Privacy Policy

1. General Information

We appreciate your visit to our website and your interest in Donna’s Collective. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website.
Personal data refers to any information that can be used to identify you directly or indirectly.

The data controller responsible for processing personal data on this website, in accordance with the General Data Protection Regulation (GDPR), is:

Donna’s Collective
Email: info@donnas-collective.com

The data controller is the entity that determines the purposes and methods of processing personal data.

Our website uses SSL/TLS encryption to ensure secure transmission of data. You can recognize this by the “https://” prefix and the lock symbol in your browser.

We do not use automated decision-making or profiling that produces legal or similarly significant effects as defined under Article 22 GDPR.

2. Data Collection When Visiting Our Website

If you browse our website without registering or submitting information, we collect only technical data that your browser automatically transmits to our server (“server log files”). This includes:

  • Visited pages

  • Date and time of access

  • Amount of data transferred

  • Referring URL

  • Browser type and version

  • Operating system

  • IP address (anonymized where applicable)

This data is processed under Article 6(1)(f) GDPR based on our legitimate interest in ensuring website security, stability, and performance. The data is not combined with other data sources and is used solely for technical and security purposes. We reserve the right to review this data if there is evidence of misuse.

3. Cookies

Our website uses cookies to improve usability and provide certain functions. Cookies are small text files stored on your device.

Some cookies are deleted when you close your browser (session cookies). Others remain stored and allow recognition of your browser on future visits (persistent cookies).

Cookies may collect information such as browser details, location data, or IP addresses. Persistent cookies are automatically deleted after a defined period.

Cookies are used, for example, to store items in your shopping cart or to improve site navigation. Where personal data is processed, this occurs under:

  • Article 6(1)(b) GDPR for contract-related processing

  • Article 6(1)(f) GDPR for legitimate interests in usability and functionality

We may work with third-party partners who place cookies to support marketing or analytics. You will be informed where applicable.

You can manage cookie settings in your browser at any time. Please note that disabling cookies may limit website functionality.

4. Contacting Us

When you contact us via email or a contact form, we collect the information you provide in order to respond to your inquiry.

The legal basis for this processing is Article 6(1)(f) GDPR (legitimate interest in communication). If your inquiry relates to a contract, Article 6(1)(b) GDPR applies.

Your data will be deleted once your request has been fully handled, unless legal retention requirements apply.

5. Customer Accounts and Contract Processing

When you place an order or create a customer account, we collect and process personal data necessary to fulfill the contract under Article 6(1)(b) GDPR.

You may request deletion of your customer account at any time by contacting us. After contract completion or account deletion, your data will be restricted and deleted after statutory retention periods expire, unless further use is legally permitted or explicitly consented to.

6. Email Marketing

6.1 Newsletter Subscription

If you subscribe to our newsletter, we will send you updates and offers by email. Only your email address is required.

We use a double opt-in process. After subscribing, you will receive a confirmation email to verify your consent. This processing is based on Article 6(1)(a) GDPR.

We store the IP address and timestamp of registration to prevent misuse. You may unsubscribe at any time using the link in the newsletter or by contacting us.

6.2 Existing Customer Emails

If you provided your email address during a purchase, we may send you information about similar products based on Article 6(1)(f) GDPR. You may opt out at any time by contacting us. Upon objection, your email will no longer be used for marketing.

7. Order Processing and Payments

7.1 Shipping and Payment

To fulfill your order, personal data may be shared with shipping providers and payment institutions where required. This processing is based on Article 6(1)(b) GDPR.

7.2 Payment Providers

PayPal
Payments processed via PayPal are handled by PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg. PayPal may conduct credit checks for certain payment methods based on its legitimate interests. Further details can be found in PayPal’s Privacy Policy.

SOFORT / Klarna
Payments via SOFORT are processed by Klarna Group entities. Order and payment details are transferred as necessary for payment processing.

8. Review Requests

With your explicit consent, we may send a one-time email asking you to review your purchase. This consent can be withdrawn at any time by contacting us.

9. Social Media Plugins

Our website includes links to social media platforms such as Facebook, Instagram, and Google services. These are implemented using privacy-friendly methods that prevent automatic data transfer until you click a link.

When you click a social media link, you are redirected to the respective platform, where their privacy policies apply.

10. Online Advertising and Analytics

We may use tools such as Google Ads, remarketing, and analytics services to improve our marketing and website performance. These tools may use cookies and anonymized data under Article 6(1)(f) GDPR or based on your consent.

You can manage advertising preferences via your browser or provider settings.

11. Analytics Services

We use Google Analytics with IP anonymization to analyze website usage. Data is processed to understand visitor behavior and improve our services. You can opt out using browser settings or Google’s opt-out tools.

12. Retargeting and Remarketing

We may use remarketing technologies (such as Facebook Pixel or Google Ads Remarketing) to show relevant ads. These technologies operate only with your consent where required and can be disabled via your browser or ad preference settings.

13. Your Rights Under GDPR

You have the right to:

  • Access your data (Art. 15 GDPR)

  • Correct inaccurate data (Art. 16 GDPR)

  • Request deletion (Art. 17 GDPR)

  • Restrict processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Withdraw consent at any time (Art. 7(3) GDPR)

  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

You also have the right to object to processing based on legitimate interests or for direct marketing purposes.

14. Data Retention

Personal data is stored only as long as necessary to fulfill contractual or legal obligations. After retention periods expire, data is deleted unless continued storage is legally justified.

15. Contact

For questions about this Privacy Policy or to exercise your rights, please contact:

Donna’s Collective
Email: info@donnas-collective.com