Privacy Policy

Eva’s Boutique

1. General Information on Data Processing

We appreciate your visit to our website and your interest in Eva’s Boutique. Protecting your personal data is very important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you browse or make use of our website.

Personal data refers to any information that can be used to identify you personally, either directly or indirectly.

2. Data Controller

The data controller responsible for processing personal data on this website in accordance with the General Data Protection Regulation (GDPR) is:

Eva’s Boutique
Email: info@eva-boutique.online.com

The data controller determines the purposes and means of processing personal data.

3. Website Security

For security reasons and to protect the transmission of confidential content, our website uses SSL or TLS encryption. You can recognize a secure connection by “https://” in your browser’s address bar and the lock symbol.

We do not use automated decision-making or profiling that produces legal effects or significantly affects users within the meaning of Article 22 GDPR.

4. Data Collection When Visiting Our Website

When you browse our website without registering or submitting information, we automatically collect certain technical data that your browser transmits to our server (server log files). This may include:

  • Visited pages

  • Date and time of access

  • Volume of data transferred

  • Referring URL

  • Browser type and version

  • Operating system

  • IP address (anonymized where applicable)

This processing is carried out under Article 6(1)(f) GDPR based on our legitimate interest in ensuring website stability, security, and functionality. The data is not merged with other data sources and is only reviewed if unlawful use is suspected.

5. Cookies

Our website uses cookies to improve usability and enable specific features. Cookies are small text files stored on your device.

  • Session cookies are deleted automatically after your visit.

  • Persistent cookies remain on your device for a defined period to recognize your browser on future visits.

Some cookies are essential for website functionality, while others help improve user experience or analyze website performance.

If cookies process personal data, this is done under:

  • Article 6(1)(b) GDPR for contract-related functions, or

  • Article 6(1)(f) GDPR based on legitimate interest.

You can manage or disable cookies via your browser settings. Please note that disabling cookies may limit website functionality.

When you first visit our website, you will be asked to consent to non-essential cookies via a cookie banner. Preferences can be changed at any time.

6. Contacting Us

When you contact us via email or a contact form, personal data is collected solely to respond to your inquiry.

Legal basis:

  • Article 6(1)(f) GDPR (legitimate interest in communication)

  • Article 6(1)(b) GDPR if contact relates to a contract

Your data will be deleted once your request has been fully processed, unless legal retention obligations apply.

7. Customer Accounts and Contract Processing

When you open a customer account or place an order, we process your personal data to fulfill contractual obligations under Article 6(1)(b) GDPR.

You may request deletion of your customer account at any time by contacting us. After contract completion or account deletion, your data will be restricted and deleted after statutory retention periods unless further use is legally permitted or consented to.

8. Email Marketing

8.1 Newsletter Subscription

If you subscribe to our newsletter, we will send you promotional emails. Subscription requires a double opt-in confirmation.

We store your email address, IP address, and registration timestamp to prevent misuse.
Legal basis: Article 6(1)(a) GDPR (consent).

You may unsubscribe at any time via the link in the newsletter or by contacting us.

8.2 Marketing Emails to Existing Customers

If you have previously purchased from us, we may send promotional emails for similar products based on our legitimate interest (Article 6(1)(f) GDPR).

You can object to this at any time, and we will stop sending marketing emails immediately.

9. Order Processing and Payment Providers

To fulfill orders, we share necessary personal data with shipping and payment service providers under Article 6(1)(b) GDPR.

Payment Providers May Include:

  • PayPal

  • SOFORT / Klarna

These providers process payment data independently and may conduct credit checks where legally permitted. Please refer to their respective privacy policies for details.

10. Review Requests

With your explicit consent, we may send a one-time email requesting a review of your purchase.
Legal basis: Article 6(1)(a) GDPR.

Consent can be withdrawn at any time.

11. Social Media Plugins

Our website may include links to social media platforms such as Facebook and Instagram using privacy-friendly Shariff solutions. These links do not transmit data unless clicked.

Once you interact with a social media platform, their privacy policies apply.

12. Online Advertising & Analytics

We may use online marketing tools such as:

  • Google Ads

  • Google Analytics (with IP anonymization)

  • Facebook Pixel (with consent)

These tools help us analyze traffic and improve advertising relevance. Processing is based on consent (Article 6(1)(a)) or legitimate interest (Article 6(1)(f)).

You can opt out using browser settings or provider opt-out tools.

13. Rights of Data Subjects

You have the right to:

  • Access your data (Art. 15 GDPR)

  • Correct inaccurate data (Art. 16 GDPR)

  • Request deletion (Art. 17 GDPR)

  • Restrict processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Withdraw consent (Art. 7(3) GDPR)

  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

Right to Object

You may object to data processing based on legitimate interest at any time. If the objection concerns direct marketing, processing will stop immediately.

14. Data Retention

Personal data is stored only as long as required by legal obligations or for contract fulfillment. Once retention periods expire, data is securely deleted.

15. Contact

For questions regarding this Privacy Policy or your personal data, please contact:

Eva’s Boutique
📧 info@eva-boutique.online