The protection of your privacy when processing personal data is an important concern for us. This Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum to make sure you understand the information we collect, why we, mosssa minimal, collect it, how it is used and your choices regarding your information.
To keep our Privacy as Simple as possible we will need to explain the following to concepts before we continue.
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
Relevant legal basis
When you use one of our services on www.mossaminimal.com, we generally only collect the data that is necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial objectives.
Automatically stored data
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- complete IP address of the requesting computer
- amount of data transferred
This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data.
After seven days at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymised form for statistical purposes; it is not compared with other data or passed on to third parties, even in extracts. Only within the framework of our server statistics, which we publish every two years in our activity report, is a presentation of the number of page views made.
When you visit our website, we may store information on your computer or device in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard disk. Only the internet protocol address is stored, no personal data.
Analytics and Tracking
When you place an order, Shopify also stores all order-related data that you enter and that is required for the fulfilment of the order. For more detailed information, please contact Shopify directly.
The information generated by these cookies, such as the time, place and frequency of your web site visit, including your IP address, is transmitted to Google in the USA and stored there. We use Google Analytics with the addition "_gat._anonymizeIp" on our website. In this case, your IP address will already be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thus anonymised.
Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
If you visit our site via a mobile device (smartphone or tablet), you must click this link instead to prevent tracking by Google Analytics within this website in the future. This is also possible as an alternative to the above browser add-on. By clicking the link, an opt-out cookie will be set in your browser that is only valid for this browser and domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted, so you will have to click the link again.
If you have consented to your web and app browsing history being linked to your Google Account by Google and to information from your Google Account being used to personalise ads, Google will use your data together with Google Analytics data to create targeting lists for cross-device re-marketing. To do this, Google Analytics first collects your Google-authenticated ID on our website, which is linked to your Google Account (i.e. personal data). Google Analytics will then temporarily link your ID to your Google Analytics data in order to optimise our targeting.
If you do not agree to this, you can turn this off by making the appropriate settings in the "My Account" section of your Google account.
This web site uses the re-marketing function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). The function is used to present website visitors with interest-based advertisements within the Google advertising network. The technology enables us to serve automatically generated, targeted advertisements after your visit to our website. The ads are based on the products and services you clicked on the last time you visited our website. For this purpose, a so-called "cookie" is stored in the web site visitor's browser, which makes it possible to recognise the visitor when he or she visits web sites that belong to Google's advertising network. Cookies are small text files that are stored in your browser when you visit our website. Google usually stores information such as your web request, IP address, browser type, browser language, date and time of your request. This information is used to associate the web browser with a specific computer. On the pages of the Google advertising network, the visitor may then be presented with advertisements that relate to content that the visitor has previously accessed on web sites that use Google's re marketing function.
Facebook Custom Audiences Pixels
In order to present interest-based advertisements to visitors to our web site during their visit to Facebook, we use "Custom Audiences Pixels" from Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). For this purpose, we have implemented a Facebook pixel on our website, which establishes a direct connection to the Facebook servers when you visit our web site.
Plug-ins and API interfaces of the social network Instagram are inserted on our web site. You can recognise the Instagram plug-in by the "Instagram button" on our web site. If you click the Instagram button while logged into your Instagram account, content from our pages can be linked on your Instagram profile. This allows Instagram to associate your visit to our pages with your user account. We expressly point out that we, as the operator of this site, have no knowledge of the content of the transmitted data or its use by Instagram.
Our website uses the conversion tracking technology of the social network Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland), which enables us to display relevant advertisements and offers on Pinterest to our web site visitors who have already taken an interest in our website and our content/offers and are Pinterest members. For this purpose, a so-called conversion tracking pixel from Pinterest is integrated on our pages, via which Pinterest is informed when you visit our website that you have called up our website and in which parts of our offer you were interested. For example, if you were interested in our subscriptions on our website, you may be shown an ad on Pinterest about our subscriptions.
You can object to the collection of data for the display of interest-based advertising on Pinterest at any time in your account settings on Pinterest, deactivate the button "Use info from our partners to better tailor recommendations and ads on Pinterest to you").
Facebook Custom Audience
Remarketing tags of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. These serve statistical and market research purposes. With the help of the data obtained, we can design our Facebook activities more effectively and, for example, display posts or advertisements only for visitors to our website. When you visit our pages, a direct connection is established between your browser and the Facebook server via the remarketing tags. Facebook thereby receives the information that you have visited our site with your IP address. This enables Facebook to assign the visit to our pages to your user account. We can use the information obtained in this way to display Facebook Ads.
Opt-out/opposition: If you do not want any data to be collected via Custom Audience, you can deactivate Custom Audiences globally in the Facebook settings.
Note: Please note that the information is stored depending on the browser used and you must call up the function separately for the mobile and stationary website.
We use the marketing and remarketing services (Google marketing services for short) of Google.The Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. For example, if users are shown ads for products they were interested in on other web sites, this is called "remarketing". For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the web site. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies).
The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web sites the user has visited, which content he or she is interested in and which offers he or she has clicked on, as well as technical information on the browser and operating system, referring web sites, time of visit and other information on the use of the website. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened and only in exceptional cases is transmitted in full to a Google server and shortened there. The IP address is not merged with the user's data within other Google offerings. This aforementioned information may also be combined with such information from other sources. If the user subsequently visits other web sites, he or she may be shown ads tailored to his or her interests.
The user's data is processed pseudonymouzly as part of Google's marketing services. This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. I.e. from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected by "DoubleClick" about users is transmitted to Google and stored on Google's servers.
The Google marketing services we use include the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
Another Google marketing service used by us is the "Google Tag Manager", with the help of which further Google analysis and marketing services can be integrated into our website (e.g. "AdWords", "DoubleClick" or "Google Analytics").
Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offering). The tag manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users' personal data, please refer to the following information on Google services.
For more information on the use of data for marketing purposes by Google, please visit the overview page: https://www.google.com/policies/technologies/ads.
If you wish to object to the collection of data by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
Image galleries from the Flickr website of Yahoo! Inc., 701 First Avenue, Sunnyvale, CA 94089, USA, are integrated into our web sites. When merely calling up a page of our website with an integrated Flickr gallery, no connection to the Yahoo servers is established, not even when browsing the gallery. Such a connection, which enables the provider to collect data on page visits (IP address, surfing behaviour), is only established after the user has clicked on the preview image.
Klaviyo e-mail systems
On our website we offer you the possibility to subscribe to our newsletter. With this newsletter we inform you about our offers at regular intervals. In order to receive our newsletter, you need a valid e-mail address. We will check the e-mail address you have entered to ensure that you are indeed the owner of the e-mail address provided or that the owner is authorised to receive the newsletter. When you register for our newsletter, we will save your IP address and the date and time of your registration. This serves as a safeguard for us in the event that a third party misuses your e-mail address and subscribes to our newsletter without your knowledge. No other data is collected on our part. The data collected in this way is used exclusively for the purpose of receiving our newsletter. It is not passed on to third parties. The data collected in this way is also not compared with data that may be collected by other components of our site. You can cancel your subscription to this newsletter at any time. Details of this can be found in the confirmation email and in each individual newsletter.
Newsletter dispatch via Klaviyo
We use the tool Klaviyo to send our newsletter. Klaviyo is a service provided by Klaviyo Inc, Boston, USA. Your data stored during newsletter registration (e-mail address, name if applicable, IP address, date and time of your registration) is transferred to a server of Klaviyo Inc. in the USA and stored there. You can cancel or revoke your subscription to this newsletter and thus your consent to the storage of your data at any time for the future. Details of this can be found in the confirmation email and in each individual newsletter.
Data Directly Collected
For each customer who registers, we set up password-protected direct access to his or her inventory data stored with us (customer account). Here you can view data about your completed, open and recently shipped orders and manage your address data, bank details and newsletter. You undertake to treat the personal access data confidentially and not to make it accessible to any unauthorised third party. We cannot accept any liability for misused passwords unless we are responsible for the misuse.
Hosting of the shop system
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the adequate level of data protection is guaranteed by adequacy decision of the European Commission. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc.
Further processing on servers other than the aforementioned servers of Shopify only takes place within the framework communicated below.
Payment in the online shop
For payment processing in our online shop, we use payment service providers to whom you provide your data directly. The payment providers will inform you about the processing of the data themselves.
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment processing is carried out via the technical service provider
We also offer payment via Paypal, a service provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you select PayPal for payment processing, we will transmit the e-mail address you provided to us during the ordering process in order to complete your order. The subsequent payment process takes place exclusively via PayPal, without us having any further possibility to influence it. PayPal will inform you separately about the collection, processing and storage of your data. The transfer to PayPal is justified on the basis of Art. 6 para. 1 lit. b) GDPR.
If you choose the payment method " Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the source website, which is used to verify a payment that has been made. This transaction number does not contain any information about the real payment data of your payment means deposited with Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment deposited with Google Pay.
Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b of the GDPR.
Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description provided by the merchant of the goods or services purchased, photos you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description for the reason for the transaction and, where applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 para.1 lit. f GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data and optimisation and functional maintenance of the Google Pay service. Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.
If you contact us using the e-mail address provided on our website, you must at least provide us with your e-mail address and, if applicable, other information that you disclose in your e-mail. In order for us to process your request, we need to process this data. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the purpose just mentioned. We store your e-mails and contacts for as long as it is necessary to process your request and then store them for a period of 3 years in case you contact us again with reference to your original question.
Use of special service providers for order processing, handling and invoicing
Shipping is carried out via the shipping portal "Packlink" (Packlink Shipping S.L., Calle Amaltea 9, 28045 Madrid, Spain). In accordance with Art. 6 Para. 1 lit. b GDPR, we pass on your data to Packlink exclusively for the purpose of processing your online order. Data will only be passed on if this is actually necessary for the processing.
Sending Invoices is carried out via the “Simplio App” (Simple Invoice for Shopify Rue de l'Industrie - 42 - Nijverheidsstraat 1050 Brabant - Brussels - Belgium). In accordance with Art. 6 Para. 1 lit. b GDPR, we pass on your data to Simplio exclusively for the purpose of processing your invoice. Data will only be passed on if this is actually necessary for the processing.
Use of affiliate programmes (Goaffpro)
Only the information about when a particular advertising medium was clicked on by an end device is stored. In particular, an individual sequence of numbers is stored, which cannot be assigned to the individual user, with which the partner programme of an advertiser, the publisher and the time of the user's action (click or view) are documented. Our affiliates also collect information about the end device from which a transaction is carried out, e.g. the operating system and the calling browser. If the information should also contain personal data, the processing is based on our legitimate interest.
Obligation to retain documents
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract.
We are also obliged by law to retain certain documents for auditing and verification purposes. This mainly concerns information in connection with the purchase of products, but may also concern, for example, messages from you if you assert claims against us. We therefore process the personal data contained in these documents in order to fulfil this retention obligation (Art. 6 para. 1 lit. c) GDPR).
We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorised access. All our employees and service providers working for us are bound by applicable data protection laws.
TLS encryption with https
We use https to transmit data in a tap-proof manner on the Internet (data protection by technical design Article 25(1) of the GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognise the use of this data transmission protection by the small lock symbol at the top left of the browser and the use of the https scheme (instead of http) as part of our internet address.
When do we disclose your Personal Data?
We may share your information with organizations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our online offer and our services. If you wish to learn more about how the relevant provider process your personal data, please follow the link embedded in the above-mentioned providers name.
Typically, and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations, in accordance with Art. 6 para. 1 lit. b) GDPR. Equally, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g., when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively). If we commission third parties to process data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.
In relation to meta data obtained about you, we may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimization of our website which is subject to our Cookies Policy.
We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation, or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website, and its users.
The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc. are published by the social media website and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media website and communicate with you via the social media website. The legal basis is our legitimate interest. The data processing is carried out in the interest of our public relations and communication.
If you wish to object to certain data processing over which we have an influence, please contact us. We will then examine your objection. If you send us a request on the social media website, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You always have the option of sending us confidential enquiries to our address stated in the imprint.
As already stated, where the social media website provider gives us the opportunity, we take care to design our social media pages to be as data protection compliant as possible. With regard to statistics that the provider of the social media website makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.
Data processing by the operator of the social media website
The operator of the social media website uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media website. As already explained, we can unfortunately hardly influence the web tracking methods of the social media website. We cannot, for example, switch this off.
Please be aware: It cannot be ruled out that the provider of the social media website uses your profile and behavioural data, for example to evaluate your habits, personal relationships, preferences, etc. We have no influence on this. In this respect, we have no influence on the processing of your data by the provider of the social media website.
Our social media pages
Data subject rights
You have a right to information, correction, deletion, or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
Right to information:
You can request information from us as to whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure:
You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restriction of processing:
You may request us to restrict the processing of your data if you dispute the accuracy of the data, for a period of time that allows us to verify the accuracy of the data, the processing of the data is unlawful, but you object to erasure and request restriction of data use instead, we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or you have objected to the processing of the data.
Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and this processing is carried out with the aid of automated procedures. If technically feasible, you may request us to transfer your data directly to another controller.
Right to object:
If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right of complaint:
If you are of the opinion that we violate Spanish or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
All interested parties and visitors to our website can contact us on data protection issues at:mossa minimal
Sant Marti de L’erm 5 1-3
08970 Sant Joan Despí