Privacy Policy

Privacy Policy

We at Peace Finds will continue doing everything in our power to ensure sustainable and widespread transport and delivery of our products while also doing our part to slow the spread of the virus.

If you have any questions about your order, please don’t hesitate to contact our customer service team.

Privacy Policy

This Privacy Policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and its associated websites, functions and content, as well as external online presences such as our social media profiles (hereinafter collectively referred to as “online offering”).

With regard to the terminology used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the UK General Data Protection Regulation (UK GDPR).

Types of data processed:

– Inventory data (e.g. names, addresses)

– Contact data (e.g. email addresses, phone numbers)

– Content data (e.g. text entries, photographs, videos)

– Usage data (e.g. visited web pages, interest in content, access times)

– Meta/communication data (e.g. device information, IP addresses)

Categories of data subjects

Visitors and users of the online offering (hereinafter we refer to data subjects collectively as “users”).

Purpose of processing

– Providing the online offering, its functions and content

– Responding to contact enquiries and communicating with users

– Security measures

– Reach measurement/marketing

Key definitions

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and includes virtually any handling of data.

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person — in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A “processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal bases

In accordance with Article 13 of the UK GDPR, we inform you of the legal bases for our data processing. Unless a specific legal basis is mentioned in this Privacy Policy, the following applies:

– The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the UK GDPR.

– The legal basis for processing for the performance of our services and the execution of contractual measures, as well as for responding to enquiries, is Article 6(1)(b) of the UK GDPR.

– The legal basis for processing to fulfil our legal obligations is Article 6(1)(c) of the UK GDPR.

– The legal basis for processing to protect our legitimate interests is Article 6(1)(f) of the UK GDPR.

– Where the processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the UK GDPR applies.

Security Measures

In accordance with Article 32 of the UK GDPR, and taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and segregation of the data itself.

We have also established procedures to ensure the exercise of data subject rights, deletion of data, and response to data threats. Furthermore, we take the protection of personal data into account in the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Article 25 UK GDPR).

Cooperation with Processors and Third Parties

If, as part of our processing, we disclose data to other individuals and companies (such as processors or third parties), transmit it to them, or otherwise grant them access to the data, this is only done based on a legal permission (e.g. if the transfer of data to third parties, such as payment providers, is necessary for contract performance according to Article 6(1)(b) UK GDPR), if you have given your consent, if there is a legal obligation to do so, or based on our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called “data processing agreement”, this is done in accordance with Article 28 of the UK GDPR.

Transfers to Third Countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to third parties, this only takes place if it is necessary to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or based on our legitimate interests.

Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special conditions set out in Articles 44 et seq. of the UK GDPR are met. That means processing is carried out, for example, on the basis of special safeguards such as an officially recognised level of data protection equivalent to that of the UK (e.g. for the US through the “Privacy Shield”) or by complying with officially recognised special contractual obligations (so-called “Standard Contractual Clauses”).

Rights of Data Subjects

You have the right to request confirmation as to whether personal data concerning you is being processed and to obtain information about this data as well as further details and a copy of the data, in accordance with Article 15 UK GDPR.

In accordance with Article 16 UK GDPR, you have the right to request the rectification of inaccurate data concerning you, or to have incomplete data completed.

In accordance with Article 17 UK GDPR, you have the right to request the immediate deletion of relevant data, or alternatively, to request the restriction of processing under Article 18 UK GDPR.

You have the right, under Article 20 UK GDPR, to receive the data you have provided to us in a structured, commonly used and machine-readable format, and to request the transmission of that data to another controller.

Furthermore, under Article 77 UK GDPR, you have the right to lodge a complaint with the relevant supervisory authority.

Right to Withdraw Consent

You have the right to withdraw consent granted under Article 7(3) of the UK GDPR at any time with effect for the future.

Right to Object

You may object at any time to the future processing of data relating to you in accordance with Article 21 UK GDPR. In particular, you may object to the processing of your data for direct marketing purposes.

Cookies and the Right to Object to Direct Marketing

“Cookies” are small files that are stored on users’ devices. Various types of information can be stored within cookies. Their primary purpose is to store information about a user (or the device on which the cookie is stored) during and after their visit to an online service.

“Temporary cookies”, also known as “session cookies” or “transient cookies”, are deleted after a user leaves the website and closes their browser. For example, a shopping basket or login status may be stored in such a cookie.

“Permanent” or “persistent cookies” remain stored even after the browser is closed. This allows login statuses to be retained, for example, when users return to the site after several days. These cookies can also store user interests for reach analysis or marketing purposes.

“Third-party cookies” are cookies that are set by providers other than the operator of the online service. If only the operator’s own cookies are used, these are referred to as “first-party cookies”.

We may use both temporary and permanent cookies and explain this within the scope of our Privacy Policy.

If users do not wish cookies to be stored on their device, they are advised to disable the corresponding option in their browser system settings. Stored cookies can also be deleted in the browser’s system settings. Disabling cookies may limit the functionality of this website.

A general objection to the use of cookies used for online marketing purposes—especially tracking—can be declared via many providers, such as the US-based site: http://www.aboutads.info/choices/ or the EU-based site: http://www.youronlinechoices.com/.

You can also disable the storage of cookies through your browser settings. Please note, however, that this may prevent you from using all features of this website.

Deletion of Data

Data processed by us will be deleted or restricted in accordance with Articles 17 and 18 of the UK GDPR. Unless expressly stated otherwise in this Privacy Policy, data stored by us will be deleted as soon as it is no longer required for its intended purpose, provided there are no legal retention obligations that prevent deletion.

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means the data will be locked and not processed for any other purpose. This applies, for example, to data that must be retained for commercial or tax law reasons.

Under legal requirements in Germany, data must in particular be retained for 10 years pursuant to §§ 147(1) AO, 257(1) Nos. 1 and 4, and 257(4) HGB (e.g. books, records, management reports, accounting documents, commercial books, documents relevant for taxation, etc.), and for 6 years pursuant to § 257(1) Nos. 2 and 3, and § 257(4) HGB (e.g. commercial correspondence).

Under legal requirements in Austria, retention is generally required for 7 years pursuant to § 132(1) BAO (e.g. accounting documents, receipts/invoices, accounts, records, business papers, statement of income and expenditure, etc.), for 22 years in connection with property, and for 10 years for records related to electronically supplied services, telecommunications, broadcasting and television services provided to non-business customers in EU member states when the Mini-One-Stop-Shop (MOSS) scheme is used.

Business-Related Processing

Additionally, we process:

– Contract data (e.g. subject matter of the contract, duration, customer category)

– Payment data (e.g. bank details, payment history)

This processing applies to our customers, prospects, and business partners for the purpose of fulfilling contractual services, customer service and support, marketing, advertising, and market research.

Order Processing in the Online Shop and Customer Account

We process our customers’ data as part of order transactions in our online shop to enable them to select, order, pay for, and receive the chosen products or services.

The data processed includes inventory data, communication data, contract data, and payment data. The persons affected by this processing include our customers, interested parties, and other business partners. The processing is carried out for the purpose of providing contractual services in the operation of the online shop, invoicing, delivery, and customer service. We use session cookies to store shopping cart contents and persistent cookies to store login status.

Processing is carried out on the basis of Article 6(1)(b) UK GDPR (for fulfilling order processes) and Article 6(1)(c) UK GDPR (for legally required archiving). The information marked as required is necessary to establish and fulfil the contract. Data is only disclosed to third parties within the scope of delivery, payment, or legal permissions and obligations, such as to legal advisors or public authorities. Data is only processed in third countries if necessary for contract fulfilment (e.g. at the customer’s request for delivery or payment purposes).

Users may optionally create a user account, in which they can, in particular, view their orders. During registration, users are informed of the required mandatory information. User accounts are private and not indexed by search engines. If users cancel their account, the data related to the user account will be deleted unless it must be retained for commercial or tax-related reasons under Article 6(1)(c) UK GDPR. Information in the customer account remains until the account is deleted, followed by archiving where legally required. It is the user’s responsibility to back up their data before the end of the contract.

During registration, repeated logins, and use of our online services, we store the IP address and the time of each user action. This storage is based on our legitimate interests, as well as the user's interest, in protecting against misuse and unauthorised use. This data is not passed on to third parties unless it is necessary to enforce our legal claims or there is a legal obligation to do so under Article 6(1)(c) UK GDPR.

Data is deleted once the statutory warranty and similar obligations have expired. The necessity of retaining data is reviewed every three years. If subject to legal archiving obligations, data will be deleted after the retention period ends (commercial law: 6 years; tax law: 10 years).

External Payment Providers

We use external payment providers through whose platforms users and we can carry out payment transactions (e.g. with links to their privacy policies:

PayPal: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Klarna: https://www.klarna.com/uk/privacy/

Skrill: https://www.skrill.com/en/footer/privacy-policy/

Giropay: https://www.giropay.de/rechtliches/datenschutz-agb/

Visa: https://www.visa.co.uk/legal/privacy-policy.html

Mastercard: https://www.mastercard.co.uk/en-gb/about-mastercard/what-we-do/privacy.html

American Express: https://www.americanexpress.com/uk/legal/privacy-centre.html)

We use these payment providers to fulfil contracts, based on Article 6(1)(b) UK GDPR. Otherwise, we rely on our legitimate interests under Article 6(1)(f) UK GDPR to offer users effective and secure payment options.

The data processed by payment providers includes inventory data (e.g. name, address), bank data (e.g. account or credit card numbers), passwords, TANs, checksums, as well as contract, total and recipient-related details. This information is necessary to carry out the transactions.

The entered data is processed and stored solely by the payment providers. We do not receive account or credit card information — only confirmation or negative notice of the payment status.

In some cases, payment providers may forward data to credit reference agencies for identity and credit checks. Please refer to the general terms and privacy policies of each provider for more information.

For all payment-related transactions, the terms and conditions and privacy notices of the respective payment providers apply. These can be accessed via their websites or transaction platforms. We also refer you to these for further information and for asserting your right to withdraw, request information, or exercise any other data subject rights.

Online Presence on Social Media

We maintain online presences within social networks and platforms in order to communicate with customers, prospects and users who are active there and to inform them about our services.

Please note that user data may be processed outside the United Kingdom. This may pose risks for users, for example, by making it more difficult to enforce user rights. In the case of US providers certified under the Privacy Shield framework, we note that they are committed to complying with UK/EU data protection standards.

User data is typically processed for market research and advertising purposes. For example, usage profiles can be created based on user behaviour and interests. These profiles may be used to display advertisements that presumably match user interests — both within and outside the platforms. For this purpose, cookies are usually stored on users’ devices to record their behaviour and interests. Additionally, data may be stored in usage profiles across devices (particularly if users are members of the platforms and logged in).

The processing of users’ personal data is based on our legitimate interests in effectively informing users and communicating with them under Article 6(1)(f) UK GDPR. If users are asked by the respective providers to consent to data processing (e.g. by ticking a box or clicking a button), the legal basis for the processing is Article 6(1)(a) and Article 7 UK GDPR.

For detailed information on the respective processing activities and opt-out options, please refer to the privacy policies linked below.

For access requests and exercising user rights, we recommend contacting the providers directly. Only they have access to the user data and can take appropriate action or provide information. If you need assistance, feel free to contact us.

Facebook (Meta Platforms UK Ltd., 10 Brock Street, London, NW1 3FG, United Kingdom)
Privacy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads, http://www.youronlinechoices.com

Google / YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Privacy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

Instagram (Meta Platforms UK Ltd., 10 Brock Street, London, NW1 3FG, United Kingdom)
Privacy / Opt-Out: http://instagram.com/about/legal/privacy/

Twitter/X (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
Privacy: https://twitter.com/privacy
Opt-Out: https://twitter.com/personalization

Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA)
Privacy / Opt-Out: https://policy.pinterest.com/en/privacy-policy

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
Privacy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

XING (XING Ltd., 29–32 Dammtorstraße, London, EC1A 2BN, United Kingdom)
Privacy / Opt-Out: https://privacy.xing.com/en/privacy-policy

Wakelet (Wakelet Ltd., 76 Quay Street, Manchester, M3 4PR, United Kingdom)
Privacy / Opt-Out: https://wakelet.com/privacy.html

SoundCloud (SoundCloud Ltd., 20 Old Bailey, London, EC4M 7AN, United Kingdom)
Privacy / Opt-Out: https://soundcloud.com/pages/privacy

Integration of Third-Party Services and Content

Within our online offering, we use content or service offerings from third-party providers based on our legitimate interests (i.e. interest in analysis, optimisation and the efficient operation of our online offering in accordance with Article 6(1)(f) UK GDPR), in order to integrate their content and services such as videos or fonts (hereinafter referred to collectively as “content”).

This always requires that the third-party providers of this content perceive the users’ IP address, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for displaying such content. We make every effort to use only those contents whose providers use the IP address solely for delivering the content.

Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate visitor traffic on the pages of this website. The pseudonymised information may also be stored in cookies on users’ devices and may include technical information about the browser and operating system, referring websites, time of visit, as well as other details about the use of our online offering. It may also be linked with such information from other sources.

YouTube

We integrate videos from the platform “YouTube”, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Opt-Out: https://adssettings.google.com/authenticated

Google ReCaptcha

We use the function for detecting bots, e.g. when entering data into online forms (“ReCaptcha”), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Opt-Out: https://adssettings.google.com/authenticated

Use of Facebook Social Plugins

We use, based on our legitimate interests (i.e. interest in the analysis, optimisation, and efficient operation of our online offering as defined in Article 6(1)(f) UK GDPR), social plugins (“plugins”) from the social network Facebook, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

These plugins may include elements such as images, videos, text, or buttons that allow users to share content from our website on Facebook. A full list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/

Facebook is certified under the Privacy Shield framework, providing a guarantee of compliance with European data protection laws: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

When a user accesses a function of our website that includes a plugin, their device establishes a direct connection to Facebook’s servers. The plugin content is transmitted directly from Facebook to the user’s device and integrated into our website. Based on this interaction, usage profiles of users may be created. We have no control over the amount of data Facebook collects via this plugin and inform users to the best of our knowledge.

Through the integration of the plugin, Facebook receives information that a user has accessed the corresponding page of our website. If the user is logged into Facebook, Facebook can associate the visit with their Facebook account. If the user interacts with the plugin, for example by clicking the Like button or posting a comment, that information is transmitted directly from their device to Facebook and stored there.

Even if a user is not a Facebook member, Facebook may still collect and store their IP address. According to Facebook, only anonymised IP addresses are stored within the UK.

For details on the scope of data collection, further processing and use of the data by Facebook, as well as user rights and privacy settings, users can refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/

If a user is a Facebook member and does not want Facebook to collect data about them via our website and link it to their Facebook account, they must log out of Facebook and delete their cookies before using our website.

Additional settings and opt-outs for the use of data for advertising purposes can be managed in the Facebook profile settings:

https://www.facebook.com/settings?tab=ads, or via:

http://www.aboutads.info/choices/ (US site)

http://www.youronlinechoices.com/ (EU site)

These settings are platform-independent and will be applied across all devices, including desktop and mobile.

SMS Marketing and Notifications

We respect your privacy and the information you provide in connection with our SMS marketing service.

We use this information to send you text message notifications (regarding your order, including reminders about abandoned carts), text marketing offers, and transactional messages, including review requests.

Our website uses cookies to track the items you’ve added to your cart, even if you didn’t complete the checkout. This information is used to determine when we should send reminder messages via SMS.

Instagram

Within our online offering, functions and content from the service Instagram may be integrated, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

These may include elements such as images, videos, text, or buttons that allow users to share content from our website within Instagram. If users are members of the Instagram platform, Instagram may assign the viewing of the mentioned content and functions to the user's Instagram profile.

Instagram Privacy Policy: http://instagram.com/about/legal/privacy/