent tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The tool is presented to users as an interactive interface upon visiting the site, allowing them to grant consent for specific cookies and/or cookie-based applications by checking boxes. Only if users grant their consent are such cookies set on their device.

​

The tool sets technically necessary cookies to store your cookie preferences. Generally, no personal data is processed here. If, in individual cases, personal data is processed for storage, assignment, or logging of cookie settings (such as the IP address), this occurs based on our legitimate interest under Art. 6 (1) lit. f GDPR in legally compliant, user-specific consent management and in legally compliant design of our website.

​

Another legal basis for processing is Art. 6 (1) lit. c GDPR. As controllers, we are legally obligated to make the use of technically unnecessary cookies dependent on user consent. If required, we have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.

​

For further information on the provider and configuration options of the cookie-consent tool, please refer to the corresponding user interface on our website.

​

10) Data Subject Rights

​

10.1 Applicable data protection law grants you the following data subject rights with regard to the processing of your personal data by the controller, with reference to the respective legal basis:

• Right of access according to Art. 15 GDPR;

• Right to rectification according to Art. 16 GDPR;

• Right to erasure according to Art. 17 GDPR;

• Right to restrict processing according to Art. 18 GDPR;

• Right to notification according to Art. 19 GDPR;

• Right to data portability according to Art. 20 GDPR;

• Right to revoke granted consent according to Art. 7 (3) GDPR;

• Right to lodge a complaint according to Art. 77 GDPR.

 

10.2 RIGHT TO OBJECT

​

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS UNDER AN INTEREST-BALANCING ASSESSMENT, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING BASED ON YOUR PARTICULAR SITUATION.

​

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING YOUR DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR IF THE PROCESSING SERVES TO ESTABLISH, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING AT ANY TIME. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING YOUR DATA FOR DIRECT ADVERTISING PURPOSES.

​

11) Duration of Storage of Personal Data

​

The duration of personal data storage is determined by the relevant legal basis, processing purpose, and any applicable statutory retention period (e.g., commercial and tax retention periods).

​

For data processing based on explicit consent under Art. 6 (1) lit. a GDPR, data is stored until you withdraw your consent. If statutory retention periods exist for data processed for contractual obligations under Art. 6 (1) lit. b GDPR, such data will be routinely deleted upon expiration of the retention periods, provided they are no longer required for contract fulfillment or initiation, and/or no legitimate interest for continued storage exists.

For processing based on Art. 6 (1) lit. f GDPR, data is stored until you exercise your right to object under Art. 21 (1) GDPR, unless compelling legitimate grounds for processing exist that override your interests, rights, and freedoms or if the processing serves to establish, exercise, or defend legal claims.

​

For data processed for direct advertising purposes under Art. 6 (1) lit. f GDPR, data is stored until you exercise your right to object under Art. 21 (2) GDPR. If no other specific processing situations are mentioned in this statement, stored personal data will otherwise be deleted when no longer necessary for the purposes they were collected or processed for.