The protection of your data is very important to us! Therefore we follow the legal regulations for data protection (DSGVO) and do everything possible to protect your data. The responsible person in terms of the Data Protection Basic Regulation and other national data protection laws of the member states of the European Union (EU) and other data protection regulations is:
Frankfurter Straße 87 (Gebäude 13),
T: +49 (0)931 809 97 77 9
1. Explanation of terms
We have designed our data protection declaration according to the principles of clarity and transparency. However, if there are any ambiguities regarding the use of different terms, the corresponding definitions can be viewed by you at https://dsgvo-gesetz.de/art-4-dsgvo/.
2. Rechtsgrundlage für die Verarbeitung von personenbezogenen Daten
We process your personal data such as your name and first name, your e-mail address and IP address etc. only if there is a legal basis for this. According to the basic data protection regulation, the following regulations in particular come into consideration here:
- 6 Abs. 1 S. 1 lit. a DSGVO: The data subject has given his/her consent to the processing of personal data relating to him/her for one or more specific purposes.
- 6 Abs. 1 S. 1 lit. b DSGVO:The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.
- 6 Abs. 1 S. 1 lit. c DSGVO:The processing is necessary to fulfil a legal obligation to which the controller is subject.
- 6 Abs. 1 S. 1 lit. d DSGVO:The processing is necessary in order to protect the vital interests of the data subject or of another natural person.
- 6 Abs. 1 S. 1 lit. e DSGVO:The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
However, we would like to point out once again at the respective points of this data protection declaration on which legal basis the processing of your personal data takes place.
3. Transmission of personal data
The passing on of personal data is also processing in the sense of the preceding paragraph 3, but we would like to inform you here again separately about the subject of passing on personal data to third parties. The protection of your personal data is very important to us. For this reason we are particularly careful when it comes to passing on your data to third parties.
A transfer to third parties will therefore only take place if there is a legal basis for the processing. For example, we pass on personal data to persons or companies who work for us as contract processors in accordance with Art. 28 DSGVO. A processor is anyone who processes personal data on our behalf – i.e. in particular in an instruction and control relationship with us.
In accordance with the DSGVO, we enter into a contract with each of our processors to require them to comply with data protection regulations and thus provide comprehensive protection for your data.
4. Storage duration and deleting
Your personal data will be deleted by us if they are no longer necessary for the purposes for which they were collected or otherwise processed, if the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
5. SSL encryption
This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
6. Collection and storage of personal data and their type and purpose of use
6.1. When visiting the website
When you visit our website, information is automatically sent to the server of our website by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
6.2. Legal contract
6.2.1 Conclusion of contract
Within the framework of the establishment of the contractual relationship, only the personal data that is absolutely necessary for the execution of the contract will be processed in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO. If you provide additional voluntary details, these will only be processed on the basis of the consent you have given us in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO. We use this voluntary information to offer a customer-friendly service and to constantly improve it.
6.2.2 Customer account
You have the possibility to create a customer account with us. For this purpose, in addition to your personal data for contract processing, your other voluntary details as well as the purchases you have made with us in the past will be stored and processed. You can call these up at any time and thus get an overview of your purchases made with us. This data is used to enable you to simply log in with your login data the next time you shop with us. It should also help you to control your purchasing activities. The legal basis is based on the consent you have given us in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO.
You have the possibility to change or delete your data in the customer account at any time and to delete the account as a whole. If you make use of this function, your customer account with all the data it contains will be deleted immediately.
6.2.3 Passing on data for dispatch
The data necessary for the dispatch of our goods (first name and surname, address, e-mail address, telephone number if required due to the goods being shipped) will be passed on to the corresponding shipping service provider for notification/coordination of the delivery of the goods and for the delivery of the goods. The legal basis for the passing on of data results from Art. 6 para. 1 sentence 1 lit. b DSGVO. In this context, we pass on your data to one of the following shipping service providers. You will then receive further information on the processing of your data from them:
- DHL: DHL Paket GmbH, Sträßchensweg 10, postcode/place: 53113 Bonn, telephone: +49/ (0) 228/ 18 20, e-mail: firstname.lastname@example.org. More about this under: https://www.dhl.de/de/toolbar/footer/datenschutz.html
- UPS: United Parcel Service Deutschland S.à r.l. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany, phone: 01806-882-663. more information https://www.ups.com/de/de/help-center/legal-terms-conditions/privacy-notice.page
6.2.4 Data transfer when using online payment service providers
Should you decide to pay with one of the online payment service providers offered by us during the ordering process, your contact data will be transmitted to this service provider during the order process. The lawfulness of the transmission of the data results from art. 6 para. 1 sentence 1 lit. b DSGVO, for the execution of the payment method chosen by you as well as our legitimate interests according to art. 6 para. 1 sentence 1 lit. f DSGVO to enable a user-friendly and uncomplicated payment processing.
The personal data transmitted to the online payment service provider is usually first name, last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order, such as number of items, item number, invoice amount and taxes in percent, billing information, etc. This transmission is necessary to process your order with the payment method you have chosen, in particular to confirm your identity, to administer your payment and the customer relationship.
Important for you: Personal data may also be passed on by the online payment service provider to service providers, subcontractors or other associated companies if this is necessary to fulfil the contractual obligations arising from your order or if the personal data are to be processed on behalf of the company.
Depending on the selected payment method, e.g. Shopify Pay, the personal data transmitted to the provider is transmitted by the provider to credit reference agencies, e.g. Schufa. This transmission is used to check your identity and creditworthiness with regard to the order you have placed. Which credit agencies are involved and which data are generally collected, processed, stored and passed on by the respective provider can be found in the respective data protection declarations of the providers:
- Shopify Pay: Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. More information can be found at https://www.shopify.de/legal/datenschutz. Additional information on Shopify’s DSGVO-compliant data protection can be found at . You can get help and information on this at email@example.com
- PayPal: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. For more information, see https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Amazon Pay: Amazon Payments Europe s.c.a., and secondarily by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three of which are located at 5, Rue Plaetis L 2338 Luxembourg (hereinafter “Amazon Payments”). Further information on data protection law, including information on the credit reference agencies used, can be found in the Amazon Payments data protection declaration: https://pay.amazon.com/de/help/201751600
- Google Pay: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Read more about it: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
- Apple Pay: Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014 For more information, see https://www.apple.com/legal/privacy/de-ww/
6.3.1 Newsletter content and registration data
We will only send you a newsletter if you have ordered it from us and have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO. The contents of the newsletter are described in detail when you register for the newsletter. To register for the newsletter, it is sufficient to enter your e-mail address. If you provide further voluntary information such as your name, this will be used exclusively for the personalisation of the newsletter addressed to you.
6.3.2 Double-Opt-In and Logging
For security reasons, we use the so-called Double-Opt-In procedure for the registration to our newsletters, so that nobody can register with foreign e-mail addresses. After you have registered for our newsletters, you will receive an e-mail with the request to confirm your registration. Your registration will only become effective with the confirmation.
Furthermore, your registration to the newsletter is logged. The logging includes the storage of the time of registration and confirmation, your given data and your IP address. If you make changes to your data, these changes are also logged.
If you no longer wish to receive our newsletter, you can withdraw your consent at any time for the future. To do so, you can click on the unsubscribe link at the end of each newsletter or send us an e-mail to the following address: firstname.lastname@example.org. The revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until the revocation.
6.3.4 Use of “MailChimp”
We send our newsletter using the newsletter service “MailChimp” offered by the Rocket Science Group, LLC (675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA). The e-mail addresses of our newsletter recipients and also their other data described in this notice are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore MailChimp may use this data according to its own information to optimize or improve its own services, e.g. for technical optimization of sending and presentation of the newsletters or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them or pass them on to third parties.
6.3.5 Statistical surveys and analyses
The newsletters sent via MailChimp contain a so-called “web-beacon”, i.e. a pixel-sized file which is retrieved from the server of MailChimp when the newsletter is opened. In the context of this retrieval, the following technical information is first collected:
- Information about the browser
- information about your system
- iYour IP address
- Time of the call
This information is used to improve the services based on technical data, target groups and their reading behaviour, the locations of their requests (which can be determined using the IP address) and access times. Statistical surveys also include determining whether and when the newsletters are opened and which links in the newsletter are clicked. For technical reasons this information can be assigned to individual newsletter recipients, but it is neither our nor MailChimp’s intention to observe individual users. The evaluations serve us much more to recognize the reading habits of our users, such as preferred reading times, and to adapt our contents to them or to send different contents according to the interests of our users.
The use of the newsletter service MailChimp, the execution of the statistical surveys and analyses as well as the logging of the registration procedure are based on our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DSGVO. We are interested in the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users.
6.4. E-mail contact
If you send us your e-mail using the e-mail address provided on our website, in this case we will store and process your e-mail address and the information you provided in the e-mail in accordance with Art. 6 Para. 1 sentence 1 lit. b and f DSGVO for the purpose of processing your message. The enquiries as well as the associated data will be deleted at the latest 3 months after receipt, unless they are required for a further contractual relationship.
6.5. Google Fonts
We use Google Fonts on our Internet pages. This enables us to display fonts. Google Fonts is a service of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The integration of these Web Fonts is done by a server call, usually a Google server in the USA. Through this, the following may be transmitted to the server and stored by Google:
- name and version of the browser used
- Webpage from which the request was initiated (referrer URL)
- Your computer’s operating system
- screen resolution of your computer
- IP address of requesting computer
- language settings of the browser or operating system the user is using
6.6. Google Maps
Our website uses the Google Maps API. By using Google Maps, information about your use of this website (including your IP address) may be transmitted to a Google server (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) in the USA and stored there.
Google may transfer the information obtained through Maps to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. However, your IP address will under no circumstances be linked to other Google data. Nevertheless, we must point out that it is technically quite possible that Google could identify individual users on the basis of the data received.
The use of Google Maps is a service for you, so that you can identify sales locations, local promotions or our location exactly and plan your visit better if necessary. The use of Google Maps is therefore based on our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.
Most browsers automatically accept cookies based on the browser default settings. However, you can configure your browser so that either no cookies are stored on your terminal device at all or at least a message is displayed before a new cookie is stored. If you completely disable the cookie function in your browser, you may not be able to use all the functions of our website. In the following we explain the different types of cookies we use.
In order to make your use of our services more convenient, we use so-called session cookies to recognize that you have already visited individual pages of our website. These session cookies are automatically deleted after leaving our site.
7.2. Temporary Cookies
7.3. Cookies for marketing and optimization purposes
8. Analysis and tracking tools
We use the following analysis and tracking tools on our website. These serve to ensure the continuous optimization of our website and to design it according to your needs. These interests are to be regarded as justified in the sense of Art. 6 Para. 1 S. 1 lit. f DSGVO. The respective data processing purposes and data categories can be found in the corresponding tools.
8.1. Google Analytics
On our website we use Google Analytics, a web analysis service of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”).
8.2. Google Remarketing
We use the remarketing feature of Google Analytics to target advertising campaigns – including Google AdWords campaigns – to visitors to our website. These campaigns are based on your previous visits to our website and present you with relevant advertisements when you visit other websites in the Google Display Network.
The DoubleClick cookie enables Google to serve ads to ourselves and other third parties based on the interests identified from your previous visits to our website and/or other websites. These ads may be displayed on Google’s and/or other Google advertising network websites. We also use the Google Analytics advertising features to analyze the effectiveness of our own advertising campaigns.
You can customize your Google ad settings and opt-out of interest-based ads from Google. In this case, the DoubleClick cookie ID (which is unique to each cookie) will be overwritten and cannot be associated with a particular browser.
If you delete all cookies from your device, a new DoubleClick cookie may be placed. You may then need to renew your opt-out settings. You can permanently disable the DoubleClick cookie by clicking here: http://www.google.com/settings/ads/plugin downloading and installing the appropriate browser plugin. You can disable the use of third-party cookies for the purpose of online advertising on the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.
If you have opted to have Google link your web and app browsing history to your Google Account and use information from your Google Account to personalize ads, Google will use information about you, along with Google Analytics data, to create target audience lists for cross-device remarketing. To do this, Google Analytics first collects Google-authenticated IDs associated with your Google Account for you as a user on our website. Google Analytics then temporarily links these IDs to Google Analytics data to optimize our audience.
8.3. Google AdWords
We use on our website with Google AdWords an online advertising program of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Conversion tracking is also used. With this tool Google AdWords sets a cookie on your device when you come to our website via a Google ad.
The cookie is no longer valid after 30 days. It is not for personal traceability. If you visit our website as a user and the cookie is still working, we and Google will recognize that you clicked on the ad and were forwarded to our site. Each Google AdWords customer is assigned a different cookie. Cookies are not trackable on the websites of our AdWords customers.
Conversion statistics for AdWords advertisers are generated from the data collected by conversion cookies. As Google AdWords customers, we learn the total number of users who responded to our ad and were then redirected to a web page that was tagged with a conversion tracking tag. We do not receive any information during this process that could personally identify you as a user.
8.4. Google AdSense
We use on our website the service Google AdSense from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).) to integrate advertisements.
The information received via cookies and web beacons, your IP address and the delivery of advertising formats are transmitted to a Google server located in the USA and stored there. Google will possibly pass on this collected information to third parties if this is legally required or if Google commissions data processing to third parties. However, Google will not merge your IP address with the other stored data.
9. Embedded Video
Our website uses video embedding from YouTube, which is operated by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). When you view (YouTube) videos while you are visiting, we connect to YouTube’s servers and tell the YouTube server which of our pages you have visited. This allows YouTube to match your surfing habits directly to your personal profile. You can prevent this by logging out of your YouTube account before visiting our website.
10. Rights of the individual data subject
You are entitled to the following rights:
10.1. Right of information
In accordance with art. 15 of the DSGVO, you have the right to request information about your personal data processed by us. This right of information includes information about
- the processing purposes
- the categories of personal data
- the recipients or categories of recipients to whom your data has been or will be disclosed
- the planned storage period or at least the criteria for determining the storage period
- the existence of a right of rectification, erasure, restriction of processing or opposition
- the existence of a right of appeal to a supervisory authority
- the origin of your personal data, as far as they were not collected by us
- the existence of automated decision making including profiling and, where appropriate, meaningful information on its details
10.2. Right of adjustment
In accordance with Art. 16 DSGVO, you have the right to have incorrect or incomplete personal data stored by us corrected by us.
10.3. Right of deletion
In accordance with Art. 17 DSGVO, you have the right to demand the immediate deletion of your personal data from us, unless further processing is necessary for one of the following reasons:
- the personal data is still necessary for the purposes for which it was collected or otherwise processed
- on the exercise of the right to freedom of expression and information
- to comply with a legal obligation requiring processing under European Union or national law to which the controller is subject or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller
- for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DSGVO
- for archiving, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 Para. 1 DPA, insofar as the law referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing
- to assert, exercise or defend legal claims
10.4. Right of processing restrictions
In accordance with Art. 18 DSGVO, you can request the restriction of the processing of your personal data for one of the following reasons:
- You dispute the accuracy of your personal information.
- The processing is unlawful and you oppose the cancellation of your personal data.
- We no longer need the personal data for the purposes of the processing, but you need them for the assertion, exercise or defence of legal claims.
- You file an objection against the processing pursuant to Art. 21 (1) DPA.
10.5. Right to be informed
If you have requested the correction or deletion of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 Paragraph 1 and Art. 18 DSGVO, we will inform all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can demand that we inform you of these recipients.
10.6. Right of transmission
You have the right to receive the personal data you have provided us with in a structured, common and machine-readable format, as well as the right to request the communication of such data to a third party, provided that the processing is carried out with the help of automated procedures and on the basis of a consent in accordance with Art. 6 Paragraph 1 S. 1 lit. a or Art. 9 Paragraph 2 lit. a or on a contract in accordance with Art. 6 Paragraph 1 S. 1 lit. b DSGVO.
10.7. Right of revocation
In accordance with Art. 7 Para. 3 DSGVO, you have the right to revoke the consent you have given us at any time. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. In future, we may no longer continue the data processing that was based on your revoked consent.
10.8. Right to complain
Under Art. 77 DSGVO, you have the right to complain to a supervisory authority if you believe that the processing of your personal data contravenes the DSGVO.
10.9. Right of protest
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, if there are reasons for doing so that arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without giving details of your special situation. If you wish to exercise your right of revocation or objection, simply send an e-mail to email@example.com
10.10. Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or which significantly affects you in a similar way. This shall not apply if the decision
a) is necessary for the conclusion or performance of a contract between you and us
(b) is authorised by legislation of the European Union or the Member States to which we are subject and that legislation provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests
c) with your express consent
However, these decisions may not be based on special categories of personal data in accordance with Art. 9 Para. 1 DPA, unless Art. 9 Para. 2 lit. a or g DPA applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
With regard to the cases referred to in a) and c), we shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain an intervention by any person from our side, to express our point of view and to contest the decision.