Privacy Policy

PRIVACY POLICY

1) Information on the Collection of Personal Data and Contact Information of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data includes all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Boreal Boutique & Co Toronto . The controller of personal data is the individual or legal entity that decides, alone or jointly with others, on the purposes and means of processing personal data.

1.3 For security and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.

2) Data Collection When Visiting Our Website

If you use our website purely for information purposes (i.e., without registering or transmitting other information), we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data necessary to display the website:

  • The website you visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/referrer from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (if applicable, in anonymized form)

Processing is based on our legitimate interest in improving the stability and functionality of our website under Art. 6(1)(f) GDPR. This data is not transmitted or used for other purposes, except where specific evidence of unlawful use may require retrospective review of server log files.

3) Cookies

To make our website more attractive and to enable certain functions, we use cookies on various pages. Cookies are small text files stored on your device. Some cookies are deleted after the browser session (session cookies), while others remain on your device to recognize your browser on future visits (persistent cookies). Specific user information (e.g., browser and location data or IP address) is processed by these cookies within the individual scope. Persistent cookies are automatically deleted after a specified duration, which may vary by cookie.

Cookies may simplify ordering processes by saving settings (e.g., the contents of a virtual shopping cart). The processing of personal data by cookies takes place based on Art. 6(1)(b) GDPR, either for contract execution or on our legitimate interest in the website's best functionality and a user-friendly visit under Art. 6(1)(f) GDPR.

We may work with advertising partners to make our website more interesting. If this occurs, cookies from partner companies may also be stored on your device (third-party cookies), with specific information on these cookies detailed below.

Please note that you can configure your browser to inform you about cookies and to decide individually whether to accept them or to exclude cookies in specific cases or generally. Each browser differs in how it manages cookie settings, which are described in each browser’s help menu.

4) Contact

When contacting us (e.g., via contact form or email), personal data is collected. The data collected in a contact form is visible within the form itself. Data is stored and used solely for the purpose of responding to your inquiry or for technical administration. The legal basis for processing is our legitimate interest in responding to your inquiry per Art. 6(1)(f) GDPR. If your inquiry concerns a contract, Art. 6(1)(b) GDPR serves as an additional legal basis. Your data will be deleted once your inquiry is fully resolved, provided there are no legal retention obligations.

5) Data Processing for Account Creation and Contract Processing

Under Art. 6(1)(b) GDPR, personal data is collected and processed if provided to us for contract execution or account creation. The data required is indicated in each input form. You may delete your account at any time by notifying the controller. Your data is stored for contract processing and deleted after tax and commercial retention periods unless you consent to further use or legally allowed further use.

6) Use of Your Data for Direct Advertising

6.1 Newsletter Registration

If you register for our email newsletter, we regularly send information on our offers. Only your email address is required for sending the newsletter. Additional data may be provided voluntarily for personalized communication. For newsletter distribution, we use the double opt-in procedure, only sending newsletters upon your explicit consent, confirmed by a confirmation link. You can unsubscribe from the newsletter anytime through a link in each newsletter.

6.2 Newsletter for Existing Customers

If you provide your email address when purchasing goods or services, we reserve the right to send offers on similar products or services via email under our legitimate interest in direct advertising per Art. 6(1)(f) GDPR. You may object to this use of your email at any time with future effect.

7) Order Processing Data

7.1 Personal data necessary for contract execution is forwarded to the delivery company and the financial institution responsible for payment processing as required. Legal basis for data sharing is Art. 6(1)(b) GDPR.

7.2 Payment Service Providers

  • PayPal: When using PayPal, payment data may be transferred to PayPal under Art. 6(1)(b) GDPR.
  • SOFORT: Payment via SOFORT involves processing through SOFORT GmbH, with data shared solely as necessary for payment processing.

8) Contact for Review Reminders

We may use your email to send a one-time reminder to review your order if you have given explicit consent (Art. 6(1)(a) GDPR).

9) Use of Social Media Plugins

  • Facebook: Social plugins are integrated as links to ensure no data is transmitted to Facebook servers until the plugin is activated.
  • Google+ and Instagram: Similar plugin integration as Facebook to prevent data transfer until the plugin is activated.

10) Online Marketing

10.1 DoubleClick by Google uses cookies to display relevant ads and prevent repeated ad views. Google receives information on parts of our website accessed and can track conversions if users later visit the advertiser's website.

10.2 Google AdWords Conversion Tracking enables us to measure the effectiveness of our AdWords campaigns. Users may disable this tracking if they wish.

11) Web Analysis Services

We use Google Analytics for analyzing website use, which collects data on user behavior. IP anonymization is enabled for privacy.

12) Retargeting/Remarketing/Recommendation Advertising

  • Facebook Custom Audience uses a pixel to track user actions for advertising effectiveness.
  • Google AdWords Remarketing helps target ads based on website visits.

13) Data Subject Rights

13.1 You have the right to request information, correction, deletion, restriction of processing, and data portability under GDPR.

13.2 You also have the right to object to processing based on legitimate interests or direct marketing purposes at any time.

14) Duration of Data Storage

Personal data storage duration is based on legal retention periods, after which data is deleted unless needed for contract fulfillment or legal claims.