As we are a company registered in and operating from Germany, our operations are legally bound under German law.

​

Data Privacy Policy

 

Last Updated: 26.12.2024

 

Thank you for visiting our website, www.cottonballon.com ("Website"). At Cotton Ballon, we prioritize your privacy and are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable laws. This Data Privacy Policy explains how we collect, use, and protect your information. By using our Website, you agree to the practices described in this policy.

​

1. Data Controller

The Data Controller responsible for data processing on this Website is:

Cotton Ballon

Kawita Coste
Email: kawita@cottonballon.com
 

2. Categories of Personal Data We Collect

We may collect and process the following personal data:

• Identity Data: Name

• Contact Data: Email address, phone number, billing, and delivery address.

• Financial Data: Payment card details (processed securely by third-party payment providers).

• Transaction Data: Details about payments, orders, and products you have purchased.

• Technical Data: IP address, browser type, and operating system.

• Usage Data: Information about how you use our Website.

• Subscription, Marketing and Communication Data:  Your subscriber status if applicable, and preferences for receiving marketing communications.

• Cookies and Similar Technologies: Collected to enhance your experience (see Section 8).

​

3. Purpose and Legal Basis for Processing

We use your data for the following purposes and based on the following legal grounds:

• Performance of a Contract: To process and deliver your orders, manage payments, and provide customer support.

• Legal Obligations: To comply with legal and regulatory requirements.

• Legitimate Interests: To improve our Website, ensure security, prevent fraud, and understand customer needs.

• Consent: For marketing communications and optional cookies, where you have given explicit consent.

​

4. Sharing of Data

Your data may be shared with the following entities:

• Service Providers: Third-party companies providing services such as payment processing, delivery, accounting, hosting, and marketing.

  • Website Hosting and Platform Services: Our Website is built on the Wix platform. Wix processes certain technical and operational data as a data processor under GDPR, including hosting data, managing databases, and supporting website functionality. Additionally, Wix tracks customer sources and behavior on the Website. For example, Wix collects data on whether customers arrive via social media (e.g., Instagram or Facebook), email campaigns, or search engines. Wix also monitors how customers navigate the site and interact with the buying process, such as tracking conversion rates from specific sources. This information helps us understand customer behavior and improve our marketing and sales strategies. For more information, please refer to Wix’s privacy policy.

  • Payment Processing: We use PayPal and Stripe to securely process payments. When you make a payment, your payment information is handled directly by these providers in compliance with GDPR. We do not store or access your full payment details. Please refer to the privacy policies of PayPal and Stripe for more information on how they handle your data.

  • Shipping Services: We exclusively use DHL for shipping services. To facilitate delivery, we manually transfer customer identity, contact, and order details into the DHL business customer portal. DHL processes this information in compliance with GDPR. For more details, please refer to DHL's privacy policy.

  • Accounting and Tax Services: We work with Munich InterTrust GmbH for accounting and tax handling. This company has access to customer identity, contact, and transaction data strictly for accounting and tax purposes. Munich InterTrust processes this information in compliance with GDPR under a Data Processing Agreement.

• Authorities: Legal and regulatory authorities, if required.

• Business Transfers: In the event of a merger, acquisition, or sale of assets.

We ensure that all third parties adhere to GDPR and handle your data securely.

​

5. International Data Transfers

If your personal data is transferred outside the European Economic Area (EEA), we will ensure it is protected by appropriate safeguards, such as standard contractual clauses or equivalent mechanisms.

​

6. Data Security

Through our partners, we implement robust security measures, including encryption and secure access controls, to protect your personal data. However, no online platform is completely secure, and we encourage you to protect your customer information.

​

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or to comply with legal obligations. Retention periods depend on the nature of the data and the purpose of processing.

​

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. You can manage your cookie preferences through your browser settings or by using the cookie consent tool available on our Website.

​

9. Your Rights Under GDPR

As an EU resident, you have the following rights:

• Access: Request access to your personal data.

• Rectification: Request correction of inaccurate data.

• Erasure: Request deletion of your data ("right to be forgotten").

• Restriction: Request limitation of data processing.

• Objection: Object to data processing based on legitimate interests.

• Portability: Request transfer of your data to another service provider.

• Withdraw Consent: Withdraw consent for processing based on consent.

• Complaint: Lodge a complaint with a supervisory authority in your country.

To exercise your rights, please contact us at kawita@cottonballon.com

​

10. Third-Party Links

Our Website may include links to third-party websites. We are not responsible for their privacy practices, and we recommend reviewing their privacy policies.

​

11. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Updates will be posted on this page with the "Last Updated" date.

​

12. Contact Us

If you have questions about this policy or your personal data, please contact us at:

Cotton Ballon
Email: kawita@cottonballon.com