Privacy policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data is all data that can be used to identify you personally.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Ziad Limited
Flat 5, 4/F, Won Hing Building
74–78 Stanley Street
Central, Hong Kong
Email: support@kids-atelier.com

The controller responsible for the processing of personal data is the natural or legal person who alone, or jointly with others, determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 If you use our website purely for informational purposes, i.e., if you do not register or otherwise provide information to us, we only collect data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data which is technically necessary to display the website to you:

  • The website visited

  • Date and time of access

  • Amount of data transferred in bytes

  • Source/referrer from which you reached the page

  • Browser used

  • Operating system used

  • IP address (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2 This website uses SSL/TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

Shopify

For hosting our website and displaying page content, we use the services of the following provider:

Shopify International Limited
Victoria Buildings, 2nd Floor, 1–2 Haddington Road
Dublin 4, D04 XN32, Ireland (“Shopify”)

Data is also transferred to:
Shopify Inc.
150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files stored on your device. Some cookies are deleted automatically when you close your browser (“session cookies”), while others remain on your device for longer and allow us to save page settings (“persistent cookies”). In the latter case, you can find the storage period in the overview of cookie settings of your web browser.

If personal data is also processed through cookies used by us, processing is carried out in accordance with Art. 6(1)(b) GDPR for the performance of the contract, in accordance with Art. 6(1)(a) GDPR where consent has been given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the website visit.

You can configure your browser so that you are informed about the setting of cookies and can decide individually whether to accept them, or exclude the acceptance of cookies for certain cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) Contacting Us

5.1 Loox

For review reminders we use the services of the following provider:
Loox Online Ltd., Rehov Har Sinai 2, 6581602 Tel Aviv-Yafo, Israel

Only on the basis of your express consent pursuant to Art. 6(1)(a) GDPR, we will transfer your email address and, if applicable, other customer data to the provider so that they may contact you by email with a review reminder.

You may revoke your consent at any time with effect for the future, either to us or to the provider.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

5.2 WhatsApp Business

You can contact us via the WhatsApp messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the “Business” version of WhatsApp.

If you contact us via WhatsApp in connection with a specific transaction (e.g., an order you have placed), we store and use the mobile phone number you use on WhatsApp and—if provided—your first and last name in accordance with Art. 6(1)(b) GDPR to process and respond to your request. On the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address or email address) to assign your request to a specific transaction.

If you use our WhatsApp contact for general inquiries (e.g., about our services, availability, or our website), we store and use the mobile phone number you use on WhatsApp and—if provided—your first and last name in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in efficiently and promptly providing the requested information.

Your data will only be used to respond to your request via WhatsApp. Data will not be passed on to third parties.

Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transmits phone numbers stored in the address book to a server of its parent company Meta Platforms Inc.in the USA. For operating our WhatsApp Business account, we use a mobile device whose address book contains only WhatsApp contact data of users who have contacted us via WhatsApp.

This ensures that every person whose WhatsApp contact data is stored in our address book has already consented—by accepting WhatsApp’s terms of use upon first use of the app on their device—to the transmission of their WhatsApp phone number from the address books of their chat contacts pursuant to Art. 6(1)(a) GDPR. The transmission of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is excluded.

For the purpose and scope of data collection and the further processing and use of data by WhatsApp as well as your rights and settings options to protect your privacy, please refer to WhatsApp’s privacy policy.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

As part of the processing described above, data may be transferred to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider has joined the EU–US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

5.3 Contact via Contact Form or Email

When contacting us (e.g., via contact form or email), personal data is processed solely for the purpose of handling and responding to your request and only to the extent necessary for this purpose.

The legal basis is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your inquiry aims at concluding a contract, an additional legal basis is Art. 6(1)(b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter has been conclusively clarified, provided that no statutory retention obligations conflict with this.

6) Data Processing When Opening a Customer Account

Pursuant to Art. 6(1)(b) GDPR, personal data is collected and processed to the extent necessary when you provide it to us when opening a customer account. The required data for opening an account can be found in the input mask of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the controller’s address stated above. After deletion, your data will be deleted provided that all contracts concluded via the account have been fully processed, there are no statutory retention periods, and we have no legitimate interest in further storage.

7) Use of Customer Data for Direct Advertising

7.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for receiving the newsletter is your email address. Providing further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure to ensure that you only receive the newsletter after you have expressly confirmed your consent by clicking a verification link sent to the email address you provided.

By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6(1)(a) GDPR. We store the IP address registered by your internet service provider (ISP) as well as the date and time of registration to be able to trace possible misuse of your email address at a later point in time. The data collected when subscribing to the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller named above. After unsubscribing, your email address will be deleted from our distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this statement.

7.2 Newsletter to Existing Customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services to those you have already purchased. In accordance with § 7(3) UWG (Germany), no separate consent is required. Processing is based solely on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR. If you objected to the use of your email address for this purpose from the outset, we will not send such emails.

You may object to the use of your email address for advertising purposes at any time with effect for the future by notifying the controller named above. You will only incur transmission costs according to the basic tariffs. After receipt of your objection, the use of your email address for advertising will be stopped immediately.

7.3 Omnisend

Our email newsletters are sent via:
Soundest Ltd., Unit a3, Gateway Tower, 32 Western Gateway, London E16 1YL, England

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided when subscribing to the newsletter pursuant to Art. 6(1)(f) GDPR to this provider so that it can send the newsletter on our behalf.

Subject to your express consent pursuant to Art. 6(1)(a) GDPR, the provider also performs a statistical evaluation of newsletter campaigns using web beacons/tracking pixels in the emails sent, which can measure open rates and specific interactions. Device information (e.g., time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sources. You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

For data transfers to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

7.4 Email Notifications for Product Availability

For temporarily unavailable items, you can sign up for an email notification when the selected item becomes available. We will send you a one-time email about availability. The only mandatory information is your email address. Further information is voluntary and may be used to address you personally. We use a double opt-in procedure so you only receive notifications after you have confirmed your consent by clicking a verification link sent to your email address.

By activating the confirmation link, you give us consent pursuant to Art. 6(1)(a) GDPR. We store your ISP IP address and the date and time of registration to trace any misuse. The data collected is used strictly for the intended purpose.

You can unsubscribe from availability notifications at any time by notifying the controller named above. After unsubscribing, your email address will be deleted from the relevant distribution list immediately, unless you have expressly consented to further use of your data or we reserve legally permitted use beyond this, about which we inform you in this statement.

7.5 Cart Reminder Emails

If you abandon your purchase before completing the order, you may be reminded once by email of the contents of your virtual shopping cart.

The only mandatory information is your email address. Further data is voluntary and may be used to address you personally. We use a double opt-in procedure so that reminders are only sent after you have confirmed your consent by clicking the verification link sent to your email address.

By activating the confirmation link, you give us consent pursuant to Art. 6(1)(a) GDPR for sending the cart reminder. We store your ISP IP address and the date and time of registration to trace possible misuse. The data collected is used strictly for the intended purpose.

You can unsubscribe from cart reminders at any time by notifying the controller named above. After unsubscribing, your email address will be deleted from the relevant distribution list immediately, unless you have expressly consented to further use of your data or we reserve legally permitted use beyond this, about which we inform you in this statement.

8) Data Processing for Order Handling

8.1 Sending Image Files for Order Handling by Email

We offer customers the option to commission the personalization of products by sending image files by email. The submitted image motif is used as a template for the personalization of the selected product.

Using the email address provided on the website, customers can send one or more image files from the device used. We collect, store, and use the files exclusively for producing the personalized product as described on our website. If the transmitted files are passed on to specialized service providers for production and order fulfillment, you will be explicitly informed in the following sections. No further disclosure takes place.

If the files and/or digital motifs contain personal data (in particular images of identifiable persons), all processing described above is carried out exclusively for the purpose of fulfilling your online order pursuant to Art. 6(1)(b) GDPR.

After final completion of the order, the transmitted image files are automatically and completely deleted.

8.2 Sending Image Files for Order Handling via Messaging Function

If customers can commission product personalization by sending image files via a messaging function, the submitted image motif is used as a template for personalization.

Customers can send one or more image files from the device used via the available messaging function. We collect, store, and use the files exclusively for producing the personalized product as described in our service descriptions.

If the transmitted files are passed on to specialized service providers for production and order fulfillment, you will be explicitly informed in the following sections. No further disclosure takes place.

If the files and/or digital motifs contain personal data (in particular images of identifiable persons), all processing described above is carried out exclusively for the purpose of fulfilling your online order pursuant to Art. 6(1)(b) GDPR.

After final completion of the order, the transmitted image files are automatically and completely deleted.

8.3 Sending Image Files for Order Handling via Upload Function

We offer customers the option of commissioning product personalization by uploading image files. The uploaded image motif is used as a template for personalization.

Via the upload form, customers can transmit one or more image files from the device used directly to us via automated encrypted data transfer. We collect, store, and use the files exclusively for producing the personalized product as described on our website.

If the transmitted files are passed on to specialized service providers for production and order fulfillment, you will be explicitly informed in the following sections. No further disclosure takes place.

If the files and/or digital motifs contain personal data (in particular images of identifiable persons), all processing described above is carried out exclusively for the purpose of fulfilling your online order pursuant to Art. 6(1)(b) GDPR.

After final completion of the order, the transmitted image files are automatically and completely deleted.

8.4 Transfer to Shipping and Payment Providers

To the extent necessary for contract performance for delivery and payment purposes, the personal data we collect will be passed on pursuant to Art. 6(1)(b) GDPR to the commissioned transport company and the commissioned credit institution.

If, on the basis of a contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provided when ordering to inform you personally pursuant to Art. 6(1)(c) GDPR. Your contact data is used strictly for notifications about updates and only to the extent necessary.

We also work with the service provider(s) listed below who support us in fulfilling contracts. Certain personal data will be transferred to these service providers in accordance with the following information.

8.5 External Shipping Partners

To fulfill our contractual obligations, we work with external shipping partners. We pass on your name, delivery address, and—where necessary for delivery—your phone number exclusively for the purpose of delivering goods pursuant to Art. 6(1)(b) GDPR to a shipping partner selected by us.

8.6 DSers

We use the following provider for order processing:
Bowers Enterprises, LLC, 109 Cloister Drive, Peachtree City, GA 30269, USA

Name, address, and where applicable other personal data will be passed on pursuant to Art. 6(1)(b) GDPR for the purpose of processing online orders. The transfer only takes place insofar as it is actually necessary for processing the order.

The provider is also used for accounting purposes. It may process incoming and outgoing invoices and, if applicable, bank transactions to automatically record invoices, match them to transactions, and prepare bookkeeping in a partially automated process.

If personal data is processed in this context, processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in the efficient organization and documentation of our business operations.

For transfers to the USA, the provider relies on the European Commission’s Standard Contractual Clauses to ensure compliance with European data protection standards.

8.7 Disclosure of Personal Data to Shipping Service Providers

(Providers listed below are used as carriers. If you give consent in the checkout, your email address and/or phone number may be shared for delivery coordination/announcements; otherwise only name and delivery address are shared to the extent necessary.)

  • Deutsche Post

  • DHL

  • DHL Express

  • DHL Freight

  • DPD

  • DPD Austria

  • FedEx

  • General Overnight (GO!)

  • GLS

  • Hermes

  • Austrian Post

  • UPS

You can revoke your consent at any time with effect for the future, either to the controller named above or to the respective provider.

8.8 Use of Payment Service Providers (Payment Services)

The following payment methods/payment providers may be available on this website (depending on selection), and payment data (and order information) may be transferred to them pursuant to Art. 6(1)(b) GDPR insofar as this is necessary for payment processing:

  • EPS Bank Transfer

  • Klarna

  • Mollie

  • PayPal

  • PayPal Checkout (incl. local methods such as Apple Pay, Google Pay, iDEAL, bancontact, blik, eps, MyBank, Przelewy24, etc.)

  • Shopify Payments

  • SofortĂĽberweisung (Klarna)

  • Unzer / Payolution

Where a provider offers payment methods involving credit checks (e.g., invoice purchase, installments), personal data may be processed for creditworthiness assessment pursuant to Art. 6(1)(f) GDPR, as described in your original text. You may object to such processing at any time; however, the provider may still be entitled to process your personal data if required for contract-compliant payment processing.

8.9 Electronic Cancellation Option for Ongoing Consumer Contracts

Consumers who have entered into paid ongoing contractual obligations (e.g., subscription contracts) via this website have the option to cancel them via an electronic button in accordance with the applicable notice periods.

Clicking the button leads to a confirmation page where the consumer can provide further details about the cancellation, clearly identify themselves, and then submit the cancellation electronically.

The collection and transfer of personal data is carried out pursuant to Art. 6(1)(b) GDPR only insofar as necessary for proper processing of the cancellation. On the same legal basis, the provided personal data is used to confirm receipt of the cancellation declaration and the time of cancellation in text form. An additional legal basis is Art. 6(1)(c) GDPR, as we are legally obliged to provide an electronic cancellation option for certain online consumer contracts.

12) Rights of the Data Subject

12.1 Applicable data protection law grants you the following data subject rights vis-Ă -vis the controller regarding the processing of your personal data (rights of access and intervention), subject to the respective legal requirements:

  • Right of access pursuant to Art. 15 GDPR

  • Right to rectification pursuant to Art. 16 GDPR

  • Right to erasure pursuant to Art. 17 GDPR

  • Right to restriction of processing pursuant to Art. 18 GDPR

  • Right to be informed pursuant to Art. 19 GDPR

  • Right to data portability pursuant to Art. 20 GDPR

  • Right to withdraw consent pursuant to Art. 7(3) GDPR

  • Right to lodge a complaint pursuant to Art. 77 GDPR

12.2 RIGHT TO OBJECT

IF, ON THE BASIS OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING MAY TAKE PLACE IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and—where applicable—statutory retention periods (e.g., commercial and tax retention periods).

Where personal data is processed on the basis of your express consent pursuant to Art. 6(1)(a) GDPR, the data will be stored until you withdraw your consent.

Where statutory retention periods exist for data processed as part of contractual or quasi-contractual obligations pursuant to Art. 6(1)(b) GDPR, such data will be routinely deleted after the retention periods expire, provided it is no longer required for contract performance or contract initiation and there is no legitimate interest in continued storage.

Where personal data is processed on the basis of Art. 6(1)(f) GDPR, it will be stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Where personal data is processed for direct marketing on the basis of Art. 6(1)(f) GDPR, it will be stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in this policy for specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

If you want, paste the remaining sections you still need (e.g., 9) Retargeting/Remarketing, 10) Site functionalities, 11) Tools & other) and I’ll translate those too with the same company details.