Privacy PolicY

MIRI WORLD LTD
Company number 15771958

1. Security and protection of your data when visiting our website

MIRI WORLD LTD with trading name ‘cesENFANTS’ (referred to hereafter as 'cesENFANTS' or 'we') takes the protection of your personal data very seriously and uses extreme care and the most advanced security standards to guarantee it.

We consider it our overriding responsibility to safeguard the confidentiality of the personal data provided by you and to protect them from unauthorized access. 

  1. Definitions
    In order to ensure a transparent and easily understandable declaration regarding the processing of your personal data, we would like to inform you about the individual legal definitions used in this privacy policy:

  2. Personal Data
    'Personal data' means any information relating to an identified or identifiable natural person (hereafter referred to as 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  3. Processing
    'Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

  4. Restriction of processing
    'Restriction of processing' means the marking of stored personal data with the aim of limiting their processing in the future.

  5. Profiling
    'Profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

  6. Pseudonymization
    'Pseudonymization' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

  7. Filing system
    'File system' means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.

  8. Data controller
    'Data controller' means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

  9. Processor
    'Processor' means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

  10. Recipient
    'Recipient' means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

  11. Third-party
    'Third-party' means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

  12. Consent
    'Consent' of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 

2. Lawfulness of processing

Processing shall be lawful only if there is a legal basis for processing data. Pursuant to Article 6 paragraph 1
points (a) – (f) GDPR such legal basis for processing data can be in particular: 

  1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

  2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

  3. processing is necessary for compliance with a legal obligation to which the controller is subject;

  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;

  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. 

3. Calling up and visiting our website – server log files; Hosted by Shopify

(1) In case of a merely informative use of the website, i.e. if you do not register, buy something, or disclose data to us in other ways, we collect only those personal data which your browser transmits to our server. For the purpose of the technical provision of the website, it is necessary for us to process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically recorded each time our website is accessed and automatically stored in so-called server log files. This includes:

  • IP address

  • Date and time of your inquiry

  • Time zone difference to Greenwich Mean Time (GMT)

  • Content of the request (actual page)

  • Access status/HTTP status code

  • Transmitted data volume

  • Website from which the request is received

  • Browser

  • Operating system and its interface

  • Language and version of the browser software.

The storage of the aforementioned access data is necessary to provide a functional website and to ensure system security for technical reasons. This also applies to the storage of your IP address, which is necessary and, under certain conditions, can at least theoretically enable an assignment to your person. In addition to the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimization of our website, purely statistically and without any conclusions about your person. This data is not merged with other data sources, and the data is not evaluated for marketing purposes.

The access data collected as part of the use of our website is only kept for the period for which this data is required to achieve the above purposes. 

If you visit our website to find out about our range of products and services or to use them, the basis for the temporary storage and processing of the access data is Art. 6 (1) (b) GDPR (Legal basis) that allows the processing of data to fulfill a contract or to carry out pre-contractual measures. In addition, Art. 6 (1) (f) GDPR serves as the legal basis for the temporary storage of the technical access data. Our legitimate interest is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.

(2) Our shop is hosted by Shopify Inc. Shopify offers us an e-commerce platform that allows us to sell our goods and services to you. Your data are administered via data storage, a database and generally the Shopify app. Shopify stores your data on a secure server behind a firewall. If you pay by credit card, Shopify stores your credit card data. These are encrypted using the Payment Card Industry Data Security Standard (PCI-DSS). The data of your purchase will be stored only as necessary for the duration of your purchase. As soon as it is completed, your purchase data are erased. All direct payment portals are subject to the PCI-DSS standard and are administered by PCI Security Standards Council, a joint initiative by Visa, MasterCard, American Express and Discover. PCI-DSS conditions help to ensure secure payment transactions using your credit card information in our shop and with service providers. More detailed information can be found in the terms of use (https://www.shopify.com/legal/terms) or privacy policies (https://www.shopify.com/legal/privacy) of Shopify.

4. Processing of personal data when contacting, setting up a customer account and paying in the online shop

(1) If you contact us by email at info@cesenfants.com, the data disclosed by you to us (email address, if necessary, your name and your telephone number) are stored by us to allow us to answer your questions. We erase the data collected in this context after storage is no longer necessary or if processing is restricted, unless legal retention obligations exist. This data processing takes place on the basis of Art. 6 (1) (a) GDPR in connection with the consent you have given. 

(2) If you buy products via our website or if you open a customer account for the administration of your current or future orders, we collect for this purpose, the data that we need for the performance of the contract. These can be seen in the respective input fields for registration (customer account) or the purchase order form. When you place an order, we need as a minimum, the obligatory data marked with a star (*). We use this data in accordance with Art. 6 (1) (b) GDPR to process the contract and to process your inquiries. 

(3) Aside from payment by credit card, we also offer other payment methods for the use of our cybershop and for this purpose avail ourselves of various other payment service providers with whom we have signed third-party data processing agreements. We disclose different data to the various payment service providers depending on which payment method you have chosen. The legal basis for the transmission is – depending on the payment provider – Art. 6 (1) (a, b, or f) GDPR (see below).

Here are is our payment service provider:

Stripe

On our website, we offer payment via Stripe and the associated payment methods. The provider of this payment service is

Stripe Payments Europe Ltd
The One Building
Lower Grand Canal St
Dublin 2
Ireland
Contact: support@stripe.com

(hereafter: Stripe).

If you choose payment via Stripe, the payment data entered by you are disclosed to Stripe. The disclosure of your data to Stripe takes place on the basis of Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (processing for the performance of a contract). You have the option to withdraw your consent to the data processing at any time. A withdrawal does not affect the validity of past data processing operations. All data necessary for payment processing will be used exclusively for the execution of the payments and transmitted following 'SSL' procedures.

Stripe also might carry out an identity and creditworthiness check. In this process, the data provided by you for the purchase are compared with the existing data of a credit rating agency. These data are processed based on an explicit consent granted by you, the legal principle being Art. 6 para. 1 clause 1 point (a) GDPR. In accordance with Art. 7 (3) GDPR you may withdraw the granted consent effective for the future at any time and for any reason. 

Detailed information on Stripe's privacy policy can be found here: https://stripe.com/en-gb-at/privacy 

(5) We will also disclose your contact data to the responsible shipper if this is necessary for processing your order (here: delivery of the goods). 

(6) Based on the rules and regulations of commercial and fiscal law, we are obligated to store your address as well as your payment and order data for the duration of ten years. However, we restrict processing after two years, i.e. your data will be used only in order to comply with legal obligations. Your data will only be used to comply with legal obligations. The legal basis for this is Art. 6 (1) (c) GDPR.

5. Newsletter

(1) With your consent, you may subscribe to our newsletter in which we inform you about our current special offers. The promoted goods and services are described in the declaration of consent. The legal basis is Art. 6 (1) (a) GDPR.

(2) The only obligatory information for the subscription to our Newsletter is your email address. The provision of additional, separately marked data is voluntary and is used in addressing you personally. After your confirmation, we store your email address for the purpose of sending you the newsletter.

(3) You may withdraw your consent to the subscription of the Newsletter at any time and you may cancel the newsletter at any time. You may confirm the withdrawal by clicking on the link provided in each e-mailed newsletter or by sending a message to the contact data indicated in the imprint.

6. Use of cookies and related features/technology 

We use cookies and/ or other similar technologies such as device-IDs, pixel tags and web beacons on our website to collect and store information about you.

What are cookies?

Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure, and to enable the provision of certain functions. Cookies are small text files placed on your computer and stored by your browser. A cookie contains a character string that enables your browser to be uniquely identified when you visit the website again.

How does our website use cookies?

Our website uses cookies (alone or combined) to create a unique device ID, and to distinguish you from other users. This helps us to improve your experience and improve our website. We also use cookies to keep our website secure and to understand how users navigate around the website.

You can set your browser so that you are informed about the settings of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. You can regularly deactivate cookies via the 'Help' function of your Internet browser. If cookies are deactivated, the functionality and/or the full availability of this website may be restricted. For further cookie-specific setting and deactivation options, please see the individual explanations below for the specific cookies and associated functions/technologies used when you visit our website.

Some of the cookies that we use on our website are from third parties that help us analyse the effectiveness of our website content and the interests of our visitors, measure the performance of our website, or deliver tailored advertising and other content to our websites. As part of our website, we use both first-party cookies (only visible from the domain you are currently visiting) and third-party cookies (visible across domains and regularly set by third parties).

We use strictly necessary cookies if it is in our legitimate interests to do so (balanced with your rights). These are cookies where the storage of (or access to) information is essential rather than reasonably necessary. In particular, our legitimate interests lie in being able to provide you with a technically optimized, user-friendly and needs-based website and in guaranteeing the security of our systems. We use all other cookies with your consent. You can choose which cookies to consent to (apart from those which are strictly necessary) through our Privacy Preference Centre which is available to you through the cookie banner on our website. You can revoke consent that you have given us at any time, e.g. by deactivating the cookie-based tools/plugins listed in detail in the following overview. You can also object to processing based on legitimate interests by changing the appropriate settings.

Look-a-like marketing

We carry out marketing campaigns where we build an audience of potential customers based on our existing audience (often referred to as 'lookalike' marketing). In order to carry out this campaign, we share information such as your email address, mobile number and full name, what pages on our site you have spent time on, what products you have added to your cart and what products you have viewed, with third party platforms including Google, Meta and TikTok. This will enable the third party platforms to find individuals that may have similar interests and provide them with marketing about us. Individuals can object to this type of processing by contacting us at info@cesenfants.com.

7. Rating via Trustpilot

If you have given us your explicit consent to this during or after your order in accordance with Art.6 (1) (a) GDPR, we will transmit your email address to the Trustpilot rating platform of Trustpilot A/S, Pilestræde 58, 1112 Copenhagen K, Denmark (www.trustpilot.com), so that it sends you a rating reminder by email. 

You can revoke your consent at any time by sending a message to us or to the Trustpilot rating platform.

8. Your privacy rights vis-à-vis cesENFANTS

(1) Revocability of consent, Article 7 GDPR
In accordance with Article 7 (3) GDPR, you have the right to revoke any consent you have given us to process your data at any time without giving any reason. You may send your withdrawal notice in no particular format to the mailing address or email address shown at the beginning of this privacy policy. Withdrawal of the consent does not affect the legality of the data processed up to the withdrawal based on your consent (Article 7 paragraph 3 clause 2 GDPR). 

(2) Right of access to information, Article 1 GDPR
Pursuant to Article 15 paragraph 1 GDPR you have the right to know whether we process your personal data. If we do, you have a right to additional information (Article 15 paragraph 2 GDPR). 

(3) Right to rectification, erasure or restriction of processing, Article 16, 17 and 18 GDPR
Under Article 16 GDPR you have the right to demand the immediate rectification of inaccurate personal data and the completion of incomplete data, including by means of a supplementary statement.
In particular, pursuant to Article 17 GDPR you have the right to demand the erasure of personal data concerning yourself if the processing of your personal data is not or no longer permitted.

(4) Right to object, Article 1 GDPR
Under Art. 6 (1) (e) or (f) GDPR you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation; this applies also to any profiling based on these provisions. We will then no longer process your data unless we demonstrate compelling legitimate grounds for such processing which override your own interests, rights, and freedoms.
You may exercise the right to object at any time by contacting us via the contact options specified in the imprint. 

(5) Right to lodge a complaint with a supervisory authority, Article 77 GDPR

Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is unlawful. You may contact the supervisory authority in the Member State of your habitual residence, your place of work, or where the alleged infringement occurred.

For individuals in the United Kingdom, the relevant supervisory authority is the Information Commissioner’s Office (ICO). You can find more information on how to lodge a complaint on their website at https://ico.org.uk/make-a-complaint/.

For individuals located in the European Union, a list of supervisory authorities in each Member State is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

For questions about the collection, processing or use of your personal data, or for information about, correction, restriction, or erasure of data as well as the withdrawal of a consent granted by you or an objection to a particular data use, please contact us directly using the contact data in our imprint.

Status of the privacy and data security policy: 19 November, 2024