C'est Normal Production GmbH
We appreciate your interest in our website. The protection of your privacy is a particularly high priority for our business. For that reason we have taken technical and organizational measures to ensure that we as well as our partners and external service providers observe the rules of data protection. Nevertheless, we draw your attention to the fact that the transmission of data on the internet may involve security holes and cannot be fully protected from access by third parties.
We treat your personal data as confidential and in accordance with the statutory data protection regulations such as the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to our company.
§ 1 General Information
(2) The party responsible for this website for the purpose of data protection law (Art. 4 VII GDPR) is:
C'est Normal Production GmbH, represented by the shareholder Christian Goossens,
Leipziger Platz 10
10117 Berlin, Germany
(Link to imprint)
(3) If you contact us via e-mail or contact form, the data you provide (e-mail-address as well as name) will be used for the purpose of processing your request. We delete the data that is transferred in this context, if the storage is no longer necessary and if there are no further legal obligations such as statutory storage requirements. There is no transfer of this personal data to third parties. Legal basis is Art. 6 Para 1 lit. b. and f. GDPR.
(4) Since we rely on contracted service providers for individual functions of our offers, we inform you about these third-party components and explain which data they collect and control in the section below.
§ 2 Rights
(1) With regard to the data processing to be described in more detail below, you have the right
to information (Art. 15 GDPR),
to rectification or erasure (Art. 16, 17 GDPR),
to restriction of processing (Art. 18 GDPR),
to object to the processing (Art. 18, 21 GDPR),
to data portability (Art. 20 GDPR).
(2) You also have the right to complain to the data protection supervisory authority about the processing of your personal data.
§ 3 Objection or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke them at any time. Such revocation will affect the admissibility of the processing of your personal data after you have given it to us.
(2) If we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if, in particular, the processing is not required to fulfill a contract with you. This is described in each case in the following description of the functions. In the event of such disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.
(3) Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your advertising conflict under the following contact details:
§ 4 Information about the data processing
(1) In the case of a solely informative use of our website, i.e. if you do not provide us with information (for example, when contacting us via our contract form), we only collect the personal data your browser transmits to our servers. For technical reasons, especially to ensure a secure and stable website, these are the following data (so-called server log files):
the type and version of your browser,
the previous that linked to our website (referrer URL),
the webpages visited on our site,
the date and time of your visit,
as well as your IP address.
We do not draw any conclusions about you. This information is needed in order to deliver the content of our website correctly, optimize the content and advertisement of our website, ensure the long-term viability of our information technology systems and website technology, and provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber attack. The anonymous data of the server log files are stored separately from all personal data provided by you.
The legal basis for the collection of these data is Art. 6 Para. 1 lit. f. GDPR. The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes.
(3) Our website uses transient cookies and persistent. Transient cookies are automatically deleted when you close the browser. Transient cookies include session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can also delete cookies in the security settings of your browser at any time. In addition, you can configure your browser setting according to your wishes and decline the acceptance of third-party cookies or all cookies. We point out, that as a result, you may not be able to use all features of our website.
§ 5 Hosting
Within the framework of a processing on our behalf, a third party provider provides the services for hosting and displaying our website. All data collected as part of the use of this website will be processed on its servers. This service provider is located in a country outside the European Union, for which the European Commission has determined by decision an appropriate level of data protection.
§ 6 SSL-Encryption
To guarantee the security of your data during transmission, we use encryption techniques such as SSL or TLS. You can recognize an encrypted connection in your browser when your browser address changes to HTTPS and the lock icon is displayed in your browser's address bar.
§ 7 Features and other offers of our website
(1) In addition to the purely informational use of our website, we also provide you with special enterprise services. To do so, you will generally need to provide us with other personal information that we use to provide the service and for which the aforementioned data processing principles apply.
(2) We partly use external service providers to process your data. These external service providers have been selected carefully. They are bound to our instructions and regularly monitored.
(3) Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA), we inform you about the consequences of this circumstance in the description of the offer.
§ 8 Order processing
(1) Our online shop uses the platform Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5 ("Shopify"). Shopify provides an e-commerce platform, which allows us to sell our goods. If you place an order in our online-shop, you agree to the storage and processing of your personal data by Shopify. The data provided during the ordering process is stored on a secure server. If you are located in the European Economic Area (EEA) or Switzerland, your data will be processed and stored in Ireland through Shopify International Ltd.. However, Shopify notes that as part of a smooth service, data can also be transferred to other regions, including the US and Canada. Shopify strictly adheres to the agreement between the EU and the USA and the agreement between Switzerland and the USA for data collection and use (EU - US Privacy Shield Framework.
(2) The data you submit when ordering goods, will have to be processed to fulfill your order. Please note that orders cannot be processed without providing this data. The legal basis for this processing is Art. 6 Para. 1 lit. b. GDPR. After your order has been completed, your personal data will be deleted according to applicable legal regulations such as tax and commercial law.
(3) By using our online shop, you also agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (for more information please see section § 4; a session cookie is a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your local currency. Legal basis is Art. 6 Para 1 lit. b and f. GDPR.
(4) With the purpose of processing your order, we will first share your data with the shipping company responsible for delivery to the extent required to deliver your order and second with the payment service provider to the extent required to process your payment.
(5) If you wish to order goods in our online shop, it is necessary for the conclusion of the contract that you provide us with your personal data that we need for the processing of your order. Required entries are marked separately. We process the data provided by you to process your order. To complete the processe, we can also pass on your payment data to our house bank. The legal basis for this is Art. 6 Para 1 lit. b GDPR. We may also process the information to inform you about other interesting products from our portfolio or to send you an e-mail with technical information. Due to commercial and tax regulations, we are obliged to store your address, payment data and order data for a period of ten years.
(5) In order to prevent unauthorized access by third parties to your personal data, in particular to financial data, the order process is encrypted using TLS technology.
§ 9 Payment Service Provider
(1) At present, we use the external payment service called With Reach UK Ltd, which allow purchases on account or flexible installment payments. The payment service providers also offer other services, such as buyer protection and identity or creditworthiness checks. Legal basis is Art. 6 Para 1 lit. b and f. GDPR.
(2) Operating companies are
a. PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg
Payments are processed via PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards in case a user does not have a PayPal account. A PayPal account is managed via an e-mail address, that there are no classic account numbers. PayPal permits online payments to third parties and makes it possible to receive payments. PayPal also accepts trustee functions and offers buyer protection services.
b. With Reach UK Ltd, Fifth Floor Suite 23 63/66, Hatton, Garden London EC1N 8LE
(3) If you select one of the two payment service providers during the ordering process in our online shop as a payment option, your data will be automatically transmitted to the service provider. By selecting this payment option, you agree to the transfer of personal data required for payment processing.
Personal data processed by PayPal and Stripe include inventory data, such as your name, address, e-mail address, IP-address or bank details as well as other data necessary for payment processing. This information is required to complete the transactions and to perform an identification check. The data entered will only be processed and stored by PayPal and Stripe. We do not receive any information related to your account or credit card. The data may be transmitted to credit reporting agencies. The payment service providers may also collect and use data and information on your previous payment behavior as well as probability-values for your behavior in the future in order to decide on the reasoning, implementation or termination of a contractual relationship. The calculation of scoring is carried out on the basis of scientifically-recognized mathematical-statistical methods.
a. PayPal: https://www.paypal.com/at/webapps/mpp/ua/privacy-full?locale.x=en_AT
b. Stripe: https://stripe.com/privacy-center/legal
You have the possibility to revoke your consent for the handling of personal data at any time from PayPal and Stripe. A revocation will not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.
§ 10 Google Fonts
Our website uses Google Fonts to display external fonts. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). Through certification according to the EU-US Privacy Shield, Google guarantees that it will follow the EU's data protection regulations when processing data in the United States (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed. The legal basis is Art. 6 Para. 1 lit. f. GDPR. Our legitimate interest lies in the optimization and economic operation of our site.
When you access our website, a connection to Google is established from which Google can identify the site from which your request has been sent and to which IP address the fonts are being transmitted for display.
Google offers detailed information at https://adssettings.google.com/authenticated and https://policies.google.com/privacy
§ 11 Social Media
(1) We have integrated components of the service Instagram on our website. Instagram is a service, which allows us to share photos and videos. The operating company of the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, United States.
(2) The services are integrated by a Instagram-button on our Website. We do not use any plugins. By integrating buttons, linked graphics prevent Instagram from automatically establishing a connection to the Instagram server when you visit our website. Only if you click on the linked graphic, you will be forwarded to the service of Instagram. In this case information about the use of our website will be recorded by Instagram. This information may include your IP address, the date and time you visited our site, as well as the pages you viewed.
(3) If you are logged in to your Instagram account while clicking on the linked graphic, Instagram matches this information with your personal Instagram account and stores the personal data. To prevent this, you must either log out of your Instagram account before clicking the linked graphic or make the appropriate settings in your Instagram account.
(4) Further information and the applicable data protection provisions of Instagram may be retrieved under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
§ 12 YouTube
(1) We have also integrated YouTube on our website. YouTube is a video portal operated by YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA. YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. Through certification according to the EU-US Privacy Shield Google, as well as YouTube, guarantee that they will follow the EU's data protection regulations when processing data in the United States (please see: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
(2) We use YouTube in its advanced privacy mode to show you videos. According to YouTube, „advanced privacy mode“ means that the data specified below will only be transmitted to a YouTube server if you actually start a video. The connection to the YouTube Servers is required in order to be able to display the videos on our website within your browser. YouTube will record and process your IP address, the date and time the video was displayed, as well as the website you visited.
(3) If you are logged in to the YouTube platform while visiting our website, YouTube will assign the connection information to your YouTube account. To avoid this, you have either to log out before visiting our website or to take the appropriate settings in your YouTube account.
(4) For the purpose of functionality and analysis of usage behavior, YouTube permanently stores cookies on your device via your browser. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. For more information please see section § 4.
(1) With your consent, we give you the opportunity to subscribe to our newsletter, which informs you about our current offers. The advertised goods and services are namend in the declaration of consent. We therefore rely on the so-called „double opt-in“ process, in which you are sent, after you have registered, a confirm mail, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your data will be blocked and automatically deleted after a period of one month.
(2) If you register for our newsletter, the data requested from you for this purpose, i.e. your e-mail address and, optionally, your name, will be sent to us. In addition, we store your IP address and the time of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify possible misuse of your personal data.
We point out that we evaluate your user behavior. For this evaluation, the emails sent include so-called web beacons or tracking pixels. For the evaluations, we link the data mentioned in § 4 and the web beacons with your e-mail address and an individual ID. With the data obtained, we create a user profile to tailor the newsletter to your individual interests.
The legal basis for this is Art. 6 Para. 1 lit. a GDPR.
(3) You can revoke your consent to receive our newsletter at any time. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter. The information will be stored as long as you have subscribed to the newsletter. After your deregistration we will store the data purely statistically and anonymously. In general, tracking is not possible if you have turned off image display by default in your e-mail client. In this case the newsletter will not be displayed completely and you may not be able to use all features.
(5) The newsletter is sent out using ‘MailChimp’, a newsletter mailing platform operated by the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data requested, e.g. your e-mail address, stored on MailChimp’s servers in the USA. MailChimp uses this information to send and analyse the newsletters on our behalf. According to MailChimp, it may also use this data to optimise or improve its own services, e.g. to optimise the mailing technology and the visual appearance of the newsletters or for commercial purposes such as determining which countries the recipients are based in. However, MailChimp will not use your data to contact you directly, nor will it share this data with third parties.
Information regarding data processing pursuant to Art. 13 and 14 of the EU General Data Protection Regulation (GDPR)
The following information is intended to give you an overview regarding our processing of your personal data and your rights derived from the GDPR. The specific data processed and the purpose for which it is employed relate directly to the services offered and received. Data Privacy is important – we therefore kindly ask you to familiarize yourself with the Data Protection Information found below.
1. Name and contact details of the controller
The responsible controller is:
Christian Goossens for
C'est normal Production GmbH
Leipziger Platz 10
10117 Berlin, Germany
2. Purpose of and legal basis for precessing
We process personal data that we obtain from you in the context of our business relationship. We also process, insofar as necessary to provide our service, personal data that we obtain from publicly accessible sources (e.g. debt registers, commercial and association registers, press, internet) or that is legitimately transferred to us by other third parties (e.g. credit agencies).
Relevant data is personal information (e.g. name, address and other contact details, date and place of birth and nationality), identification data and authentication data (e.g. passport data). Furthermore this can also be order data (e.g. payment orders); data from the fulfillment of our contractual obligations (e.g. sales data in payment transactions); information about your financial situation (e.g. creditworthiness data); marketing and sales data, including advertising data; documentation data (e.g. consultation protocol) and other data similar to the categories mentioned.
In the context of our business relationship, you must provide all personal data that is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations or that we are legally obliged to collect. Without this data, we are, in principle, not in a position to close or execute a contract with you. So if you do not provide us with the necessary information, we cannot enter into or continue the business relationship you desire.
We solely process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Personal Data Act of Sweden („Ny Dataskyddslag“).
a. For the fulfilment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
The processing of personal data (as defined by Art. 4 No. 2 GDPR) takes place within the context of the completion of our contracts with you, or the carrying out of pre-contractual measures that occur as part of a request.
b. For compliance with a legal obligation (Art. 6 para 1 lit c GDPR)
The processing of personal data may be necessary owing to a diversity of legal obligations.
c. On the basis of your consent (Art. 6 para 1 lit. a GDPR)
As long as you have granted us consent to process your personal data for certain purposes, this processing is legal on the basis of your consent. You may withdraw your given consent at any time with effect for the future. This shall have no effect upon the legality of the data processed prior to this withdrawal.
d. Within the scope of the balancing of legitimate interests (Art. 6 para. 1 lit. f GDPR)
Where necessary, we will process your data beyond the actual fulfilment of the contract for the protection of the legitimate interests of our business or third parties. Examples in this regard include:
- the assertion of legal claims and their defence during litigation;
- the guaranteeing of the IT security and operation of our business;
- crime prevention and solution;
3. Recipient or categories of recipients of the personal data
Within our company, every unit that requires your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents appointed by us can also receive access to data for the purposes given, if they maintain confidentiality. These are companies in the categories of IT-services, logistics and payment. The basis for this is a order data processing agreement.
With regard to transferring data to recipients outside our business (third parties), we may pass on information about you only if legal provisions demand it or if you have given your consent. Under these requirements, recipients of personal data can be for example:
- public entities and institutions upon providing a legal or official obligation
- other companies to which we transfer your personal data in order to carry out a business relationship with you
Other recipients of data can be any units for which you have given us your consent to transfer data
4. Transmission of personal data to a third country
Your data is transmitted by means of a web-based application on the Internet. The confidentiality, integrity, authenticity and availability of the personal data can, as such, not be guaranteed. Your data can also be retrieved by means of the web-based application in third countries that do not observe any data protection regulations comparable with those of the European Union.
If it is necessary for the purpose of carrying your orders (e.g. payment orders) or if you have granted us your consent, we also transfer data to units in states outside the EU.
5. Storage period of the personal data
After your data has been collected by us, we will process and store your personal data as long as it is necessary in order to fulfill our contractual and statutory obligations.
If personal data is no longer required in order to fulfill contractual or statutory obligations, it is deleted, unless a further processing is required. Purposes can be the fulfilling of obligations to preserve records according to commercial and tax law.
6. Your rights
Pursuant to the European General Data Protection Regulation (GDPR), you have the right
a. to access according to Art. 15 GDPR;
b. to rectification according to Art. 16 GDPR;
c. to erase according to Art. 17 GDPR;
d. to data portability according to Art. 20 GDPR;
e. to restrict processing according to Art. 18 GDPR;
f. to object according to Art. 21 GDPR.
Furthermore there is also a right to lodge a complaint with an appropriate data privacy regulatory authority (Art. 77 GDPR).
To exercise your rights, please contact us via the contact details given in the imprint.
If you have consented to the processing of your data by us you may withdraw this consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of any data processing for which consent was given and which was carried out prior to the withdrawal of said consent.