Privacy policy.

1. Purpose and responsible body

This data protection declaration clarifies the type, scope and purpose of the processing (e.g. collection, processing and use as well as obtaining consent) of personal data within our online offer and the websites, functions and content associated with it (hereinafter jointly referred to as "online offer" or »website«) on. The data protection declaration applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is run.

The provider of the online offer and the body responsible for data protection is VERSA Second Hand (https://www.versa-aesthetics.com), owner: Rebecca Sigfridsson, Okerstrasse 42, 12049 Berlin (hereinafter referred to as "provider", "we" or "us"). . For contact options, we refer to our imprint.

The term "user" includes all customers and visitors of our online offer.

2. Basic information on data processing

We process personal data of users only in compliance with the relevant data protection regulations in accordance with the requirements of data economy and data avoidance. This means that user data will only be processed if there is legal permission, in particular if the data is required to provide our contractual services and online services, or is required by law, or if consent has been given.

We take organizational, contractual and technical security measures according to the state of the art to ensure that the provisions of the data protection laws are observed and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons protection.

If content, tools or other means from other providers (hereinafter jointly referred to as "third-party providers") are used within the scope of this data protection declaration and their registered office is abroad, it can be assumed that data will be transferred to the countries in which the third-party providers are domiciled . Data is transmitted to third countries either on the basis of legal permission, user consent or special contractual clauses that guarantee the legally required security of the data.

3. Processing of personal data

While using our service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

  • Email address

  • First name and last name

  • Phone number

  • Address, postal code, city, country

In addition to the use expressly mentioned in this data protection declaration, the personal data is processed for the following purposes on the basis of legal permissions or user consent:

  • The provision, execution, maintenance, optimization and security of our services and user services

  • Ensuring effective customer service and technical support.

We do not transmit any user data to third parties. The transmission of user data to third parties only if any offers of our website (e.g. through optional offers of use of our website by the provider Squarespace) or the use of our web shop are used. Furthermore, the transfer takes place for other purposes, if these are necessary to fulfill our contractual obligations towards the users (e.g. address notification to suppliers and delivery services).

When contacting us (via the contact form or e-mail), the information provided by the user is stored for the purpose of processing the request and in the event that follow-up questions arise. Personal data will be deleted if they have fulfilled their purpose and the deletion does not conflict with any storage requirements.

4. Collection of access data

We collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider .

We only use the log data without assignment to the person of the user or other profiling in accordance with the legal provisions for statistical evaluations for the purpose of operation, security and optimization of our online offer. However, we reserve the right to subsequently check the log data if there is a justified suspicion of illegal use based on specific indications.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption.

5. Cookies & range measurement

Cookies are pieces of information that are transmitted from our web server or web servers of third parties to the web browser of the user and stored there for later retrieval. Users are informed about the use of cookies in the context of pseudonymous range measurement in the context of this data protection declaration.

Viewing this online offer is also possible with the exclusion of cookies. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

6. Contact option via the website

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 Abs. 1 lit. f DSGVO if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Abs. 1 lit. f DSGVO) or on your consent (Art. 6 Abs. 1 lit. f DSGVO) if this was queried; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you tell us to delete it.

7. Integration of Third-Party Services and Content

It may happen that content or services from third-party providers, such as city maps or fonts from other websites, are integrated within our online offer. The integration of content from third-party providers always presupposes that the third-party providers perceive the IP address of the user, since without the IP address they would not be able to send the content to the user's browser.

The IP address is therefore required for the display of this content. Furthermore, the providers of the third-party content can set their own cookies and process the data of the users for their own purposes. User profiles can be created from the processed data. We will use this content as data-sparingly and data-avoiding as possible and choose reliable third-party providers with regard to data security.

The following presentation offers an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities to object (so-called opt-out):

• Our website is based on "Squarespace" from the third-party provider "Squarespace Ireland, Ltd.", Le Pole House, Ship Street, Great Dublin 8, Ireland. Privacy Policy: squarespace.com/privacy

• There are also links on this website which refer to websites and offers from third parties (for example to our profiles on social networks such as »Instagram« or »Facebook«). Despite careful content control, we assume no liability for the content of external links. The operators of the linked pages are solely responsible for their content.

8. Method of Payment

1) PayPal: The person responsible for processing has integrated PayPal components on this website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal also offers the option of virtual payments via credit cards when a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If the data subject selects "PayPal" as the payment option during the ordering process in our online shop, the data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the affected person in the transmission of personal data required for payment processing. The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data related to the respective order are also required to process the purchase contract. The transmission of the data is intended for payment processing and fraud prevention. The person responsible for processing will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the data controller may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness.

PayPal may pass on the personal data to affiliated companies and service providers or subcontractors insofar as this is necessary to fulfill the contractual obligations or the data is to be processed in the order. The data subject has the option of withdrawing their consent to the handling of personal data from PayPal at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing. PayPal's applicable data protection regulations can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

2) Stripe: Stripe Inc. 354 Oyster Point Blvd South San Francisco, CA 94080 United States is a payment processing platform (similar to PayPal). Stripe OAuth is Stripe’s authorization protocol that uses tokens (rather than sharing password data) to prove identity between consumers and the service provider, and Stripe account access facilitates user registration, login and authentication. Stripe’s applicable data protection regulations can be found at https://stripe.com/en-de/privacy

9. User Rights and Deletion of Data

Users have the right to request information free of charge about the personal data that we have stored about them.

In addition, users have the right to correct inaccurate data, revoke consent, block and delete their personal data as well as the right to lodge a complaint with the responsible supervisory authority in the event that unlawful data processing is assumed. The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements.

10. Complainant to the supervisory authority

In accordance with Art. 77 DS-GVO, you have the right to complain about the collection and processing of your personal data to the competent supervisory authority.

Berliner Beauftragte für Datenschutz und Informationsfreiheit

  • Alt-Moabit 59-61
    10555 Berlin
    Eingang: Alt-Moabit 60

  • Tel.: +49 30 13889-0

  • Fax: +49 30 2155050

  • E-Mail: mailbox@datenschutz-berlin.d

Stand. 01.05.2023