DATA PROTECTION POLICY

1. ACCESS DATA AND HOSTING

You can visit our website without providing any personal information. Every time you go to a website, the web server automatically stores what is known as a server log-file, which contains, for example, the name of the file you have requested, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. The access data are evaluated exclusively for the purpose of ensuring trouble-free operation of the site as well as improving our services. This serves to maintain our overriding legitimate interests, which take precedence in the context of a balancing of interests, in a correct presentation of our services in accordance with art. 6 para. 1 clause 1 lit. f GDPR. All the access data are deleted no later than seven days after the end of your visit to our site.

HOSTING

The services for hosting and presenting the website are partly provided by our service providers in the context of processing on our behalf. Unless otherwise stated in the context of this data protection policy, all access data and all the data collected in the forms provided on this website are processed on their servers. If you have any questions about our service providers and the basis for our cooperation with them, please use the contact option described in this data protection policy.

Our service providers are located and / or use servers in the following countries for which the European Commission has determined an appropriate level of data protection in a resolution. Canada

Our service providers are based and / or use servers in the United States and in other countries outside the EU and the EEA. The European Commission has not issued a decision on the adequacy level of these countries. Our cooperation with them is based on the standard data protection clauses of the European Commission.

2. DATA PROCESSING FOR CONTRACT EXECUTION AND ESTABLISHING CONTACT

2.1 DATA PROCESSING FOR CONTRACT EXECUTION

For the purpose of contract execution in accordance with art. 6 para. 1 clause 1 lit. b GDPR, we collect personal data whenever you provide this data to us as part of your order. Mandatory fields are marked as such, as we require the data in these cases to execute the contract and we are unable to send the order without this information. Which data are collected can be seen from the respective input forms.

Further information on the processing of your data, in particular on disclosure to other service providers for the purpose of executing orders, payment and shipping, can be found in the following sections of this data protection policy. Once the contract has been completed, your data are restricted for further processing and deleted after the tax and commercial storage periods in accordance with art. 6 para. 1 clause 1 lit. c GDPR, unless you have expressly agreed to further use of your data in accordance with art. 6 para. 1 clause 1 lit. a GDPR or we reserve the right to use the data beyond this that is permitted by law and about which we will inform you in this policy.

2.2 CUSTOMER ACCOUNT

If you have given your consent to this in accordance with art. 6 para. 1 clause 1 lit. a GDPR, in that you decide to open a customer account, we use your data for the purpose of opening a customer account as well as storing your data for further orders on our website in future. You can delete your customer account at any time and do so either by sending a message to the contact option described in this data protection policy or by using a function intended for this in the customer account. Once the contract has been deleted, your data are deleted unless you have expressly consented to further use of your data in accordance with art. 6 para. 1 clause 1 lit. a GDPR or we reserve the right to use the data beyond this that is permitted by law and about which we will inform you in this policy.

2.3 CONTACTING US

As part of our communication with customers, we collect personal data to process your enquiries in accordance with art. 6 para. 1 clause 1 lit. b GDPR, if you consent to this voluntarily when notifying us (e.g. via the contact form, live chat tool or email). Mandatory fields are marked as such, as we require the data to process your contact with us in these cases. Which data are collected can be seen from the respective input forms. Once your enquiry has been processed, your data are deleted unless you have expressly consented to further use of your data in accordance with art. 6 para. 1 clause 1 lit. a GDPR or we reserve the right to use the data beyond this that is permitted by law and about which we will inform you in this policy.

3. DATA PROCESSING FOR SHIPPING PURPOSES

To fulfil the contract in accordance with art. 6 para. 1 clause 1 lit. b GDPR, we forward your data to the shipping service provider authorised to deliver, insofar as this is necessary for the delivery of the goods ordered.

4. DATA PROCESSING FOR PAYMENTS

When processing payments in our online shop, we work together with these partners: technical service providers, credit institutions, payment service providers.

4.1 DATA PROCESSING FOR TRANSACTIONS

Depending on the selected payment methods, we forward the data necessary to execute the payment transaction to our technical service providers who work for us in the context of order processing or to the authorised credit institutions and the selected payment service provider, insofar as this is required to process the payment. This is for the purpose of fulfilling the contract in accordance with art. 6 para. 1 clause 1 lit. b GDPR. In some cases, the payment service providers collect the data required to process the payment themselves, e.g. on their own website or via a technical involvement in the ordering process. As such, the data protection policy of the respective payment service provider applies.

If you have any questions about our payment processing partners and the basis for our cooperation with them, please use the contact option described in this data protection policy.

4.2 DATA PROCESSING FOR THE PURPOSE OF FRAUD PREVENTION AND OPTIMISING OUR PAYMENT PROCESSES

If necessary, we give our service providers further data, which they use together with the data required to process the payment as our order processors for the purpose of fraud prevention and optimising our payment processes (e.g. invoicing, processing of disputed payments, support for the accounts department). This serves to maintain our legitimate interests that take precedence in the context of balancing our interest in being protected from fraud and efficient payment management in accordance with art. 6 para. 1 clause 1 lit. f GDPR.

5. COOKIES AND OTHER TECHNOLOGIES

5.1 GENERAL INFORMATION

In order to make visiting our website attractive and to enable the use of specific functions, we use various technologies on different pages including what are referred to as cookies. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (known as session cookies). Other cookies remain on your end device and enable us to recognise your browser the next time you visit (persistent cookies).

We employ these technologies that are absolutely necessary for the use of specific functions of our website (such as the shopping cart). With these technologies we collect and process your IP address, the time of your visit, device and browser information and information about your use of our website (e.g. information about the content of your shopping cart). This serves to maintain our legitimate interests that take precedence in the context of a balancing of interests, in a correct presentation of our services in accordance with art. 6 para. 1 clause 1 lit. f GDPR.

In addition, we use technologies to fulfil the legal obligations we are subject to (e.g. to be able to prove consent to process your personal data) as well as for web analysis and online marketing. You will find further information about this including the respective legal basis for data processing in the following sections of this data protection policy.

You can find cookie settings for your browser under the following links.

Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of technologies in accordance with art. 6 para. 1 clause 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the data protection policy. If you do not accept cookies, the functionality of our website may be restricted.

5.2 USE OF GDPR LEGAL COOKIE TO MANAGE CONSENT

On our website, we use the consent management tool GDPR Legal Cookie from Beeclever GmbH (Universitätsstrasse 3, 56070 Koblenz a. Rh.; "Beeclever"). The tool enables you to give consent to data processing on the website, in particular to set cookies and to make use of your right to revoke consent that has already been given.

Data processing serves the process of obtaining and documenting the required consent to processing and to comply with legal obligations. Cookies can be used for this purpose. The following information among other things may be collected and transmitted to Beeclever: anonymised IP address, date and time of consent, URL from which the consent was sent, anonymous random encrypted key, consent status. The data will not be disclosed to other third parties.

The data processing is carried out to fulfil a legal obligation based on art. 6 para. 1 lit. c GDPR.

You can find more information on the terms of use and data protection at Beeclever at: https://gdpr-legal-cookie.com/pages/terms-conditions and at https://gdpr-legal-cookie.com/pages/datenschutzerklarung

6. USE OF COOKIES AND OTHER TECHNOLOGIES FOR WEB ANALYSIS AND ADVERTISING PURPOSES

If you have given your consent to this in accordance with art. 6 para. 1 clause 1 lit. a GDPR, we use the following cookies and other third-party technologies on our website. After we discontinue the purpose and end the use of the respective technology, the data collected in this regard are deleted. You can revoke your consent at any time with effect for the future. You can find further information about your withdrawal options in the "Cookies and other technologies" section. Check the individual technologies for further information including the basis for our cooperation with individual providers. If you have any questions about our service providers and the basis for our cooperation with them, please use the contact option described in this data protection policy.

6.1 USE OF GOOGLE SERVICES FOR WEB ANALYSIS AND ADVERTISING PURPOSES

We use the following technologies presented by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google technologies about your use of our website is normally transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. The European Commission has not issued a decision on the adequacy level of the United States. Our cooperation with them is based on the standard data protection clauses of the European Commission. If your IP address is recorded using Google technologies, it is abbreviated before it is stored on Google’s servers by activating IP anonymisation. Only in exceptional cases will the full IP address be transferred to a Google server and abbreviated there. Unless otherwise specified for the individual technologies, data processing takes place based on an agreement concluded for the respective technology between the jointly responsible entities in accordance with art. 26 GDPR. You can find further information about data processing by Google in Google’s data protection policy.

GOOGLE ANALYTICS

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of the visit, device and browser information as well as information about your use of our website), from which user profiles are created using pseudonyms. Cookies can be used for this purpose. Your IP address will not generally be merged with other Google data. The data processing takes place based on an agreement on order processing by Google.

GOOGLE ADS

For advertising purposes in Google search results and on third party websites, what is referred to as the Google remarketing cookie is set when you visit our website, which is automatically created by collecting and processing data (IP address, time of your visit, device and browser information as well as information about your use of our website) and enables interest-based advertising by means of a pseudonymous cookie ID and based on the pages you have visited. Any data processing that goes beyond this only takes place if you have activated personalised advertising in your Google account. In this case, if you are logged into Google while visiting our website, Google uses your data along with Google Analytics data to create and define lists of target groups for cross-device remarketing.

For website analysis and event tracking, we use Google Ads conversion tracking to measure your subsequent usage behaviour if you arrived at our website via a Google Ads advertisement. Cookies may be used for this purpose and data (IP address, time of visit, device and browser information and information about your use of our website based on events we specify, such as visiting a website or subscribing to a newsletter) may be recorded, from which user profiles are created using pseudonyms.

6.2 OTHER PROVIDERS OF WEB ANALYSIS AND ONLINE MARKETING SERVICES

USE OF HOTJAR FOR WEB ANALYSIS

For the purpose of website analysis, technologies of Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta ("Hotjar") are used to automatically collect and store data (IP address, time of visit, device and browser information and information about your use of our website), from which user profiles are created using pseudonyms. Cookies can be used for this purpose. The pseudonymised user profiles are not merged with personal data about the bearer of the pseudonym without the user giving separate express consent. Hotjar is working on our behalf.

7. SOCIAL MEDIA

7.1 SOCIAL PLUGINS OF INSTAGRAM, PINTEREST

Social buttons of social networks are used on our website. These are only integrated into the site as HTML links, so that when calling up our website no connection is established with the servers of the respective provider. If you click on one of the buttons, the website of the respective social network opens in a new window on your browser. There you can activate the Like or Share button, for example.

7.2 OUR ONLINE PRESENCE ON INSTAGRAM, PINTEREST

If you have given your consent to the respective social media operator in accordance with art. 6 para. 1 clause 1 lit. a GDPR, when you visit our online presence on the aforementioned social media, your data are automatically collected and stored for market research and advertising purposes, from which user profiles are created using pseudonyms. These may be used, for example, to place advertisements inside and outside the platforms that are likely to match your interests. Cookies are normally used for this purpose. Please visit the linked data protection policies of the providers below for detailed information about how each of the social media operators process and use the data as well as a contact option and your rights in this regard and settings you can use to protect your privacy. If you still require any assistance in this matter, please contact us.

Instagram is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). The information automatically collected by Facebook Ireland about your use of our online presence on Instagram is usually sent to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. The European Commission has not issued a decision on the adequacy level of the United States. Our cooperation with them is based on the standard data protection clauses of the European Commission. Data processing in the context of visiting an Instagram fan page is carried out based on an agreement between those jointly responsible in accordance with art. 26 GDPR. You can find further information (information about Insights data) here.

Pinterest is a service of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). The information automatically collected by Pinterest about your use of our online presence is normally transferred to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA and stored there. The European Commission has not issued a decision on the adequacy level of the United States. Our cooperation with them is based on the standard data protection clauses of the European Commission.

8. CONTACT OPTIONS AND YOUR RIGHTS

8.1 YOUR RIGHTS

As a data subject, you have the following rights.

* As per art. 15 GDPR the right to request information about the personal data processed by us to the extent stipulated there;

* As per art. 16 GDPR the right to request the immediate correction or completion of incorrect or incomplete personal data stored by us;

* As per art. 17 GDPR the right to request the deletion of your personal data stored by us, unless further processing is required

* to exercise the right to freedom of expression and information;

* to fulfil a statutory obligation;

* for reasons of public interest or

* to assert, exercise of defend legal claims;

* As per art. 18 GDPR the right to request the limitation of processing of your personal data, insofar as

* you dispute the correctness of the data;

* the processing is unlawful but you oppose its deletion;

* we no longer need the data but you need the data to assert, exercise or defend legal claims or

* you have lodged an objection to the processing in accordance with art. 21 GDPR;

* As per art. 20 GDPR the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request the transfer of the data to another responsible person;

* As per art. 77 GDPR the right to complain to a supervisory authority. Normally you can contact the supervisory authority of your usual place of residence or work or our registered company address.

Right to object

Insofar as we process personal data as explained above to maintain our legitimate interests that take precedence in the context of a balancing of interests, you can object to this process with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right as described above at any time. If the processing is carried out for other purposes, you only have the right to object if there are reasons that are due to your particular situation.

After you have exercised your right to lodge an objection, we will no longer process your personal data for these purposes unless we can show evidence of compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

This does not apply if the processing is carried out for direct marketing purposes. We will in that case no longer process your personal data for this purpose.

8.2 CONTACT OPTIONS

If you have any questions about the collection, processing or use of your personal data, information, correction, restriction or deletion of data as well as revocation of consent you may have given or an objection to a particular use of data, please contact us.

Data protection policy created with the Trusted Shops legal copywriter in cooperation with the law firm Föhlisch Rechtsanwälte.