Privacy Policy

PRIVACY POLICY

Information on the Collection and Processing of Personal Data

We appreciate your visit to our website and your interest in Sarah’s Boutique. Protecting your personal data is important to us. Below, we explain how your personal information is collected, processed, and protected when you use our website.

Personal data refers to any information that can be used to identify you personally.

1. Responsible Party

The data controller responsible for data processing under the General Data Protection Regulation (GDPR) is:

Sarah’s Boutique
Email: info@sarahs-boutique.com

The data controller is the individual or legal entity that determines the purposes and means of processing personal data.

2. Website Security

For security reasons and to protect confidential content such as orders or inquiries, our website uses SSL or TLS encryption.
You can recognize an encrypted connection by “https://” in your browser address bar and the lock symbol.

No automated decision-making or profiling as defined in Article 22 GDPR takes place on this website.

3. Data Collection When Visiting Our Website

When you visit our website for informational purposes only, we automatically collect the data transmitted by your browser to our server (server log files). This includes:

  • Visited website

  • Date and time of access

  • Amount of transmitted data

  • Referrer source

  • Browser type and version

  • Operating system

  • IP address (anonymized where possible)

This processing is carried out under Article 6(1)(f) GDPR based on our legitimate interest in ensuring website stability and functionality.

4. Cookies

Our website uses cookies to improve functionality and user experience.

Cookies are small text files stored on your device. Some cookies are deleted when your browsing session ends (session cookies), while others remain stored to recognize your browser on future visits (persistent cookies).

Cookies may collect technical information such as browser type, location data, and IP address.

Processing is based on:

  • Article 6(1)(b) GDPR for contract performance

  • Article 6(1)(f) GDPR for legitimate business interests

When legally required, cookies are used only after your consent via our cookie banner.

You can manage cookie preferences through your browser settings. Please note that disabling cookies may limit website functionality.

5. Contacting Us

When you contact us via email or contact form, personal data is collected as required to respond to your inquiry.

This data is processed exclusively for communication purposes under Article 6(1)(f) GDPR.
If the inquiry relates to a contract, processing is additionally based on Article 6(1)(b) GDPR.

Your data is deleted once your request has been fully resolved, unless legal retention obligations apply.

6. Customer Accounts and Order Processing

When you create a customer account or place an order, we process personal data necessary to fulfill the contract in accordance with Article 6(1)(b) GDPR.

You may request deletion of your customer account at any time by contacting us.
After completion of contractual obligations, data is deleted in accordance with applicable commercial and tax retention laws.

7. Email Marketing

7.1 Newsletter Subscription

If you subscribe to our newsletter, we use your email address solely for sending updates and offers.

We use a double opt-in procedure. Subscription is confirmed only after clicking a verification link sent to your email.

Processing is based on Article 6(1)(a) GDPR.
You may unsubscribe at any time using the link provided in each email.

7.2 Marketing to Existing Customers

If you provided your email address during a purchase, we may send you information about similar products based on Article 6(1)(f) GDPR.

You may object to this use at any time by contacting us.

8. Order Processing and Payment Providers

To complete your order, necessary personal data may be shared with:

  • Shipping providers for delivery

  • Payment service providers for transaction processing

This is carried out under Article 6(1)(b) GDPR.

Payment Providers May Include:

  • PayPal

  • Klarna / SOFORT

  • Credit or debit card processors

Each provider processes data in accordance with its own privacy policy.

9. Review Reminder Emails

With your consent, we may send a one-time review reminder email following your purchase.

Processing is based on Article 6(1)(a) GDPR.
You may withdraw your consent at any time.

10. Social Media Plugins

Our website may include links to social media platforms such as:

  • Facebook

  • Instagram

These plugins are implemented using privacy-friendly solutions. Data is only transferred when you actively click on the respective link.

Each platform processes data in accordance with its own privacy policy.

11. Online Advertising and Analytics

Google Analytics

We use Google Analytics with IP anonymization enabled to analyze website usage.

Processing is based on Article 6(1)(f) GDPR.

You may opt out via browser settings or the Google Analytics opt-out browser add-on.

Advertising & Remarketing

We may use advertising tools such as:

  • Google Ads

  • Facebook Pixel

These services help us evaluate campaign performance and display relevant advertisements. Data processing occurs only with your consent where legally required.

12. Rights of Data Subjects

Under the GDPR, you have the following rights:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction of processing (Art. 18)

  • Right to data portability (Art. 20)

  • Right to withdraw consent (Art. 7)

  • Right to lodge a complaint (Art. 77)

You may exercise any of these rights by contacting us at:

info@sarahs-boutique.com

13. Data Retention

Personal data is stored only for as long as legally required or necessary for contractual obligations. Once retention periods expire, data is securely deleted.

14. Contact

If you have any questions regarding this Privacy Policy or your personal data, please contact:

Sarah’s Boutique
📧 info@sarahs-boutique.com