Privacy Policy

Privacy Policy

1. Information on the Collection of Personal Data and Contact Details of the Data Controller

   1.1 We are pleased to have you visit our website and thank you for your interest. This policy explains how we handle your personal data when you use our website. Personal data includes any information that can identify you personally.

   1.2 The controller responsible for data processing on this website, as per the General Data Protection Regulation (GDPR), is [Shop Name]. The data controller is the individual or legal entity that determines the purposes and means of processing personal data, either alone or together with others.

   1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential information (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the "https://" prefix and the lock symbol in your browser’s address bar. 

   2. Data Collection When Visiting Our Website

      When you visit our website for informational purposes only—meaning you don’t register or provide other information—we collect only the data that your browser sends to our server (referred to as “server log files”). This data is technically required to display the website properly, and includes:

      • The specific page visited on our website
      • Date and time of access
      • Volume of data transmitted in bytes
      • Referring source or link that brought you to our website
      • Browser type used
      • Operating system used
      • IP address (anonymized, if applicable)

      This data processing occurs in accordance with Art. 6 (1)(f) GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data is neither shared nor used for other purposes. However, we reserve the right to review server log files later if specific indications suggest unlawful usage.

   ---

   3. Cookies

      To make our website more attractive and enable certain functions, we use cookies on various pages. Cookies are small text files stored on your device. Some cookies are deleted after the browser session ends (session cookies), while others remain on your device, allowing us or our partner companies to recognize your browser on your next visit (persistent cookies).

      Persistent cookies automatically delete after a pre-set duration, which varies by cookie. These cookies may store specific user information, such as browser data, location data, and IP address. They are used in two ways:

      • To improve functionality and simplify the ordering process, like saving items in a shopping cart for later visits.
      • For secure processing or site personalization based on Art. 6 (1)(f) GDPR, where it benefits user-friendliness.

      Third-Party Cookies: We may work with advertising partners to make our online content more interesting for you. In such cases, third-party cookies may also be stored on your hard drive when visiting our website. You’ll be informed about these cookies and the scope of any data collected from them.

      Cookie Management: You can configure your browser to notify you when cookies are set, to decide on a case-by-case basis, or to refuse cookies altogether. Each browser handles cookie settings differently. Here are the links for managing cookies for commonly used browsers:

      • Internet Explorer: Manage Cookies in IE
      • Firefox: Allow or Reject Cookies
      • Chrome: Clear, Enable, and Manage Cookies in Chrome
      • Safari: Manage Cookies and Website Data
      • Opera: Manage Cookies in Opera

      Note: Disabling cookies may limit some functions on our website.

   ---

   4. Contacting Us

      When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected depends on the contact form fields. This data is stored and used solely for the purpose of responding to your inquiry or for technical administration. The legal basis for this data processing is our legitimate interest in responding to your inquiry, as per Art. 6 (1)(f) GDPR. If your inquiry concerns a contract, Art. 6 (1)(b) GDPR also applies. Your data will be deleted once your inquiry is resolved, provided no legal retention obligations exist.

   ---

   5. Data Processing for Customer Account Creation and Contract Fulfillment

      Personal data is also collected and processed if you provide it for a contract or to create a customer account. This data is required for contract fulfillment, as per Art. 6 (1)(b) GDPR. The specific data collected is visible in the input fields. You may delete your account at any time by contacting us. After the contract is fully processed or your account deleted, data will be locked and later deleted according to legal retention periods unless you consent to further use or legal provisions allow it.

   ---

   6. Use of Your Data for Direct Marketing

      6.1 Newsletter Subscription: By subscribing to our newsletter, you will receive periodic information on our offers. Only your email is required; additional details are optional and help us personalize content. The subscription uses the “double opt-in” method, meaning we only send the newsletter once you confirm. We store your IP address and subscription time as proof of consent. The data is used only for the newsletter, and you can unsubscribe any time via a link in each email or by contacting us.

      6.2 Email Marketing to Existing Customers: If you provide your email when purchasing a product or service, we reserve the right to send you emails about similar products, based on our legitimate interest in direct marketing, per Art. 6 (1)(f) GDPR. You may opt out of this at any time with future effect. 

      7. Data Processing for Order Fulfillment

         7.1 Order Processing: The personal data we collect will be shared with the delivery service assigned to handle your order, as necessary for delivering the goods. Payment information is also shared with the financial institution responsible for processing payments, where required. If third-party payment providers are involved, they are mentioned explicitly below. The legal basis for this data sharing is Art. 6 (1)(b) GDPR.

         7.2 Use of Payment Service Providers (Payment Processors):

         • PayPal: If you choose to pay via PayPal, credit card through PayPal, direct debit through PayPal, or—where available—via “Purchase on Account” or “Instalments” via PayPal, your payment information will be transmitted to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). This is necessary for processing the payment under Art. 6 (1)(b) GDPR.

           PayPal may conduct a credit check for specific payment methods, and may share your data with credit agencies for creditworthiness checks. This processing is based on PayPal’s legitimate interest in determining your payment ability per Art. 6 (1)(f) GDPR. For more on PayPal's data processing, visit their Privacy Policy. You can object to this data processing by contacting PayPal, but PayPal may still process your data if required for contract performance.

         • SOFORT: If you select “SOFORT” as a payment method, payment processing is handled by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (part of the Klarna Group, Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Information relevant to payment is transmitted to SOFORT according to Art. 6 (1)(b) GDPR. For further details, refer to SOFORT’s Privacy Policy.

      ---

      8. Contact for Review Reminders

         We may use your email to send a one-time reminder to review your order, provided you consented to this during or after your purchase, as per Art. 6 (1)(a) GDPR. You may withdraw this consent at any time by contacting the data controller.

      ---

      9. Use of Social Media Plugins

         9.1 Facebook Plugins with Shariff Solution: Our website uses social media plugins ("plugins") from Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. To protect your data, these plugins are not directly integrated but instead linked using an HTML link (Shariff solution). This ensures no data is transmitted to Facebook unless you actively click the plugin. After clicking, Facebook’s terms and conditions apply. Facebook is certified under the EU-US Privacy Shield.

         For more on Facebook’s data collection, usage, and privacy settings, refer to their Privacy Policy.

         9.2 Google+ Plugins with Shariff Solution: Similarly, Google+ plugins from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are embedded as HTML links. When you click the link, data is transmitted to Google under their terms. Google is also certified under the EU-US Privacy Shield. Visit Google’s Privacy Policy for more.

         9.3 Instagram Plugins with Shariff Solution: We use plugins from Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA. These are also embedded as HTML links. If clicked, your data will be processed per Instagram’s privacy policy. Instagram is certified under the EU-US Privacy Shield. For more, see Instagram’s Privacy Policy.

      ---

      10. Online Marketing

      10.1 DoubleClick by Google: Our website uses DoubleClick by Google, a tool by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. DoubleClick uses cookies to display relevant ads, improve campaign performance reports, and prevent repeat ads. DoubleClick cookies track ads displayed per browser, preventing multiple displays. This processing is based on our legitimate interest in optimal website marketing, Art. 6 (1)(f) GDPR.

      kotlin

      Copy code

      DoubleClick may track "conversions" (e.g., ad clicks followed by purchases). Google, certified under the EU-US Privacy Shield, manages this data. For more, see [DoubleClick Privacy](https://www.google.de/policies/privacy/).

      10.2 Google AdWords Conversion Tracking: We use Google AdWords and its conversion tracking feature. This tool helps analyze ad effectiveness. A cookie is set on your computer when you click an ad, valid for 30 days and non-identifiable. Each AdWords customer receives a unique cookie. For more information, refer to Google's Privacy Policy.

      ---

      11. Web Analytics Services

      Google (Universal) Analytics: Our website uses Google Analytics, a web analytics service by Google LLC, which uses cookies for site analysis. We use Google Analytics with the “_anonymizeIp()” extension to anonymize IP addresses within the EU. Google processes this data on our behalf to evaluate site usage. Google LLC is certified under the EU-US Privacy Shield. To opt out of Google Analytics tracking, install the Google Analytics opt-out browser add-on.

      ---

      12. Retargeting and Remarketing

      Facebook Custom Audiences via Pixel: Our website uses the Facebook Pixel by Facebook Inc. for ad performance tracking. This tool, with user consent, can track actions after viewing or clicking on a Facebook ad. Data collected remains anonymous but is stored by Facebook and linked to user profiles for Facebook’s marketing purposes under the Facebook Privacy Policy.

      Google AdWords Remarketing: We use Google AdWords Remarketing to target ads based on your interests. If logged in to your Google account, Google may connect this data with your account data for cross-device marketing. To opt out, manage settings on the Digital Advertising Alliance. 

      13. Rights of Data Subjects

      Under applicable data protection laws, you have the following rights regarding your personal data:

      • Right of Access (Art. 15 GDPR): You have the right to request information about your personal data that we process, the purposes of processing, the categories of personal data, recipients of your data, storage duration, and your rights to rectification, deletion, and restriction of processing, among other details. You may also ask for information about the safeguards in place if your data is transferred to third countries.

      • Right to Rectification (Art. 16 GDPR): You have the right to request immediate correction of any inaccurate data and to have incomplete personal data completed.

      • Right to Erasure (Art. 17 GDPR): You may request the deletion of your personal data if certain conditions outlined in Art. 17(1) GDPR are met. However, this right does not apply if the data processing is required to exercise freedom of expression, to fulfill legal obligations, for reasons of public interest, or to assert, exercise, or defend legal claims.

      • Right to Restrict Processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your data if the accuracy of your data is disputed, if processing is unlawful but you oppose deletion, if we no longer need the data but you require it for legal claims, or if you have objected to processing pending a determination of overriding legitimate interests.

      • Right to Notification (Art. 19 GDPR): If you have exercised your rights to rectify, erase, or restrict the processing of your data, we are required to inform all recipients to whom your data was disclosed, unless this is impossible or requires disproportionate effort.

      • Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format or to request its transfer to another controller, where technically feasible.

      • Right to Withdraw Consent (Art. 7(3) GDPR): You can withdraw your consent to data processing at any time with effect for the future. Upon withdrawal, we will delete your data unless further processing is legally permissible without consent. Withdrawal does not affect the legality of processing prior to withdrawal.

      • Right to Lodge a Complaint (Art. 77 GDPR): If you believe the processing of your data violates GDPR, you have the right to lodge a complaint with a supervisory authority in your place of residence, employment, or where the alleged violation occurred, without prejudice to other administrative or judicial remedies.

      ---

      13.2 Right to Object

      If we process your personal data based on our legitimate interest, you have the right to object to this processing at any time for reasons related to your specific situation.

      If you object, we will stop processing your data unless we have compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defense of legal claims.

      You also have the right to object to your data being processed for direct marketing purposes. If you exercise this right, we will cease processing your data for direct marketing.

      ---

      14. Duration of Storage for Personal Data

      The storage period for personal data depends on the applicable legal retention period (e.g., tax and commercial retention periods). After the retention period expires, the relevant data is routinely deleted, provided it is no longer necessary for contract fulfillment or initiation and there is no legitimate interest in further retention.