Data protection declaration

Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
“Personal data” is any information relating to an identified or identifiable natural person.

Server log files

You can use our websites without submitting personal data.
Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes for example the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request. The processing is carried out on the basis of Article 6(1) f) GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.

Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.

Contact

Responsible person

Proactive contact of the customer by e-mail

If you make contact with us proactively via email, we shall collect your personal data (name, email address, message text) only to the extent provided by you. The purpose of the data processing is to handle and respond to your contact request.

If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.

If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.

We will only use your email address to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use.

Use of address validation from Google Maps API

We use the address validation of the provider Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland “Google”) on our website.

The purpose of data processing is to check your entries in our address forms in real time for input and spelling errors and to complete any missing data. If data is entered incorrectly, alternative suggestions for correcting the data are displayed. For this purpose, the address data you enter is transmitted to the provider, where it is stored and analysed.

Among other things, the following information may be transmitted to Google and processed there: postal addresses (country, city, postcode, street, house number), e-mail address, telephone number.

Your data may also be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in a correct data basis for the fulfilment of our contractual obligations. You have the right to object at any time to this processing.

The data is processed separately by the provider and is not merged with other data. It is deleted by the provider as soon as the status of the data entered has been determined, but at the latest after 30 days.

Further information:
https://cloud.google.com/maps-platform/terms
https://www.google.de/policies/privacy/

WhatsApp Business

If you communicate with us via WhatsApp, we use the WhatsApp Business version of WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). If you reside outside the EEA, the service is provided by WhatsApp Inc. (USA).

The purpose of the data processing is to handle and respond to your contact request. We process your WhatsApp-registered phone number and, if provided, your name and message content. Disclosure of personal data to WhatsApp does not take place unless you have already consented to this with WhatsApp.

Your data is transmitted to Meta Platforms Inc. servers in the USA. Meta Platforms Inc. is certified under the Trans-Atlantic Data Privacy Framework (TADPF).

The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures or contract) or Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication). You may object to processing at any time.

Further information:
https://www.whatsapp.com/legal/#terms-of-service
https://www.whatsapp.com/legal/#privacy-policy

Orders

Collection, processing, and transfer of personal data in orders

When you submit an order, we collect and process personal data only insofar as necessary for contract fulfilment. Processing is based on Art. 6 para. 1 lit. b GDPR.

Data may be transferred to shipping companies, fulfillment providers, payment service providers, order processing and IT service providers. Data transfers are limited to the minimum required.

Data may be transferred to Canada and the USA. Adequacy decisions apply for Canada and the USA (TADPF). Shopify is not certified under the TADPF. Transfers are based on contractual safeguards comparable to EU standard contractual clauses.

Evaluations and advertising

Use of Judge.me

We use the Judge.me review system (Judge.me Ltd, London, UK) to collect and display customer reviews.

Processed data may include contact details, order information, device data, review content, ratings, and uploaded images or videos.

Data may be transferred to the UK (adequacy decision in place) and the USA (TADPF; Judge.me not certified, transfer based on contractual safeguards).

Processing takes place with your consent pursuant to § 25 para. 1 TDDDG and Art. 6 para. 1 lit. a GDPR. Consent can be withdrawn at any time.

Further information:
https://judge.me/privacy

Use of the e-mail address for sending newsletters

We use your e-mail address for newsletters only with your consent (Art. 6 para. 1 lit. a GDPR). You can unsubscribe at any time.

Your email address may be stored in a blacklist to prevent further mailings based on Art. 6 para. 1 lit. f GDPR. You may object to this at any time.

Use of Brevo (formerly Sendinblue)

We use Brevo (Sendinblue GmbH, Berlin) for newsletter dispatch and analysis. Tracking pixels and links may be used for statistical evaluation.

Processing is based on Art. 6 para. 1 lit. f GDPR. You have the right to object.

Payment service providers

Use of PayPal Check-Out

We use PayPal (Europe) S.à.r.l. et Cie, S.C.A. for payment processing. Processing is based on Art. 6 para. 1 lit. b GDPR.

Cookies may be used based on Art. 6 para. 1 lit. f GDPR. You may object at any time.

PayPal may perform credit checks for certain payment methods based on Art. 6 para. 1 lit. f GDPR.

Local third-party providers

Payments via Apple Pay and Google Pay may involve further data transfers necessary for payment execution.

Purchase on account via PayPal

Payment data is transmitted to Ratepay GmbH for processing and credit assessment based on Art. 6 para. 1 lit. b and lit. f GDPR.

Further information:
https://www.ratepay.com/legal-payment-dataprivacy/
https://www.ratepay.com/legal-payment-creditagencies/

PayPal privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Use of Shopify Payments

Payments are processed via Stripe Payments Europe Ltd. Processing is based on Art. 6 para. 1 lit. b GDPR. Credit checks may be carried out based on Art. 6 para. 1 lit. f GDPR.

Further information:
https://www.shopify.com/de/legal/datenschutz
https://stripe.com/de/privacy

Cookies

Our website uses cookies. You can control cookie usage via browser settings. Disabling cookies may limit website functionality.

Browser help pages:
Chrome: https://support.google.com/accounts/answer/61416
Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically necessary cookies

Technically necessary cookies are used based on Art. 25 para. 2 TDDDG and Art. 6 para. 1 lit. f GDPR to ensure functionality and security. You may object to this processing at any time.

Rights of persons affected and storage duration

Duration of storage

Data is stored for the duration of statutory retention periods and deleted thereafter unless further consent has been given.

Rights of the affected person

You have the rights under Art. 15–20 GDPR, including access, rectification, erasure, restriction, and data portability, as well as objection rights under Art. 21 GDPR.

Right to complain to the regulatory authority

You may lodge a complaint with the competent supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany

Right to object

You may object to processing based on Art. 6 para. 1 lit. f GDPR at any time. If upheld, processing will cease unless overriding legitimate grounds exist.

Last update: 22.10.2024