Data protection

2) DATA COLLECTION WHEN VISITING OUR WEBSITE

If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

• Our visited website
• Date and time at the time of access
• Amount of data sent in bytes
• Source/reference from which you came to the page
• Browser used
• Operating system used
• IP address used (if necessary: ​​in anonymized form)

Processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) HOSTING & CONTENT DELIVERY NETWORK

Hosted by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”) for the purpose of hosting and displaying the online shop on a basis Processing on our behalf. All data collected on our website is processed on Shopify’s servers. As part of Shopify's aforementioned services, data may also be processed further on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc .or Shopify (USA) Inc. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision.

You can find further information about Shopify’s data protection on the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned above by Shopify only takes place within the scope stated below.

4) COOKIES

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted after you close the browser (so-called “session cookies”), while some of these cookies remain on your device for a longer period of time and enable you to save page settings (so-called “persistent cookies”). In the latter case, you can find out the storage period in the overview of the cookie settings in your web browser.
If personal data is also processed through individual cookies we use, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract, in accordance with Art. 6 Para. 1 lit in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) CONTACT US

When you contact us (e.g. via contact form or email), personal data is processed - exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis for the processing is Article 6 (1) (b) GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary

6) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT

In accordance with Article 6 Paragraph 1 Letter b of the GDPR, personal data will continue to be collected and processed to the extent required if you provide this to us when you open your customer account. Please see the input mask of the corresponding form on our website to find out which data is required to open an account. Your customer account can be deleted at any time and can be done by sending a message to the above address of the person responsible. After your customer account has been deleted, your data will be deleted provided that all contracts concluded regarding it have been completely processed, there are no legal retention periods to the contrary and we have no legitimate interest in continuing to store it.

7) COMMENT FUNCTION

As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commenter name you chose are saved and published on this website. Furthermore, your IP address is stored for security reasons in order to enable an attribution to the author in the event of illegal comments. Your email address will be saved so that we can contact you if a third party should complain about your published content as being illegal.

8) USE OF CUSTOMER DATA FOR DIRECT ADVERTISING

Newsletter dispatch via Klaviyo
Our email newsletters are sent via the technical service provider “Klaviyo”, 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/), to whom we pass on the data you provided when registering for the newsletter . This transfer is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR and serves our legitimate interest in using an advertising-effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a Klaviyo server in the USA and stored there.
Klaviyo uses this information to send newsletters on our behalf. Klaviyo does not use the data of our newsletter recipients to write to them ourselves or to pass them on to third parties.
To protect your data in the USA, we have a data processing agreement with Klaviyo (“Data Processing Agreement”), in which Klaviyo undertakes to protect our users’ data, to process it on our behalf in accordance with its data protection regulations and in particular not to third parties to pass on.
You can view Klaviyo’s privacy policy here: https://www.klaviyo.com/privacy

9) DATA PROCESSING FOR ORDER PROCESSING

9.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact details you provided when ordering (name, address, email address) in order to provide you with our legal information obligations in accordance with Art. 6 Para 1 lit. Your contact details will be used strictly for the purpose of communicating updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

9.2 Use of payment service providers (payment services)

Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, we pass on your payment data to PayPal (Europe) Sarl et Cie, SCA, 22- as part of the payment processing. 24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”), further. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values ​​(so-called score values). To the extent that score values ​​are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data. Please find further data protection information, including information about the credit agencies used, PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment is processed via the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will send the information you provided during the ordering process, along with the information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Article 6 Paragraph 1 Letter b GDPR. Your data will be passed on exclusively for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose.

You can find further information about Shopify Payments’ data protection at the following internet address: https://www.shopify.com/legal/privacy .

Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy

10) ONLINE MARKETING

Facebook Pixel for creating custom audiences (with Cookie Consent Tool)
Our online offering uses the so-called “Facebook pixel” from the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”).
If a user clicks on an advertisement we have placed on Facebook, an addition is added to the URL of our linked page by Facebook Pixel. If our site allows sharing data with Facebook via pixels, this URL parameter is written into the user's browser via a cookie, which our linked site sets itself. This cookie is then read by Facebook Pixel and enables the data to be forwarded to Facebook.

With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offering as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook pixel to only show the Facebook ads we place to those Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products) based on the information they visit websites) which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. This allows us to further evaluate the effectiveness of Facebook advertisements for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion”).

The data collected is anonymous to us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage guidelines ( https://www.facebook.com/about/privacy/ ). The data can enable Facebook and its partners to place advertisements on and outside of Facebook.

The data processing associated with the use of the Facebook Pixel only takes place with your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website.

11) WEB ANALYSIS SERVICES

11.1 Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses so-called “cookies”, which are text files that are stored on your device and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server and stored there; this may also be transmitted to the servers of Google LLC. come to the USA.

This website uses Google (Universal) Analytics exclusively with the “_anonymizeIp()” extension, which ensures anonymization of the IP address by shortening it and excludes any direct reference to a person. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google (Universal) Analytics is not merged with other Google data.
Google Analytics also enables the creation of statistics with statements about the age, gender and interests of site visitors based on an evaluation of interest-based advertising and with the use of third-party information via a special function, the so-called “demographic characteristics”. This allows the definition and differentiation of user groups of the website for the purpose of target group-optimized targeting of marketing measures. Collected via “demographic characteristics”.

However, records cannot be assigned to a specific person.
Details about the processing initiated by Google Analytics and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

All processing described above, in particular the setting of Google Analytics cookies to read information on the device used, will only be carried out if you have given us your express consent to this in accordance with Article 6 Paragraph 1 Letter a of the GDPR. Without this consent, Google Analytics will not be used during your visit to the site.

You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website. We have concluded an order processing agreement with Google for the use of Google Analytics, which obliges Google to protect the data of our site visitors and not to pass it on to third parties.
For the transfer of data from the EU to the USA, Google relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.

You can find further information about Google (Universal) Analytics here: https://policies.google.com/privacy?hl=de&gl=de

11.2 Hotjar (hotjar Ltd.)
This website uses the Hotjar web analysis service from Hotjar Ltd.
Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788).
This tool can be used to track movements on the websites on which Hotjar is used (so-called heatmaps). For example, you can see how far users scroll and which buttons users click and how often. The tool also makes it possible to obtain feedback directly from website users. In this way, we obtain valuable information to make our websites even faster and more customer-friendly. When using this tool, we pay particular attention to protecting your personal data. This means we can only track which buttons you click and how far you scroll. Areas of the websites in which personal data from you or third parties are displayed are automatically hidden by Hotjar and are therefore not traceable at any time.

All processing described above, in particular the reading of information on the device used, will only be carried out if you have given us your express consent to this in accordance with Article 6 Paragraph 1 Letter a of the GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website.

12) RETARGETING/ REMARKETING/ REFERRAL ADVERTISING

Google Ads Remarketing
Our website uses the functions of Google Ads Remarketing. We hereby advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. Any further data processing will only take place if you have agreed to Google that your internet and app browser history will be linked by Google to your Google account and that information from your Google account will be used to personalize ads that you display on the web look at. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To do this, Google temporarily links your personal data with Google Analytics data to form target groups. As part of the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. come to the USA.

Details about the processing initiated by Google Ads Remarketing and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites
You can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the Google browser plug-in available at the following link:
https://www.google.com/settings/ads/onweb/

You can find further information and the data protection regulations regarding advertising and Google here:
https://www.google.com/policies/technologies/ads/

All processing described above, in particular the setting of cookies to read information on the device used, will only be carried out if you have given us your express consent to do so in accordance with Article 6 Paragraph 1 Letter a of the GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website.

13) SITE FUNCTIONALITIES

Google reCAPTCHA
On this website we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to distinguish whether an entry is made by a natural person or whether it is improperly processed through machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in determining individual personal responsibility on the Internet and the prevention of misuse and spam. As part of the use of Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. come to the USA.

You can find further information about Google reCAPTCHA and Google’s privacy policy at: https://www.google.com/intl/de/policies/privacy/

To the extent legally required, we have obtained your consent for the processing of your data as described above in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option described above for making an objection.

14) TOOLS AND OTHER

14.1 DATEV
To carry out the accounting, we use the cloud-based accounting software from DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg (“DATEV”).
DATEV processes incoming and outgoing invoices as well as our company's bank transactions in order to automatically record invoices, match them to the transactions and create financial accounting from them in a semi-automated process.
If personal data is also processed, the processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR on the basis of our legitimate interest in the efficient organization and documentation of our business processes.

You can find further information about DATEV, the automated processing of data and the data protection regulations at https://www.datev.de/web/de/m/ueber-datev/datenschutz/

14.2 Cookie consent tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users when they access the page in the form of an interactive user interface on which consent can be given for certain cookies and/or cookie-based applications by checking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user gives their consent by checking the box. This ensures that such cookies are only set on the user's device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed here.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in doing so legally compliant, user-specific and user-friendly consent management for cookies and therefore a legally compliant design of our website.

Another legal basis for processing is Article 6 Paragraph 1 Letter c GDPR. As those responsible, we are subject to the legal obligation to make the use of cookies that are not technically necessary dependent on the respective user consent.

Further information about the operator and the setting options for the cookie consent tool can be found directly in the corresponding user interface on our website.

15) RIGHTS OF THE AFFECTED PARTY

15.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) towards the person responsible with regard to the processing of your personal data, whereby reference is made to the legal basis listed for the respective exercise requirements:

• Right to information in accordance with Art. 15 GDPR;
• Right to rectification in accordance with Art. 16 GDPR;
• Right to deletion in accordance with Art. 17 GDPR;
• Right to restriction of processing in accordance with Art. 18 GDPR;
• Right to information in accordance with Art. 19 GDPR;
• Right to data portability in accordance with Art. 20 GDPR;
• Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR;
• Right to complain in accordance with Art. 77 GDPR.

15.2 Right of withdrawal

If we process your personal data based on our overriding legitimate interest as part of a balancing of interests, you have the right at any time to object to this processing with future effect for reasons arising from your situation. If you exercise your right to object, we will stop processing the data concerned. However, further processing is reserved if we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If your personal data is processed by us for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. You can exercise your objection as described above.

If you exercise your right to object, we will stop processing the data concerned for direct advertising purposes.

16) DURATION OF STORAGE OF PERSONAL DATA

The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing and - if relevant - additionally based on the respective legal retention period (e.g. commercial and tax law retention periods).

When processing personal data on the basis of express consent in accordance with Article 6 Paragraph 1 Letter a of the GDPR, this data will be stored until the person concerned revokes their consent.

If there are statutory retention periods for data that are processed within the framework of legal or transaction-like obligations on the basis of Art. 6 Para. 1 lit and/or we have no legitimate interest in further storage.

When processing personal data on the basis of Article 6 Paragraph 1 Letter f of the GDPR, this data will be stored until the data subject exercises his or her right to object in accordance with Article 21 Paragraph 1 of the GDPR, unless we can provide compelling legitimate reasons provide evidence for the processing that outweighs the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct advertising on the basis of Article 6 Paragraph 1 Letter f of the GDPR, this data will be stored until the person concerned exercises their right to object in accordance with Article 21 Paragraph 2 of the GDPR.

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.